Should I really be listening to this guy?

Sunday, September 12, 2010

How to move Ops Mgr’s Database

In my line of work, it is essential to have monitoring software in place that will alert you of potential problems before they occur. Having a preemptive alert allows your team to utilize pro-active management rather than reactive. This is much more desirable in today's "always on, always available" standards. 

My team utilizes System Center Operations Manager 2007 R2 for our monitoring solution. This is a very robust monitoring solution offered by Microsoft. Ever since releasing the software, we have seen more proactive management and less surprise hardware and software failures. This software has the ability to monitor hardware, DBMS software, Security software, Exchange, and much more. 

The one problem with monitoring software is if the hardware it is hosted on, or the software itself is corrupted or failing, your monitoring solution is irrelevant. In my environment we have had to move the Ops Mgr database multiple times and in this post I plan on giving you the steps required to do so. This is a relatively painless process, but it is crucial that is goes flawlessly. 

 

Before You Start

  • Make a backup of the current operations manager database
  • Verify that you have administrator rights on both servers where the SQL instances are located
  • Verify that you know the location of the current Operations Manager Database in the program files of the current database holding server
  • Stop the OpsMgr services (OpsMgr Config Service, OpsMgr SDK Service, and OpsMgr Health Service for Root Management Servers and OpsMgr Health Service for Management Servers) on the Management Servers in the Management Group

Detach the Database

  • In the current host of the Operations manager Database, you will want to detach that database
  • Once the database has been detached, locate the database .mdf file and move it to a location on the new server

Attach the Database

  • You must now attach the database to the SQL server instance in the new location

Update the Management Servers

  • Now that the database is located in a new location, you need to point the management servers to that new location
  • This needs to be done on each management server individually
  • Login to the management server as an Administrator and run the regedit command
  • Inside the registry editor navigate to: HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft Operations Manager\3.0\Setup
  • Double Click databaseservername and change the value to the new database hosting server
  • Hit ok and then close the registry editor
  • Restart these services on the Root Management Servers: OpsMgr Config Service, OpsMgr SDK Service, and OpsMgr Health Service
  • Restart just this service for Management Servers: OpsMgr Health Service

Update SQL Server

  • Start SQL Server Management Studio and connect to the new database host service
  • Expand the operations manager database
  • Expand the tables
  • Find the table : dbo.MT_ManagementGroup and right click and select ‘Edit Top 200 Rows
  • Find the column named: SQLServerName_... and change the value of the first row in that column to the name of the new host server for the database
  • Hit Execute and then click File and Exit

Enable Broker

  • Open the SQL Server Management Studio and connect to the host database server
  • Click New Query in the upper left hand corner
  • In the query window input: ALTER DATABASE OperationsManager SET SINGLE_USER WITH ROLLBACK IMMEDIATE
  • Click Execute
  • Now in the query window clear out the previous statement and input: ALTER DATABASE OperationsManager SET ENABLE_BROKER
  • Click Execute
  • Close Management Studio by hitting File > Exit
  • Reopen SQL Server Management Studio and connect once again to the host database server
  • Click New Query in the upper left hand corner
  • In the query window input: ALTER DATABASE OperationsManager SET MULTI_USER
  • Click Execute
  • Before continuing, verify that the setting for ENABLE_BROKER is set to 1 by using the following query: SELECT is_broker_enabled FROM sys.databases WHERE name='OperationsManager'
  • Close Management Studio by hitting File > Exit

SQL Accounts: User Mapping

  • You need to make sure that Operation Manager’s SDK and Action accounts are in the security logins within the host database server
  • Open the SQL Server Management Studio and connect to the host database server
  • Open the Security folder and then open the Logins folder
  • Search for your SDK account and open its properties
  • If there is no account, right click and make a new one that uses your SDK service account
  • On the left in the Select a Page section, choose User Mapping
  • Under the Users mapped to this login list, select the checkbox for the operations manager database
  • Under the Database role membership for: OperationsManager list, make sure the following are selected: configsvc_users, db_datareader,db_datawriter, db_ddladmin, andsdk_users
  • Click OK
  • Now Search for your Action account and open its properties
  • If there is no account, right click and make a new one that uses your Action account service account
  • On the left in the Select a Page section, choose User Mapping
  • Under the Users mapped to this login list, select the checkbox for the operations manager database
  • Under the Database role membership for: OperationsManager list, make sure the following are selected: db_datareader,db_datawriter, db_ddladmin, dbmodule_users
  • Click OK

Sources Used in this Article

· http://blogs.technet.com/b/smsandmom/archive/2007/10/11/scom2007-moving-the-operations-manager-database.aspx

· http://technet.microsoft.com/en-us/library/cc540384.aspx

Posted by at No comments:

Sunday, July 11, 2010

How to use the dcpromo Command for Windows Server 2008 R2

I get this question a lot so I figured I would make a quick how to on the promotion of a Windows server to a domain controller. This post assumes that you are using Windows Server 2008 R2 and is not meant to be used for any previous additions of Windows Server. With that said, this information will still be applicable for older Windows Server operating systems.

Before getting to the how to, I want to first provide a little understanding to the user about what a domain controller is and how it functions. A domain controller is, at its core, a server running Windows Server with the Active Directory Domain Services Role installed. Active Directory Domain Services or AD DS keeps information about the domain’s entire forest's  information. The most basic function of having a domain is so that a single set of credentials can be used on many systems instead of a set for each system. A domain controller is required to manage such a domain and the dcpromo command is where to start.

