Search This Blog

Friday, 6 February 2015

Powershell Commands to Configure Gateway Server/Agent Failover


As of 01/05/2017, this blog will not be updated or maintained

Why do we need to configure failover servers for Gateway Servers and Agents? 

When an Agent is installed and configured to report to a Management Server, it is automatically configured to fail over to ANY other Management Servers. So, if its assigned Management Server goes down, it will randomly pick any other Management Server in the Management Group to connect to (this could actually be a bad thing for large Management Groups, because some Agents will end up reporting to the RMS, which can cause performance problems.... but that’s for a separate blog post).

When an Agent is installed and configured to report to a Gateway Server, no failover servers are automatically configured. So, if the Gateway Server goes down, the Agents will not be able to send any data to the Management Group.

Also, when a Gateway Server is installed, it is configured to report to a specific Management Server and no failover is automatically configured. So, if the Gateway Server’s Management Server goes down, the Gateway Server cannot send any data to the Management Group.

To handle the above scenarios, we must configure the Gateway Server to be able to connect to additional Management Servers, and we must configure the Gateway Agents to be able to connect to additional Gateway Servers. This cannot be done in the OpsMgr Console, and must be done with PowerShell commands.

Notes: 

If a Gateway Server is in a Domain that is not trusted by the Domain where OpsMgr is installed, then you will be using Certificates for the Gateway to authenticate with it’s Management Server. If you configure the Gateway to be able to fail over to another Management Server, it (the failover Management Server) must also have an authentication Certificate installed and configured.

For the Gateway Agent Failover, if the Agents/Gateway are in a Domain that is not trusted by the Domain where OpsMgr is installed, then the Gateway Server that is used for Agent failover must be installed in this same domain (and must have an authentication Certificate installed and configured).

Here are the PowerShell commands that I use to configure and verify failover servers for Gateway Servers and Agents:

OpsMgr 2007:

Commands to configure Gateway Server Failover:

This first set of commands can be used to configure ALL Gateway Servers to use a specific Management Server as their Primary MS, and another Management Server for failover. Replace PRI_MS.DOMAIN.COM and FAILOVER_MS.DOMAIN.COM with the names of the Primary and Failover Management Servers in your environment.

#Set all Gateway Servers to use PRI_MS and Primary and FAILOVER_MS as Failover 
$primaryMS = Get-ManagementServer | where {$_.Name –eq 'PRI_MS.DOMAIN.COM'} 
$failoverMS = Get-ManagementServer | where {$_.Name –eq 'FAILOVER_MS.DOMAIN.COM'} 
$gatewayMS = Get-ManagementServer | where {$_.IsGateway -eq $true} 
Set-ManagementServer -GatewayManagementServer: $gatewayMS -PrimaryManagementServer: $primaryMS -FailoverServer: $failoverMS

This next set of commands can be used if you have several Gateway Servers and don’t want them to all use the same Primary Management Server. You specify the Gateway Server name (GATEWAY.DOMAIN.COM), the Primary Management Server Name (PRI_MS.DOMAIN.COM), and Failover Management Server name (FAILOVER_MS.DOMAIN.COM).

#Set specific Gateway Server to use PRI_MS and Primary and FAILOVER_MS as Failover 
$primaryMS = Get-ManagementServer | where {$_.Name –eq 'PRI_MS.DOMAIN.COM'} 
$failoverMS = Get-ManagementServer | where {$_.Name –eq 'FAILOVER_MS.DOMAIN.COM'} 
$gatewayMS = Get-ManagementServer | where {$_.Name –eq 'GATEWAY.DOMAIN.COM'} 
Set-ManagementServer -GatewayManagementServer: $gatewayMS -PrimaryManagementServer: $primaryMS -FailoverServer: $failoverMS

Commands to verify Gateway Server Failover:

After configuring the Gateway Server failover, you’ll want to verify the configuration. The following PowerShell commands will output the name of each Gateway Server and its Primary and Failover Management Servers:

#Display Primary and Failover Management Servers for all Gateway Servers 
$GWs = Get-ManagementServer | where {$_.IsGateway -eq $true} 
$GWs | sort | foreach
  { 
    Write-Host ""; 
    "Gateway MS    :: " + $_.Name; 
    "--Primary MS  :: " + ($_.GetPrimaryManagementServer()).ComputerName; 
    $failoverServers = $_.getFailoverManagementServers(); 
    foreach ($managementServer in $failoverServers)
    { 
      "--Failover MS :: " + ($managementServer.ComputerName); 
    } 
  } 
Write-Host "";

Commands to configure Gateway Agent Failover:

The commands for the Gateway Agent Failover will get all Agents that report to a specified Gateway Server and configure them to be able to failover to another Gateway Server. Replace GATEWAY_1.DOMAIN.COM with the name of the Primary Gateway Server, and replace GATEWAY_2.DOMAIN.COM with the name of the Failover Gateway Server.

