SCOM Health Service Events when troubleshooting certificate authentication

These Events are common when troubleshooting problems related to Health Service certificates i System Center Operations Manager 2007:

 

21021 – Could not load Certificate
Check if certificate exists and the Health Service has permissions to read it.

 

20052 – Certificate not loaded (name does not match)
Make sure Issued To match the actual computername.

 

20053 – Certificate loaded
The certificate is loaded – and everything should be working.

 

 

SCOM 2007 R2 create/install databases using DBCreateWizard.exe – even remotely!

Instead of using MSI to create SCOM databases, you have the option to use DBCreateWizard.exe which can be found in the SupportTools folder. DBCreateWizard also gives the option to create the databases remotely when using command line like shown below:

OPERATIONS MANAGER DATABASE

DBCreateWizard.exe DBType:"Operations Manager Database" SQLInstance:<SQLinstance> DBName:<SQLdbName> ManagementGroup:<ManagementGroup> UserGroup:<AD_AdminGroup> DBCreate DBSize:<SQLDBsize> DBPath:<SQLdataPath> LOGPath:<SQLlogPath>

 

OPERATIONS MANAGER DATA WAREHOUSE DATABASE

DBCreateWizard.exe DBType:"Operations Manager Data Warehouse Database" SQLInstance:<SQLinstance> DBName:<SQLdbName> DBCreate DBSize:<SQLDBsize> DBPath:<SQLdataPath> LOGPath:<SQLlogPath>

DBCreateWizard.exe creates a log file starting with dbCreateWiz in the temp folder.

If DBCreateWizard.exe is started without command line parameters the GUI will show.
NOTE: It is not possible to create databases remote from the GUI!

SCOM 2007 R2 command line install

To install System Center Operations Manager from command line use the parameters highlighted below:

DATABASE

msiexec.exe /i <FilePathMOMmsi> /qn /l*v <FilePathLog> ADDLOCAL=MOMDB USE_SETTINGS_FROM_AD=0 MANAGEMENT_GROUP=<MgmtGroup> SQLSVR_INSTANCE=<SqlServerInstance> DB_SIZE=<SqlDBsize> ADMIN_ROLE_GROUP=<ADadminRoleGroup> DATA_DIR=<SqlDBdataDir> LOG_DIR=<SqlDBlogDir>

 

MANAGEMENT SERVER (RMS or MS)

msiexec.exe /i <FilePathMOMmsi> /qn /l*v <FilePathLog> ADDLOCAL=MOMServer USE_SETTINGS_FROM_AD=0 MANAGEMENT_GROUP=<MgmtGroup> MOM_DB_SERVER=<SqlServerInstance> ACTIONS_USE_COMPUTER_ACCOUNT=0 ACTIONSUSER=<AccountActionUser> ACTIONSDOMAIN=<DomainActionUser> ACTIONSPASSWORD=<PasswordActionUser> SDK_USE_COMPUTER_ACCOUNT=0 SDK_ACCOUNT=<AccountSDK> SDK_DOMAIN=<DomainSDK> SDK_PASSWORD=<PasswordSDK>

 

CONSOLE (UI)

msiexec.exe /i <FilePathMOMmsi> /qn /l*v <FilePathLog> ADDLOCAL=MOMUI USE_SETTINGS_FROM_AD=0 MANAGEMENT_GROUP=<MgmtGroup> ROOT_MANAGEMENT_SERVER_DNS=<FQDN_RMS>

 

WEBCONSOLE 

msiexec.exe /i <FilePathMOMmsi> /qn /l*v <FilePathLog> ADDLOCAL=MOMWebConsole WEB_CONSOLE_AUTH_TYPE=<0:Windows Authentication | 1:Form based authentication> ROOT_MANAGEMENT_SERVER_DNS=<FQDN_RMS>

 

AGENT

msiexec.exe /i <FilePathMOMagentmsi> /qn /l*v <FilePathLog> USE_SETTINGS_FROM_AD=0 MANAGEMENT_GROUP=<MgmtGroup> MANAGEMENT_SERVER_DNS=<FQDN_MS> ACTIONS_USE_COMPUTER_ACCOUNT=0 ACTIONSUSER=<AccountActionUser> ACTIONSDOMAIN=<DomainActionUser> ACTIONSPASSWORD=<PasswordActionUser>

 

DATAWAREHOUSE (REPORTING DATABASE)

msiexec.exe /i <FilePathReportingmsi> /qn /l*v <FilePathLog> ADDLOCAL=MOMREPORTINGDB SQLSVR_INSTANCE=<SqlServerInstance> MOMREPORTINGDBNAME=<DBname> DB_SIZE=<SqlDBsize>

 

REPORTING SERVER

msiexec.exe /i <FilePathReportingmsi> /qn /l*v <FilePathLog> ADDLOCAL=MOMREPORTING SQLSVR_INSTANCE=<SqlServerInstance> MOMREPORTINGDBNAME=<DBname> MGSERVER=<ManagementServer> PREREQ_COMPLETED=1 REPORT_SERVER_FULL_HTTP_PATH="http://%COMPUTERNAME%:80/ReportServer$INSTANCE1" DATAREADER_USER=<AccountDataReader> DATAREADER_DOMAIN=<DomainDataReader> DATAREADER_PASSWORD=<PasswordDataReader>

 

SCOM 2007 R2 Agent could not connect to Management Server (Event 21006)

After installing agent event 21006 is shown in EventLog:

Log Name:      Operations Manager
Source:        OpsMgr Connector
Date:          16-12-2010 14:13:56
Event ID:      21006
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SCOM.domain.local
Description:   The OpsMgr Connector could not connect to  SCOM.domain.local :5723.
               The error code is 11004L(The requested name is valid, but no data
               of the requested type was found.).  Please verify there is network
               connectivity, the server is running and has registered it's
               listening port, and there are no firewalls blocking traffic to
               the destination.

This is because the agent is unable to connect to Management Server. When connection fails no data will be sent to the Management Server, and typically no errors indicating connection failed will show up at the Management Server event log.

Verify agent can resolve Management Server adress and no extra characters(space) are present in the name specified during Agent installation.

In the picture above the agent is trying to connect to a Management Server which has a space before and after the FQDN. The extra spaces are easily overlooked in Event Properties.