Well  –  I saw the blog post from the Team stating this has now gone live:

https://blogs.technet.microsoft.com/momteam/2016/11/10/public-preview-of-system-center-operations-manager-assessment-solution-on-operations-management-suite-available/

 

So I thought I’d throw it up on my Lab to evaluate it

As usual – go to your Solutions Pane and now instead of coming, the System Center Operations Manager Assessment (Preview) is available – YEA 🙂

Select it

clip_image001

Add it

clip_image002

clip_image003

And Wait 🙂

clip_image004

Kicked off 10:45am –> Still going -2 hours +

Regarding past experience the assessments can take some time to go in so initially wasn’t too bothered, but after 2+ hours nothing had happened. Should have read the manual 🙂  There’s stuff to do – my bad.

Referring to my previous blogs, the Health Service for the Management Server (just a single server deployment for my LAB) no timestamps on the health service for the SCOM assessment as it was for the SQL Assessment when no data was found so we know the assessment hasn’t run on the box (Management Server) yet:

clip_image005

A successful SQL Box showing the SQL Assessment has been run against it:

clip_image006

From <http://damianshiell.co.uk/2016/10/02/oms-sql-and-ad-assessments-no-data-found/>

Checking my RSS feeds I found the following blog – should have read the manual – my bad 🙂

https://blogs.technet.microsoft.com/momteam/2016/11/10/public-preview-of-system-center-operations-manager-assessment-solution-on-operations-management-suite-available/

So started to have a look into what was happening and looked into the rule as per the post that is inserted into the Management Group:

clip_image007

The blog article also specifies that the rule runs under a specific Run As Account Profile. By clicking the Rule Properties –> Configuration you can see under the data source part of the rule what this is:

clip_image008

If we see what accounts have been specified for this Run As Profile, we can see by going to Administration\Run As Account Configuration\Profiles we can see that it is blank:

clip_image009

This means, that unless specified, this Run As Profile will use the Default Agent Account. Now this is the Management Server it will use the MSA Account specified at setup.

How do I know what the default agent account is for this or any server , easy – go to the same place as before Administration\Run As Configuration\Profiles and look for Default Agent Account this time. Go to Run As Accounts and you can see which account uses which.

clip_image010

As an aside – most environments will have anything other than the Management Servers use the Local System account, whilst the Management Servers will use a domain account. This is specifically true if using a SQL instance on a remote SQL Server – it’s best practise to use a domain account here.

So as per the blogs instructions I need to run this SQL Query against the account that’s going to be running under the Run As Profile, which is our case the MSA account, aka LAB\svc-scom-msa. I’m perfectly okay with using this account as that account already has certain access in the database instances awarded at setup. Obviously, at this point you could create another Run As Account, give it the following permissions and Log-on locally access to the Management Servers & SQL Servers (https://technet.microsoft.com/en-us/library/hh321655(v=sc.12).aspx_)

So I log onto MSSMS, call up the SQL Instance[s] and run the following query against the SQL Instance:

— Replace <UserName> with the actual user name being used as Run As Account.

USE master

— Create login for the user, comment this line if login is already created.

CREATE LOGIN [UserName] FROM WINDOWS

–GRANT permissions to user.

GRANT VIEW SERVER STATE TO [UserName]

GRANT VIEW ANY DEFINITION TO [UserName]

GRANT VIEW ANY DATABASE TO [UserName]

— Add database user for all the databases on SQL Server Instance, this is required for connecting to individual databases.

— NOTE: This command must be run anytime new databases are added to SQL Server instances.

EXEC sp_msforeachdb N’USE [?]; CREATE USER [UserName] FOR LOGIN [UserName];’

Use msdb

GRANT SELECT To [UserName]

Go

–Give SELECT permission on all Operations Manager related Databases

–Replace the Operations Manager database name with the one in your environment

Use [OperationsManager];

GRANT SELECT To [UserName]

GO

–Replace the Operations Manager DatawareHouse database name with the one in your environment

Use [OperationsManagerDW];

GRANT SELECT To [UserName]

GO

–Replace the Operations Manager Audit Collection database name with the one in your environment

Use [OperationsManagerAC];

GRANT SELECT To [UserName]

GO

–Give db_owner on [OperationsManager] DB

–Replace the Operations Manager database name with the one in your environment

USE [OperationsManager]

GO

ALTER ROLE [db_owner] ADD MEMBER [UserName]

GO

From the above I removed the following as it was not relevant to my environment (as there was no OperationsAC DB and the User Account already existed wtihin the security models of the Database.

— Create login for the user, comment this line if login is already created.

CREATE LOGIN [LAB\svc-scom-msa] FROM WINDOWS

— Add database user for all the databases on SQL Server Instance, this is required for connecting to individual databases.

— NOTE: This command must be run anytime new databases are added to SQL Server instances.

EXEC sp_msforeachdb N’USE [?]; CREATE USER [LAB\svc-scom-msa] FOR LOGIN [LAB\svc-scom-msa];’

–Replace the Operations Manager Audit Collection database name with the one in your environment

Use [OperationsManagerAC];

GRANT SELECT To [LAB\svc-scom-msa]

GO

clip_image011

Remember, if you have the DW on another SQL instance for Perf

As the rule was not enabled (as by design) so will override the rule now and restart the Health Service to kick the rule into life.

clip_image012

Restarting the Health Service now and then waiting 🙂

And sure enough after waiting a “System Center” 5 minutes, examining the Health Service registry settings, we see a TimeStamp for the SCOM Assessment:

clip_image013

Kicked off the above at about 15:12 so now just waiting for it to populate the assessment. Ooh all tingly.

A little bit of an anti-climax – got caught up in a Runnaway Data Warehouse incident with one of our customers, came back to look at it and it was still “Performing Assessment”. Meh.

I’d prodded it earlier by restarting the Health Service, now I thought I’d give it a good kick. I stopped the healthservice, removed the Health Service Folder and before starting the service back up again I removed the timestamp from the above Registry value.

Putting the kids to bed so will check in on my other baby a bit later tonight…….

Well – it ran again according to the Registry

clip_image014

Yea – and that did it – Took about 30 mins for it to run through once I’d kicked the Health Service good and proper.  Remember – you’d need to do this on multiple servers if you have a Multi-Server SCOM environment 🙂

clip_image015

And looking into the Pane now gives all the useful information about the health of my OpsMgr Instance. I’m expecting this to be bad as I pause, turn off, neglect and generally abuse this poor server 🙂

clip_image016

This is excellent – it’s all the knowledge you want from SCOM without the bombardment

clip_image017

clip_image018

Anyway – happy scomming now in the knowledge your Management Groups are healthy and great 🙂

Damian

System Center Operations Manager Assessment on Operations Management Suite–My Experience
Tagged on:         

Leave a Reply

Your email address will not be published. Required fields are marked *