Monday, August 15, 2016

New Kid On The Block!

A colleague of mine, Corno Christianen, has launched a new blog, aimed at Azure, Azure Stack and Windows Server. And yes, of course his blog will cover PowerShell as well, that goes without saying Smile.

I respect Corno highly for his deep knowledge and thorough experience. For me is he is one of the company’s ‘Go-To-Guy’ when a problem needs to be fixed. Therefore I am pretty sure his blog will be good and worthwhile to keep an eye on.

His blog is titled and certainly worth your time for a visit.

MAS TP2 Roll Out Started To Some Early Adopter Customers

Last week Microsoft started releasing MAS TP2. However, this roll out is limited for now to only a subset of interested customers, as Microsoft describes ‘…some early adopter customers…’. Hopefully TP2 will be made available to anyone, interested in this new technology.

Back to TP1 and to some ‘rumors’…
With TP1 out in the wild and available for anyone, many companies started test driving it. With it, the publicity and rumor machine started. During the last WPC Microsoft fed this rumor machine, by announcing MAS is to be revamped and delayed.

So even though MAS TP2 is out of reach for most companies yet, there is a lot of good stuff out there, all about MAS and what it will be like when finally released. For me these 4 articles shed some good light on it:

Thursday, July 28, 2016

WAP Is About To Fade Away. Long Live MAS (Microsoft Azure Stack)

On the website of Windows IT Pro I found a very interesting posting written by a man who I highly respect for his knowlegde AND sources of information he has access to, named Rod Trent.

This posting is titled ‘Microsoft’s Azure Stack Delayed to Allow Partners Time to Certify Hardware’ and tells exactly why the release of MAS is delayed.

The same posting also contains information about the ‘future’ of WAP, or better, the lack of it. On itself not a surprise, but still something to reckon with:
(Screenshot taken from the same webpage of the mentioned article.)

Want to know more? Go here, and read the whole article.

Credits and ownership
All credits go to Windows IT Pro, who also owns the mentioned article. All I am trying to do is to point the readers of this blog to this article which contains good information, that’s all.

Friday, July 22, 2016

Unattended Installation Of KB3159706 Breaks WSUS Instance (SUP) For SCCM

A customer of mine has a SCCM 1511 environment which also has a Software Update Point (SUP) deployed. This SUP uses WSUS underwater and worked fine for a long time. However, for a few weeks the SUP was broken and the underlying WSUS Console threw this error:


The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists,

Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC\.

System.IndexOutOfRangeException -- Index was outside the bounds of the array.


It took me some time to pinpoint the cause, but it turned out to be KB3159706, which enables ESD decryption provision in WSUS.

However, the update itself is harmless UNLESS one undertakes manual steps after the installation of the update, as stated in the same KB article:

When you don’t WSUS will be broken…

In this case, the decision was made to uninstall this particular update. The server was rebooted and WSUS was fully functional again.

Within an hour the SUP for SCCM was fully functional again and runs now without a glitch.

Always be careful with the automated deployment of updates. Of course, Critical Updates and Security Updates are crucial, but require testing. When also pushing regular updates to your environment, they require testing as well. Never assume things won’t be hurt.

In this case the update itself was okay, but required manual actions afterwards in order to make it land properly. Because no one knew about this update being pushed, no one looked until it was too late.

So: Always test yourself before you wreck yourself.

Monday, July 18, 2016

SCOM Gateway Server Event ID 20077: ‘…no private key was included with the certificate…’

For a complex environment I had to create Certificate Signing Request files (CSR’s) using this method, section Request OpsMgr Certificate. So far so good. The certificates created on those CRS’s worked as expected, except for the SCOM Gateway Server.

Somehow, there was NO private key, and therefore SCOM didn’t load this certificate, throwing Event ID 20077:

And indeed, in the Certificate snap-in there was NO  private key attached to this certificate:
(Please mind: the golden key is missing in the certificate icon, depicting the private key.)

(Normally located at the yellow question mark there should be a line of text about the private key.)

One of the fixes is to create a NEW certificate, based on a new CSR. But before doing that one might try to repair the store first, based on this posting.

So based on that posting I ran the RepairStore command using the thumbprint of the ‘broken’ certificate. The feedback I got was good:

Time to refresh the certificate MMC, and YES it worked:
(Please mind: the golden key is ‘back’ in the certificate icon, depicting the private key.)

