Increase number of returned objects in Service Provider Foundation

I was working with Service Provider Foundation (SPF) at a customer and noticed that I didn’t get all objects returned when I did a query against the SPF. So I started to search the web why it only returned 500 object. After no luck I started to look trough the SPF configuration and found the setting in the web.config file in inetpub\SPF\SC2012R2\VMM folder there is a value you can set:

SPF_OdataSettings

So if you want more objects returned increase the value “maxResults” to a number that fits your needs. In my example below I’ve increased the max returned objects to 5000:

“<EntitySet name=”*” maxResults=”5000” />”

After you change the value you need to restart the IIS application VMM before the new value is loaded in the IIS application.

I hope this can help some of you that work with SPF

//Mattias

Posted in Service Provider Foundation | Tagged , , | Leave a comment

Azure Pack Websites FTP

I had a customer that had issues with their Azure Pack websites setup. They could not connect to the FTP for files and logs.

After some investigation I found that the FTP passive ports where not configured. This means that the FTP service uses Windows default TCP/IP dynamic port range (1024 through 65535) and opening all those ports in the firewall seems a bit unnecessary.

So to configure the passive ports you do the following:

  1. On the publisher server open IIS Manager
  2. Select your publisher server in the connections tree on the left
  3. Then open “FTP Firewall Support”
  4. In the “Data Channel Port Range:” type in the passive ports you want to use.
  5. In the “External IP Address of Firewall:” type in the external IP of your publisher
  6. Click apply and then restart the FTP service (FTPSVC)

After this configuration is completed you need to open the same passive ports on your external firewall.

I hope this can help those of you that don’t want to have all the dynamic ports open in your firewall for your azure pack websites.

//Mattias

Posted in Windows Azure Pack | Leave a comment

SCOM management pack importer

After a couple of SCOM installations and upgrades where I need to import management packs I thought that a script would be nice to do this so I don’t have to check if the management pack is imported or not and if the version I try to import is newer than the version in SCOM.

So after some testing and scripting here is the result, a function:

function Import-MP($MPLocation) {
###################################################################
#    Written by Mattias Lehmus, TrueSec
#    Twitter: @onelehmus
#    Blog: onelehmus.com
#
#    THIS CODE IS PROVIDED *AS IS*
###################################################################

$MPFiles = (Get-ChildItem -Path “$MPLocation\*” -Include *.mp*,*.xml,*.mpb -Recurse)
[System.Collections.ArrayList]$InstallList = @()
$InstalledMPs = (Get-SCOMManagementPack | Select Name)

    #Functions
function Create-MPInstallationList($MPs){
foreach ($MP in $MPs) {
$MPName = [System.IO.Path]::GetFileNameWithoutExtension($MP)

            #Create InstallationList
If ($(Get-SCOMManagementPack | Where-Object { $_.name -contains $MPName }).count -eq 0) {
[Array]$MPInstallationList += $MP.FullName
Write-Verbose “$($MP.Name) is missing, adding to installation queue.” -Verbose
}
Else {
#Check if MP version is Equal
$MPFile = $MP.Name

                IF($MPFile -like “*.mp”){
$MPtoImport = Get-SCOMManagementPack -ManagementPackFile $MP.FullName
}
IF($MPFile -like “*.xml”){
$MPtoImport = Get-SCOMManagementPack -ManagementPackFile $MP.FullName
}
IF($MPFile -like “*.mpb”){
$MPtoImport = Get-SCOMManagementPack -BundleFile $MP.FullName
}
$MPinSCOM = Get-SCOMManagementPack | Where-Object { $_.name -contains $MPName }

