Microsoft’s System Center Operations Manager is a powerful tool which can help you monitor the health of your environment. The tool analyzes everything from network components to the Operating System. It’s a tool which from what I’ve seen, seems to be one of the most widely used tools in the System Center suite. I only got exposure to SCOM back when 2012 Release Candidate was released a few years ago, My first impression was “Ohhh this is kind of like Solar Winds only it reports on several different layers”. I’m not sure if that holds up to what everyone else thinks of this tool but I think that still holds water. I got a little exposure to SCOM 2012 after it’s release with one of my previous employers, the company brought in a third party service provider to carry out the setup. It took a couple of months to get the setup complete…I decided it might be a good idea to stay away from SCOM! Well, I’ve come back to it. I made damn well sure that I documented everything so I figure I might as well share it.
System Requirements
You can have multiple servers for the Management Server and the reporting server, there’s also a Web Console the main Operations Console. Ideally you should have multiple servers in a production environment. There’s also two databases required for the Operations and Reporting.
My blog post is using Server 2012, if using an older OS you’ll need to install .Net Framework 4.0 and Powershell 3.0
You’ll also require 5 Domain Accounts: A service Account for Data Writer, A service Account for Data Reader, A service Account for Data Access, A service account for Management Server Actions and a SQL service account. E.g
If you are using a Firewall on your servers, ensure port 1433 is open for the Database communication. This should be set both on the DB Server(s) and the SCOM Management Server. As this was a POC, I had the Database on the same server.
SSL can be used to encrypt the data being sent over the wire. You will need to configure your IIS to include a certificate whether it’s a third party cert your company owns or a self signed certificate.
With all of that out of the way, this guide will illustrate the setup on one server for a Proof Of Concept. You’ll want to add the following Roles and Features:
Application Server
.Net Framework 4.5
TCP Port Sharing
Web Server (IIS) Support
Windows Process Activation Service Support
-HTTP Activation
– TCP Activation
File and Storage Services
– Storage Services
Web Server (IIS)
-Web Server
-Common HTTP Features
-Default Document
-Directory Browsing
-HTTP Errors
-Static Content
-HTTP Redirection
-WebDAV Publishing
-Health and Diagnostics
-HTTP Logging
-Custom Logging
-Logging Tools
-ODBC Logging
-Request Monitor
-Tracing
-Performance
-Static Content Compression
-Dynamic Content Compression
-Security
-Request Filtering
-Basic Authentication
-Client Certificate Mapping Authentication
-Digest Authentication
-IIS Client Certificate Mapping Authentication
-IP and Domain Restrictions
-URL Authorization
-Windows Authentication
-Application Development -.NET Extensibility 3.5
-.NET Extensibility 4.5
-ASP
-ASP.NET 3.5
-ASP .NET 4.5
-CGI
-ISAPI Extensions
-ISAPI Filters
-Management Tools
-IIS Management Console
-IIS 6 Management Compatibility
-IIS 6 Metabase Compatibility
-IIS 6 Management Console
-IIS 6 Scripting Tools
-IIS 6 WMI Compatibility
-IIS Management Scripts and Tools
The following Features need to be enabled\installed on the server:
.NET Framework 3.5 Features
-.NET Framework 3.5 (includes .NET 2.0 and 3.0)
-HTTP Activation
-Non-HTTP Activation
.NET Framework 4.5 Features
-.NET Framework 4.5
-.ASP.NET 4.5
-WCF Services
-HTTP Activation
-Message Queuing (MSMQ) Activation
-Named Pipe Activation
-TCP Activation
-TCP Port Sharing
Message Queuing
-Message Queuing Services
-Message Queuing Server
User Interfaces and Infrastructure
-Graphical Management Tools and Infrastructure
-Server Graphical Shell
Windows Process Activation Service
-Process Model
-.NET Environment 3.5
-Configuration APIs
You will need to ensure Windows Authentication is Enabled. You can set this from within IIS after it’s installed.
When you have SQL Installed ensure Named Pipes and TCP are Enabled from within the SQL Configuration Manager.
And of course, ensure your Report Server site is up and operational before proceeding with the SCOM Setup.
SCOM Setup
Launch the Setup.exe
Click Install
Check all boxes and Click Next> (This example is installing onto one server for the sake of a POC, if using separate server, only install the relevant features)
Enter an Install Directory and Click Next>
For my POC I left the server running with only 2GB of RAM, Obviously as the warning illustrates you’ll want to have at least 4GB. If you completed all previous steps correctly, you should not receive any other warnings or Errors. Click Next>
Give your Management Group a name. I entered RM-SCOM for mine and then Clicked Next>
Check the box ‘I have read, understand and agree with the license terms’ and Click Next>
Enter your Server Name and Instance name for your DB. Click Next>
Enter your Server Name and Instance name for your DB. Click Next>
Your SQL Server Instance should appear in the Drop Down. Click Next>
If you wish to use a SSL you will need to ensure you configured the Certificate before checking that box. Click Next>
Select type of Authentication you would like to use. (Ensure Authentication in IIS show’s that it’s enabled) Click Next>
Ensure you check Domain Account for each and enter the account credentials which was featured at the top of this post. Click Next>
You can select whether you’d like to share your experiences with the Mothership. I show that I selected No but for my POC, I actually selected Yes to try and help out and improve the reliability. Click Next>
Click Off and Click Next>
Click Install
All should be green, except for Management Server, this is expected. You’ll need to pass your Product Key using Powershell. Ensure the two checkboxes are un-checked. We’ll pass the licensing info before launching. Click Close
Launch Powershell
Type Set-ExecutionPolicy RemoteSigned hit Enter
Type Y and hit enter
Type Import-Module OperationsManager and hit enter
Type Set-SCOMLicense -ProductID <License Key> (the License Key will appear with the dashes included and also do not put double quotes around it. Ensure there’s a Space between -ProductID and the license key. No brackets required)
You can now launch the Web Console by opening up IE and typing in the address as: https://<Fully Qualified Domain Name of your Management Server>/OperationsManager (Note: If you configured a certificate and set the binding for an https address, use https instead)
You can also launch the Operations Console shortcut. I will be covering the Console and how to deploy the Agent to the machines in your environment in part 2, which you can find HERE