How to Install SCOM Agent on an Un-trusted machine
In order for SCOM to communicate with an un-trusted machine like in a WorkGroup / DMZ / different forest, you will have to import a certificate so that SCOM will trust the foreign machine and will be able to communicate with it. The most common example is a SCOM Gateway.
This topic is a bit complicated but if you use a guide like this you should be OK.
I added the files that you will need as well so you dont have to copy-paste it.
Additional files: REQconfig.inf , certreq
First thing you will need is an inf file that contains the request.
Create a REQconfig.inf file in this format:
Subject=”CN=<servername>,OU=<Organizational unit>,O=<organization>,L=<state> Aviv,S=<city>,C=<country>”
On the SCOM Server, Use
certreq utility to create a request for certificate from your organization CA.
Run (available on your SCOM installation library) utility to accomplish this: certreq certreq -new -f REQconfig.inf binreq.req
Send the .req file to your CA admin in order to create a .cer file.
Import the .cer file you receive from your organization CA admin into MS SCOM server to create a pfx file using mmc snap-in:
Open mmc (run>mmc>enter)
Click file > Add/remove snap-in > certificates > add > computer account > local computer.
right click container > All tasks > import > Next > browse > select the .cer file from your CA admin > Place the certificate in personal store.
Create a .pfx file: In Certificates > right click the certificate you need to export > all tasks >export…
Mark the two check boxes as seen below
Import the .pfx you created in to the using mmc snap-in: Workgroup machine personal container > all tasks > import
click NEXT > Click browse > Select pfx
Select the the pfx file
Enter a simple password
Select ‘mark this key as exportable’.
select place all certificates…
Certificate was imported to Workgroup machine
Install SCOM 2012 agent on the WorkGroup machine.
The SCOM healthservice must be started to proceed to the next step. You might get this error if the SCOM agent is not installed:
Please restart the healthservice to complete this process.
Error description: The specified service does not exist as an installed service.
MOMCertImport.exe from <Drive>:\Program Files\Microsoft System Center 2012 R2\Operations Manager\Server to the workgroup machine. Open CMD with admin rights and run MOMCertImport.exe:
Select the certificate you just imported and click OK.
I hope this has been helpful.
Memory leak – when the
Available MegaBytes (memory\% available Mbytes) for the system has exceeded the threshold, system performance may be significantly diminish, this results in low OS and applications performance. End users will usually complain about slow computer performance and you probably get a help-desk call like: ‘My computer is running slow’, or server is running slow.
Memory leaks can be caused by:
Too many applications running simultaneously on the computer.
An application may be leaking memory over time.
To view the history for the memory\% available Mbytes, start memory available Mbytes in
performance monitor or event task manager\performance.
Continue reading “Memory leak” »
I think I that a suitable name for this post might be ‘The case of the missing desktop shortcuts’. I spent nearly an hour or more resolving the so it will be the right thing to share it with you.
In Windows 7, Users can’t view objects and icons published on “C:\Users\Public\Desktop” .
Users cannot read data from “C:\Users\Public\Desktop”.
You suspect that a GPO – Group policy object, prohibit users from viewing icons on “C:\Users\Public\Desktop” folder.
Continue reading “Public Desktop Icons are Deleted After Logon in Windows 7” »
Windows update is one of the more important features of SCCM. Keeping all servers and workstations in your environment up to date is most important.
I met the following error while SCCM 2012 was trying to update one of my servers.
You try to push Windows security updates to a remote machine, but Windows update fails.
Continue reading “Windows update fails with Error 0x80072efd” »
You need to create multiple SCCM 2012 Distribution points fast and accurate!
Maybe you decided on upgrading your environment to SCCM 2012 or your company purchased another organisation. In any case,
The reasonable way will be to use a script, and not use the GUI to do the task over and over.
The preferred scripting environment is Powershell, since it already has many Configuration Manager commandlets that can be helpful.
You do have to work with at least SCCM 2012 sp1 version for the following script to work.
The below Powershell script will read the names of the Distribution points servers from a file. See example for the file
Continue reading “Create SCCM Distribution Point with Powershell” »
In this post I am writing about a minor problem that occurs while installing a SCCM 2012 client, and how to solve it.
You install a SCCM client on a machine.
After the installation finishes, you notice that not all logs are populated in the clients’ machine C:\windows\CCM\Logs directory.
If you check
ClientIDManagerStartup.log file, you notice the following error message:
RegTask: Failed to get certificate. Error: 0x80004005
Did you ever wonder how SCCM 2012 install a DP remotely from the CM console?
DISM.exe (Deployment Image Servicing and Management tool) is a command line tool that you can use to enable or disable Windows features.
In this case we use it to install all the necessary IIS features for a SCCM 2012 DP.
Command line to install IIS on DPs:
Continue reading “How to install IIS features on SCCM 2012 Distribution Point with command line” »