                IF($MPinSCOM.Version.Major -lt $MPtoImport.Version.Major){
[Array]$MPInstallationList += $MP.FullName
Write-Verbose “$($MP.Name) is in newer version, adding to installation queue.” -Verbose
}
IF(($MPinSCOM.Version.Major -eq $MPtoImport.Version.Major) -and ($MPinSCOM.Version.Minor -lt $MPtoImport.Version.Minor)){
[Array]$MPInstallationList += $MP.FullName
Write-Verbose “$($MP.Name) is in newer version, adding to installation queue.” -Verbose
}
IF(($MPinSCOM.Version.Major -eq $MPtoImport.Version.Major) -and ($MPinSCOM.Version.Minor -eq $MPtoImport.Version.Minor) -and ($MPinSCOM.Version.Build -lt $MPtoImport.version.Build)){
[Array]$MPInstallationList += $MP.FullName
Write-Verbose “$($MP.Name) is in newer version, adding to installation queue.” -Verbose
}
IF(($MPinSCOM.Version.Major -eq $MPtoImport.Version.Major) -and ($MPinSCOM.Version.Minor -eq $MPtoImport.Version.Minor) -and ($MPinSCOM.Version.Build -eq $MPtoImport.version.Build) -and ($MPinSCOM.Version.Revision -lt $MPtoImport.version.Revision)){
[Array]$MPInstallationList += $MP.FullName
Write-Verbose “$($MP.Name) is in newer version, adding to installation queue.” -Verbose
}
}
}
Return $MPInstallationList
}

    function Install-MP($MP){
#Import SCOM Module
Import-Module OperationsManager
$VerbosePreference = “Continue”

        IF($MP -like “*.mp”){
Import-SCOMManagementPack -Fullname $MP -ErrorAction SilentlyContinue
}
IF($MP -like “*.xml”){
Import-SCOMManagementPack -Fullname $MP -ErrorAction SilentlyContinue
}
IF($MP -like “*.mpb”){
Import-SCOMManagementPack $MP -ErrorAction SilentlyContinue
}
}

    #Create MP Installation List
$InstallationList = Create-MPInstallationList -MPs $MPFiles

    #Exit if Installation list is empty
IF($InstallationList.Count -eq 0){
Write-Output “No Management Packs to import”
Break
}

    While($InstallationList.count -gt 0){
$InstallationListCount = $InstallationList.count
ForEach($MPInstall in $InstallationList){
Install-MP -MP $MPInstall
}

#Clear InstallationList
$InstallationList = @()

        #Create New InstallationList
$InstallationList = Create-MPInstallationList -MPs $MPFiles

IF($InstallListCount -eq $InstallationList.count){
Write-Output “Can’t import MP’s, do manual import: $InstallationList”
Break
}
}

    #Import Completed
Write-Output “Import of MPs completed”
}

The function can be downloaded here: https://1drv.ms/u/s!AsVfLv6C271rhqQH_Y3-zAwYrK8esQ

The function checks the specified folder and it’s subfolders for management packs in the format of MP, MPB and xml. Then it checks management packs that are imported in SCOM and compares the two lists. If a management pack is missing or is in a newer version it will import it, otherwise it will skip the management pack. The script will try to import all the management packs, if it can’t import the management packs it will send out a list of the management packs that can’t be imported so you know which MPs that needs to be checked.

To run the function you load it and then run the following command:

import-mp -MPLocation ‘C:\MPs’

I hope this can help some SCOM administrators with the management of management packs.

//Mattias

Posted in Operations Manager, Powershell | Tagged | Leave a comment

Import Hotfix Script

My friend Markus at isolation.se has a great list of hotfixes that’s good to have in your datacenter if you run Microsoft infrastructure. He also has a script that’s starts Internet Explorer and makes it easier to import the hotfixes in to your WSUS, here’s his blogpost http://www.isolation.se/semi-automatic-hotfix-import-into-wsus/.

I’ve had a customer that I needed to check which hotfixes they had and import the missing ones. So I added some functionality to Marcus script so that it also checks the WSUS server for hotfixes so you only need to download the missing hotfixes.

Here is the script:

###################################################################
#    Written by Mattias Lehmus, TrueSec
#    Twitter: @onelehmus
#    Blog: onelehmus.com
#
#    THIS CODE IS PROVIDED *AS IS*
###################################################################

Param(
    [Parameter(Mandatory=$true)]
    [String]$WSUSServer,
    [Parameter(Mandatory=$true)]
    [Int]$WSUSServerPort,
    [Parameter(Mandatory=$true)]
    [String]$HotFixXML
)

#Variables
$pauseOn = “21”,”41″,”61″,”81″,”101″,”121″,”141″,”161″,”181″,”201″,”221″,”241″,”261″,”281″,”301″
$I = 0