(Yes, the line of text about the private key is ‘back’.)

Let’s bounce the Health Service and see whether the certificate is REALLY okay now:

And YES we’re in business. After this the SCOM Gateway Server connected properly to the SCOM MS servers and all was okay again.

Whenever SCOM can’t load the certificate because the private key is missing, try to fix it first before creating a new certificate. It saves you a lot of time.

A BIG thanks to…
SSL Support Desk for their posting which helped me to solve this issue. Awesome!

Ignite 2016 = Launch Date System Center 2016

As expected, System Center 2016 will be launched in Q3 2016. Now the date is really set: System Center 2016 will be launched at Ignite 2016, which takes place in September.

For now (based on TP5 for SCOM 2016) these are the fixes and new features:

  • Monitor a broad range of network devices without requiring Operations Manager certification
  • Monitor Nano Server deployments, including DNS and IIS roles
  • Realize more than 2X scale improvement in monitoring UNIX/Linux servers
  • Experience a more responsive application console, including the ability to navigate across different views and pivots without having to wait for the data to load
  • Seamlessly discover, install and update required management packs right from the administration console
  • Tune management packs, and alter the monitors and alerting rules – either at source level or group level – to reduce alert noise
  • Plan and schedule maintenance windows for workloads without generating spurious alerts in Operations Manager console
  • Utilize the Preferred Partner program to discover third-party management packs, authoring tools, dashboard utilities, etc., right from the Operations Manager console.

IMHO these fixes and new features aren’t that big compared to SCOM 2012 R2 UR#9, underlining Microsoft’s ‘Cloud-First, Mobile-First’ strategy.

Updated MP: SQL MPs, Version

The SQL MP line has been updated to version This is a major update, containing many fixes and new features. For instance, the SQL Server MP for SQL 2005, 2008, 2008 R2 & 2012 contains these fixes and new features:

  • Added rules for alerting when an Availability Replica changed its role and/or a Database Replica changed its role
  • Created a group for WOW64 SQL Server instances and disabled launching some workflows for these instances
  • Added MP version line into MP's events generated by scripts
  • Fixed display strings and Knowledge Base articles
  • Fixed: some scripts do not return data when one of few installed instances is stopped
  • Fixed: SPN configuration monitor uses stale data
  • Fixed: Mirroring monitoring scripts fail when instance is stopped
  • Fixed Always On Database replica discovery incorrect behavior; fixed Always On policies discovery and monitoring
  • Fixed Database policies discovery and monitoring
  • Fixed and optimized CPU Usage monitoring scripts (the issue appeared when only one core was assigned)
  • Added support for more than 32 processors count in CPU Usage monitoring.
  • SQLPS module is now used for the tasks instead of deprecated SQLPS.EXE
  • Implemented FILESTREAM filegroup monitoring
  • Multiple Ports are now supported in SQL Server TCP/IP parameters
  • Fixed error occurring when no port is specified in SQL Server TCP/IP parameters
  • Fixed filegroup read-only state discovery
  • Fixed RunAs profiles mapping for some workflows
  • Implemented support for TLS 1.2 in connection logic
  • Implemented support for different client drivers in connection logic
  • Updated connection logic error logging
  • Added RunAs profiles for mirroring monitors, fixed mirroring discovery issues
  • Fixed issue: CPU usage monitor ignored SQL server limitations on CPU core count
  • Fixed display strings and Knowledge Base articles
  • Fixed error reporting in the scripts
  • Fixed intermittent "Cannot login to database" alert with some rules
  • Added support for SQL Express Instances
  • Updated Knowledge Base articles
  • Microsoft SQL Server 2012 x86 on Windows 2008 R2: fixed the issue when DB filegroups cannot be discovered
  • Win10 support: fixed "Cannot bind argument to parameter 'Path' because it is an empty string." issue
  • Fixed issue when SQL Configuration Manager starts snap-in of wrong version
  • Fixed invalid Always On non-readable replica detection

As ever, TEST these MPs BEFORE putting them into PRODUCTION. In the past there have been nasty issues with updated MPs, causing unexpected behavior, like DW bloat for instance.

So TEST yourself before you WRECK yourself.