When a SCOM Management Group (MG) is already in place for some time and an additional SCOM Management Server is added to it later on, their are quite a few steps one must do in order to get it working properly. When forgetting one of those steps it might result in a SCOM MG showing erratic behaviour.
Mind you, all these steps take place AFTER the new SCOM Management Server is installed. Also good to know, this To Do List is based on System Center Operations Manager 2012 SP1.
01. Antivirus exclusions
Please make sure the new SCOM Management Server uses the same AV policy as the other SCOM Management Server. So the correct folders and processes are excluded from AV scans. Check KB975931 for more information.
02. Certificates
When using Gateway Servers and/or monitoring servers using certificates, make sure the new SCOM Management Server gets a valid certificate as well. And don’t forget to configure it properly.
03. Firewall
Make sure all the firewalls, either running on your Windows Server hosting the new SCOM Management Server role and the dedicated network firewalls, accept the traffic coming from the new SCOM Management Server. Also read this post from Bob Cornelissen since it might prevent a lot of hassle.
04. Resource Pools
Make sure the new SCOM Management Server is added to the proper Resource Pools so it adheres to the original design.
05. UNIX/Linux monitoring
When monitoring UNIX/Linux systems and the new SCOM Management Server will become a member of that Resource Pool, make sure it has the proper certificates in place. Not only its own certificate but also the certificates of all the other Resource Pool members. Also the other Resource Pool members must get the certificate of the new SCOM Management Server as well. Kevin Holman wrote an excellent posting about it, it can be found here. Look for the header Configure the Xplat certificates.
06. Special MPs
Sometimes special MPs are in place, requiring additional actions on the new SCOM Management Servers. Examples are the NetApp MP, SharePoint 2013 MP.
07. Console extensions
Some third party tools extend the SCOM Console, like SAvision Live Maps. So install those Console extensions on the new SCOM Management Servers as well.
08. Registry and/or config file modifications
If you have implemented custom registry or config file settings on your management servers, don’t forget to implement those as well. Often it is advisable or required to have these settings the same on all management servers in the resource pool or management group.
09. Run As Accounts & their related Run As Profiles
It could be that certain Run As accounts are set to more secure distribution and you had selected the initial Management Server(s). If so make sure you add the new Management Server as well to the distribution of such accounts.
10. Custom scripts modifications
If you are using custom scripts running on management servers for custom monitoring or command based notification channels, remember to copy those to the new management servers.
11. Custom MP modifications
You could have custom management packs, such as Backup Unsealed MPs, which are set to backup to a directory on disk. In these kind of cases confirm that files and directories exist and that overrides which were set to target specific management servers are also applied to the new management servers if applicable. There could be some overrides you have made in management packs which target specific management servers. These need to be evaluated if those are needed on the new Management Server as well.
12. Custom monitoring modifications
Check other custom monitoring you have implemented that uses certain management servers as monitoring agents, such as web page checks. Of course only in case you want the new server to do the same kind of workflows, or if a new management server is eventually going to replace an existing one.
This covers it all and enables you to enrol successfully an additional SCOM Management Server to an existing MG without bumping into issues after it.
Hope that this post was helpful.
No comments:
Post a Comment
Note: only a member of this blog may post a comment.