#Get Hotfixes from XML
$Hotfixes = Import-Clixml $HotFixXML

#Get Hotfixes from WSUS
$HotfixesInWSUS = Get-WsusUpdate -UpdateServer (Get-WsusServer -Name $WSUSServer -PortNumber $WSUSServerPort) -Classification All -Approval AnyExceptDeclined -Status Any | Where-Object classification -eq “Hotfix”

#Compare lists to create list of missing hotfixes
$MissingHotfixes = (Compare-Object -ReferenceObject $HotfixesInWSUS.Update.KnowledgebaseArticles -DifferenceObject $Hotfixes.KB | where SideIndicator -eq “=>”).inputobject

#Import Missing Hotfixes
foreach ($MissingHotfix in $MissingHotfixes) {
    $url = ($Hotfixes | where KB -eq $MissingHotfix).MUUri
    $I++
    If ($I -in $pauseOn) {
        Write-Host “Import hotfixes before continue, then press Y”
        $continue = Read-Host
        If ($continue -ne “Y”) {break}
    }
    $I
    & ‘C:\Program Files\Internet Explorer\iexplore.exe’ $url
}

The script can be downloaded here: https://1drv.ms/u/s!AsVfLv6C271rhqQGa-WI4CTrbO9xxg

To run the script you need to download Markus xml file from: http://www.isolation.se/semi-automatic-hotfix-import-into-wsus/ and run the script on your WSUS server with parameters like this:

Import-Hotfixes.ps1 -wsusserver “localhost” -wsusserverport 8530 -hotfixxml ” c:\temp\hotfixes.xml”

I hope this can help you with your hotfix management.

//Mattias

Posted in Powershell, Windows Server | Tagged , , , | Leave a comment

SCOM Mail Notification

I hade a customer that wanted to get mail notifications from SCOM and the default mail channel isn’t the best in formatting and giving you the right information.

So after some looking around I’ve found this great PowerShell script (http://blog.tyang.org/2010/07/19/enhanced-scom-alerts-notification-emails/) written by Tao Yang that formats the notification mail in the same way as you see in the console.

So me and my good friend Peter at https://syscenramblings.wordpress.com/ found some things we wanted to modify in the script to fit our needs.

The things we modified was:

  • The web console link
  • Web links in knowledge articles
  • Knowledge articles languages
Web console link

We added a function that checks if there is a web console link in the management group or not If there is one we add the link to the Alert in the mail otherwise there is no link at all.

Web links in KB’s

Another feature we added was to have clickable web links in the knowledge articles. Because the mail already is in HTML format we thought that it would be nice to be able to follow the links directly from the mail instead of doing copy and paste to a web browser.

SCOM-EMAIL

Knowledge articles languages

Another feature we added was the possibility to choose you language for the knowledge articles. This due to that you may not want to get every language in your emails like this:

SCOM-EMAIL2

We added the feature to choose your language or get them all. If you want to get just specific languages you need to get the short name for the language, for English it’s ENU.

To just get English you run the script like this in the Command Notification Channel with the language parameter set to ENU:

PowerShell.exe -Command "& '"E:\Script\SCOMMail\SCOMEnhancedEmailNotification.ps1"'" -alertID '$Data/Context/DataItem/AlertId$' -Recipients @('HelpDesk;support@onelehmus.com') –Languages ENU

If you want to run the script with all languages the languages parameter needs to be set to ALL:

PowerShell.exe -Command "& '"E:\Script\SCOMMail\SCOMEnhancedEmailNotification.ps1"'" -alertID '$Data/Context/DataItem/AlertId$' -Recipients @('HelpDesk;support@onelehmus.com') –Languages ALL

This is how it looks in the Command Notification Channel:

SCOM-EMAIL-CNC

Setup

To configure the script please follow Tao’s original post:

http://blog.tyang.org/2012/08/16/scom-enhanced-email-notification-script-version-2/

Script

The script can be downloaded at: https://1drv.ms/u/s!AsVfLv6C271rhqNnVAXSUKbjYf4HaA

I hope that this can add some functions that you may want in your SCOM mail notifications

//Mattias

Posted in Operations Manager, Powershell | Tagged | Leave a comment

Windows Azure Pack websites publisher database connection failed

We hade some issues with our web publishers in Windows Azure Pack (WAP) after we installed windows patches.