There are different versions of domain controllers such as Read Only Domain Controllers etc. That is beyond the scope and purpose of this post but I encourage you to look into it if you have the need or interest. http://technet.microsoft.com/en-us/library/cc770627(WS.10).aspx

The first step to getting the promotion underway is to use the dcpromo command. In Windows Server 2008 R2 you can simply type “dcpromo” into the start menus search bar.Type Dcpromo

 

Once the command is presented click it or simply press enter

 

 

 

 

 

 

 

This will bring up the Active Directory Domain Services Installation Wizard. To be as thorough as possible, I am going to go through the Advanced setup of the wizard. You may choose to the simple installation, but I encourage you to use the advanced mode. It is not as scary as it sounds and it will provide you with more control over the installation process which is always a good thing.

Advanced 

Select the checkbox for Advanced Installation and click Next

 

 

 

 

 

 

A disclaimer will show up in the next window. This disclaimer describes that there is a new security function included in Windows Server 2008 and Windows Server 2008 R2 that requires the use of stronger cryptography algorithms when establishing security channel sessions. All this really means is that older version of Windows Server may have a harder time authenticating against Server 2008 and 2008 R2 domain controllers. If you know that you use older versions of Windows Server, you should investigate further and see if it will be a problem for your organization. Disclaimer

 

Review the Disclaimer and click Next

 

 

 

 

 

The next window to appear will ask you what kind of deployment you want to create. This is where you can choose from three different options:

1. Create a brand new domain with a new forest. (This is the option that I will cover for the rest of this post. With that said I encourage you to continue to use this post for reference because this option covers most of the bases of the other installations)

2. Add a domain controller to an existing domain. If you already have a domain setup and want to add another domain controller for redundancy use this deployment (it is highly recommended to have at least two domain controllers for any domain).

3. Create a new domain in an existing forest. It is possible to create new domain in another domain’s forest. Within in my own organization we have a top level domain of .edu and parent level domain of colostate and a child level domain of business. Put all together, or the expressed as the fully qualified domain name (FQDN), it is: BUSINESS.COLOSTATE.EDUDeployment

 

For this post I am choosing to cover how to create a new domain in a new forest. This option is the most comprehensive and I am confident that if you use this as a guide, you could successfully use any of the other options.

 

 

 

 

After choosing to create a new domain in a new forest, you will be asked to supply the Fully Qualified Domain Name (FQDN). If you plan on registering your domain name for use outside of your own network, it must not be in current use.FQDN'

 

I chose the name ITPlease.Net and clicked Next

 

 

 

 

 

Next up you are asked to specify the NetBIOS name. This is the name that is used to identify resources on the NetBIOS network. This means that the name must be unique within your network. Your system created a NetBIOS name based off of the computer’s name you used during windows installation, but it can be changed during this installation to match the domain. netbios

 

I chose to use the default and clicked Next

 

 

 

 

 

The next step asks you to specify the forest functional level for you new forest. This part assumes that you have done appropriate planning for your new domain. In simple terms this part is asking what version of operating systems you plan to use when deploying new domain controllers anywhere in the forest. Please note that if you choose the Windows Server 2008 R2 functional level, the next step in setup will be skipped (The next step asks you to specify the Domain functional level. This is asking what operating systems will be used for deploying new domain controllers in this domain)Forest functional

 

I chose the Windows Server 2008 R2 forest functional level which skipped the domain functional level step. Click Next

 

 

 

 

 

The next step is to choose additional options for this domain controller. By default, if this is the first domain controller in this domain, the global catalog option is permanently selected. At least one global catalog server is needed in every domain. A global catalog is a distributed data repository containing all the information about every object in a domain. This repository is searchable which makes authentication faster. It also contains partial information about other domains in the network. For more information refer to: http://technet.microsoft.com/en-us/library/cc728188(WS.10).aspx

There is also the option to install DNS or Domain Name System. This feature is used to map computer names or website names to specific IP addresses. This makes things more user friendly. For example you could type 74.125.95.147 into your browser or you could simply type www.google.com. DNS

 

Choose to install DNS and click Next

 

 

 

 

 

A disclaimer will come up telling you that DNS delegation could not be created because none could be found. This is true because there is no DNS installed for this domain yet.DNS diclaimer

 

Click Yes

 

 

 

After choosing to continue, you will be asked where you want to install the database, log and sysvol files. You may choose locations other than the default if you wish.Location

 

 

I chose to leave them in the default location and clicked Next

 

 

 

 

Next you will be prompted to apply a new restore password. Directory Services Restore Mode can be used to take active directory offline within a domain controller. Use a strong password and document it in a secure location.Restore

 

 

Type the password twice and click Next

 

 

 

 

Finally review your final configurations.Summary

 

 

Click Next

 

 

 

The installation process of Active Directory Domain Services will begin. Depending on your hardware this installation can take quite some time. Once it is complete, the machine will need a restart to be fully upgraded to a new domain controller.

 

Congratulations! You have now created your very own domain using the dcpromo command in Windows Server 2008 R2.

If you have more questions or would like to express anything about this post, please feel free to comment.

 

Websites used to make this article:

http://technet.microsoft.com/en-us/library/cc755059(WS.10).aspx

http://technet.microsoft.com/en-us/library/cc786438(WS.10).aspx

http://technet.microsoft.com/en-us/library/cc732887(WS.10).aspx

http://technet.microsoft.com/en-us/library/cc728188(WS.10).aspx

Posted by at 1 comment:
Subscribe to: Posts (Atom)