#Agents reporting to GATEWAY_1 - Failover to GATEWAY_2 
$primaryMS = Get-ManagementServer | where {$_.Name –eq 'GATEWAY_1.DOMAIN.COM'} 
$failoverMS = Get-ManagementServer | where {$_.Name –eq ' GATEWAY_2.DOMAIN.COM'} 
$agent = Get-Agent | where {$_.PrimaryManagementServerName -eq 'GATEWAY_1.DOMAIN.COM'} 
Set-ManagementServer -AgentManagedComputer: $agent -PrimaryManagementServer: $primaryMS -FailoverServer: $failoverMS

Commands to verify Gateway Agent Failover:

After configuring the Gateway Agent failover, you’ll want to verify the configuration. The following PowerShell commands will output the name of each Agent that reports to GATEWAY_1.DOMAIN.COM and its Primary and Failover Gateway Servers:

#Verify Failover for Agents reporting to GATEWAY_1 
$Agents = Get-Agent | where {$_.PrimaryManagementServerName -eq 'GATEWAY_1.DOMAIN.COM'} 
$Agents | sort | foreach
  { 
    Write-Host ""; 
    "Agent    :: " + $_.Name; 
    "--Primary MS  :: " + ($_.GetPrimaryManagementServer()).ComputerName; 
    $failoverServers = $_.getFailoverManagementServers(); 
    foreach ($managementServer in $failoverServers)
      { 
        "--Failover MS :: " + ($managementServer.ComputerName); 
      } 
  } 
Write-Host "";

OpsMgr 2012:

Commands to configure Gateway Server Failover:

This first set of commands can be used to configure ALL Gateway Servers to use a specific Management Server as their Primary MS, and another Management Server for failover. Replace PRI_MS.DOMAIN.COM and FAILOVER_MS.DOMAIN.COM with the names of the Primary and Failover Management Servers in your environment.

#Set all Gateway Servers to use PRI_MS and Primary and FAILOVER_MS as Failover 
$primaryMS = Get-SCOMManagementServer | where {$_.Name –eq 'PRI_MS.DOMAIN.COM'} 
$failoverMS = Get-SCOMManagementServer | where {$_.Name –eq 'FAILOVER_MS.DOMAIN.COM'} 
$gatewayMS = Get-SCOMManagementServer | where {$_.IsGateway -eq $true} 
Set-SCOMParentManagementServer -GatewayServer: $gatewayMS -PrimaryServer: $primaryMS 
Set-SCOMParentManagementServer -GatewayServer: $gatewayMS -FailoverServer: $failoverMS

This next set of commands can be used if you have several Gateway Servers and don’t want them to all use the same Primary Management Server. You specify the Gateway Server name (GATEWAY.DOMAIN.COM), the Primary Management Server Name (PRI_MS.DOMAIN.COM), and Failover Management Server name (FAILOVER_MS.DOMAIN.COM).

#Set specific Gateway Server to use PRI_MS and Primary and FAILOVER_MS as Failover 
$primaryMS = Get-SCOMManagementServer | where {$_.Name –eq 'PRI_MS.DOMAIN.COM'} 
$failoverMS = Get-SCOMManagementServer | where {$_.Name –eq 'FAILOVER_MS.DOMAIN.COM'} 
$gatewayMS = Get-SCOMManagementServer | where {$_.Name –eq 'GATEWAY.DOMAIN.COM'} 
Set-SCOMParentManagementServer -GatewayServer: $gatewayMS -PrimaryServer: $primaryMS 
Set-SCOMParentManagementServer -GatewayServer: $gatewayMS -FailoverServer: $failoverMS

Commands to verify Gateway Server Failover:

After configuring the Gateway Server failover, you’ll want to verify the configuration. The following PowerShell commands will output the name of each Gateway Server and its Primary and Failover Management Servers:

#Display Primary and Failover Management Servers for all Gateway Servers 
$GWs = Get-SCOMManagementServer | where {$_.IsGateway -eq $true} 
$GWs | sort | foreach
  { 
    Write-Host ""; 
    "Gateway MS :: " + $_.Name; 
    "--Primary MS :: " + ($_.GetPrimaryManagementServer()).ComputerName; 
    $failoverServers = $_.getFailoverManagementServers(); 
    foreach ($managementServer in $failoverServers)
      {
        "--Failover MS :: " + ($managementServer.ComputerName); 
      } 
  } 
Write-Host "";

Commands to configure Gateway Agent Failover:

The commands for the Gateway Agent Failover will get all Agents that report to a specified Gateway Server and configure them to be able to failover to another Gateway Server. Replace GATEWAY_1.DOMAIN.COM with the name of the Primary Gateway Server, and replace GATEWAY_2.DOMAIN.COM with the name of the Failover Gateway Server.

#Agents reporting to GATEWAY_1 - Failover to GATEWAY_2 
$primaryMS = Get-SCOMManagementServer | where {$_.Name –eq 'GATEWAY_1.DOMAIN.COM'} 
$failoverMS = Get-SCOMManagementServer | where {$_.Name –eq 'GATEWAY_2.DOMAIN.COM'} 
$agent = Get-SCOMAgent | where {$_.PrimaryManagementServerName -eq 'GATEWAY_1.DOMAIN.COM'} 
Set-SCOMParentManagementServer -Agent: $agent -PrimaryServer: $primaryMS 
Set-SCOMParentManagementServer -Agent: $agent -FailoverServer: $failoverMS

Commands to verify Gateway Agent Failover:

After configuring the Gateway Agent failover, you’ll want to verify the configuration. The following PowerShell commands will output the name of each Agent that reports to GATEWAY_1.DOMAIN.COM and its Primary and Failover Gateway Servers:

#Verify Failover for Agents reporting to GATEWAY_1 
$Agents = Get-SCOMAgent | where {$_.PrimaryManagementServerName -eq 'GATEWAY_1.DOMAIN.COM'} 
$Agents | sort | foreach
  { 
    Write-Host ""; 
    "Agent :: " + $_.Name; 
    "--Primary MS :: " + ($_.GetPrimaryManagementServer()).ComputerName; 
    $failoverServers = $_.getFailoverManagementServers(); 
    foreach ($managementServer in $failoverServers)
      {
        "--Failover MS :: " + ($managementServer.ComputerName); 
      } 
  } 
Write-Host "";

Hope that this post was helpful.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.