Our publisher servers in WAP websites just ran auto repair without success. The error we got was the following:

Error      9/20/2016 6:04:15 PM   Failed to run operation ‘RunRemote’.  Operation failed to complete.

Failed to run method ‘Microsoft.Web.Farm.Runtime.Providers.CreateRoleContainerRemoteMethod’ on server ‘Publisher01’.  Exception in response stream

Microsoft.Web.Hosting.WebHostingException: Login failed for user ‘Hosting_SecurePublisher’. —> System.Data.SqlClient.SqlException: Login failed for user ‘Hosting_SecurePublisher’.

When I started to look on the issue I ran the following commands on the WAP websites controller server to get information about the IIS database connections:

Add-PSSnapin Web*
$manager = new-object Microsoft.Web.Hosting.SiteManager
$manager.ConnectionContexts | ft ConnectionName, ConnectionString –Wrap

The command returns the following:

wap_db_issue

There you will get the database connection string with the password in clear text for each connection.

I logged in to my SQL server and started SQL Management Studio and tried to log in to the database with the username and password in the SecurePublishers connection string and that did not work.

So to solve the problem I logged in to the database on my SQL server with my admin account and changed the password for the SQL user Hosting_SecurePublisher to the same password as in the connection string, in my case: Password

After I’ve changed the password the publishers auto repair completed and the publisher started working again.

I hope that this will help those that have issues with WAP website publishers.

//Mattias

Posted in News, Windows Azure Pack | Tagged , , , | 1 Comment

Windows Azure Pack upgrade issues

I’ve run in to two cases where Windows Azure Pack (WAP) started to act strange after an upgrade.

After some investing I’ve found that the WAP databases where not upgraded, in both cases they where still in UR 6 version instead of 9.1. I found this TechNet article:(https://technet.microsoft.com/en-us/library/dn747884.aspx) where there are two scripts you need to run, one to check your current version and one to upgrade.

After the update script was completed everything started to work as they should.

So if you have any issues with WAP I would recommend to run the following SQL script from the TechNet article to check that the database is on the correct version:

-- SQL Script
-- WAP database versions
SELECT SERVERPROPERTY(N'ServerName') AS [Server],
N'Microsoft.MgmtSvc.Config' AS [Database],
N'Config' AS [Schema], *
FROM [Microsoft.MgmtSvc.Config].[Config].[Version]
UNION

SELECT SERVERPROPERTY(N'ServerName') AS [Server],
N'Microsoft.MgmtSvc.PortalConfigStore' AS [Database],
N'Config' AS [Schema],
[Version], [Major], [Minor], [Build], [Revision], [VersionInfo]
FROM [Microsoft.MgmtSvc.PortalConfigStore].[Config].[Version]
UNION
SELECT SERVERPROPERTY(N'ServerName') AS [Server],
N'Microsoft.MgmtSvc.PortalConfigStore' AS [Database],
N'PortalAspNet' AS [Schema],
N'' AS [Version], [CompatibleSchemaVersion] AS [Major], 0 AS [Minor], 0 AS [Build], 0 AS [Revision], N'' AS [VersionInfo]
FROM [Microsoft.MgmtSvc.PortalConfigStore].[dbo].[aspnet_SchemaVersions]
WHERE [Feature] = N'membership'
UNION

SELECT SERVERPROPERTY(N'ServerName') AS [Server],
N'Microsoft.MgmtSvc.Store' AS [Database],
N'Config' AS [Schema],
[Version], [Major], [Minor], [Build], [Revision], [VersionInfo]
FROM [Microsoft.MgmtSvc.Store].[Config].[Version]
UNION
SELECT SERVERPROPERTY(N'ServerName') AS [Server],
N'Microsoft.MgmtSvc.Store' AS [Database],
N'Management' AS [Schema],
[Version], [Major], [Minor], [Build], [Revision], [VersionInfo]
FROM [Microsoft.MgmtSvc.Store].[mp].[Version]
UNION

SELECT SERVERPROPERTY(N'ServerName') AS [Server],
N'Microsoft.MgmtSvc.Usage' AS [Database],
N'Usage' AS [Schema],
[Version], [Major], [Minor], [Build], [Revision], [VersionInfo]
FROM [Microsoft.MgmtSvc.Usage].[usage].[Version]
UNION

SELECT SERVERPROPERTY(N'ServerName') AS [Server],
N'Microsoft.MgmtSvc.WebAppGallery' AS [Database],
N'WebAppGallery' AS [Schema],
[Version], [Major], [Minor], [Build], [Revision], [VersionInfo]
FROM [Microsoft.MgmtSvc.WebAppGallery].[WebAppGallery].[Version]
UNION

SELECT SERVERPROPERTY(N'ServerName') AS [Server],
N'Microsoft.MgmtSvc.SQLServer' AS [Database],
N'SQLServer' AS [Schema],
[Version], [Major], [Minor], [Build], [Revision], [VersionInfo]
FROM [Microsoft.MgmtSvc.SQLServer].[SqlServer].[Version]
UNION

SELECT SERVERPROPERTY(N'ServerName') AS [Server],
N'Microsoft.MgmtSvc.MySQL' AS [Database],
N'MySQL' AS [Schema],
[Version], [Major], [Minor], [Build], [Revision], [VersionInfo]
FROM [Microsoft.MgmtSvc.MySQL].[MySql].[Version]

Script copied from: https://technet.microsoft.com/en-us/library/dn747884.aspx

And if there is a miss match between the install WAP version and the database you need to run the following PowerShell script:

#PowerShell Script
# Update-WapDatabases
Import-Module -Name MgmtSvcConfig

function New-SqlConnectionString([string]$masterConnectionString, [string]$database)
{
    $builder = New-Object System.Data.SqlClient.SqlConnectionStringBuilder($masterConnectionString)
    $builder.Database = $database
    return $builder.ConnectionString
}
function Get-WapSchemas([string]$database)
{
    switch ($database)
    {
        "Microsoft.MgmtSvc.Config"            { @("Config") }
        "Microsoft.MgmtSvc.MySQL"             { @("MySQL") }
        "Microsoft.MgmtSvc.PortalConfigStore" { @("Config","PortalAspNet","PortalNotification") }
        "Microsoft.MgmtSvc.SQLServer"         { @("SQLServer") }
        "Microsoft.MgmtSvc.Store"             { @("Config","Management") }
        "Microsoft.MgmtSvc.Usage"             { @("Usage") }
        "Microsoft.MgmtSvc.WebAppGallery"     { @("WebAppGallery") }
        default { throw New-Object System.ArgumentOutOfRangeException($database) }
    }
}

# Prompt for the SQL Server name: 
$sName = Read-Host "Specify the name of the SQL Server that hosts the Windows Azure Pack databases."

$wapMasterConnectionString = "Server=" + $sName + ";Database=master;Integrated Security=True"

$wapDatabaseNames = (Get-MgmtSvcDefaultDatabaseName).DefaultDatabaseName
foreach ($wapDatabaseName in $wapDatabaseNames)
{
    $wapConnectionString = New-SqlConnectionString -masterConnectionString $wapMasterConnectionString -database $wapDatabaseName
    Write-Verbose -Message "Connection string: $wapConnectionString" -Verbose

    $wapSchemas = Get-WapSchemas -database $wapDatabaseName
    foreach ($wapSchema in $wapSchemas)
    {
        $wapSchema = Get-MgmtSvcSchema -Schema $wapSchema
        if ($wapSchema)
        {
            Write-Verbose -Message "BEGIN UPDATE database '$wapDatabaseName' schema '$wapSchema'." -Verbose
            Install-MgmtSvcDatabase -ConnectionString $wapConnectionString -Schema $wapSchema
            Write-Verbose -Message "END UPDATE database '$wapDatabaseName' schema '$wapSchema'." -Verbose
            $version = Test-MgmtSvcDatabase -ConnectionString $wapConnectionString -Schema $wapSchema
            Write-Output "Version: database '$wapDatabaseName' schema '$wapSchema' version $version"
        }
    }
}

Script copied from: https://technet.microsoft.com/en-us/library/dn747884.aspx

I hope that this will help those that have issues with WAP after an upgrade

//Mattias

All scripts in this blog post  is copied from: https://technet.microsoft.com/en-us/library/dn747884.aspx

Posted in News | Leave a comment