SP1 Prerequisite

I remember the trouble with MOM 2005 SP1 when they added the prerequisite for MSI v3 at release so the beta testers did not know about it. I had a customer try it as I mentioned it was due to be released and was on the web the next day. Then I got an irate call saying that there was a problem. Luckily I had access to Clive Eastwood as he was still in the UK and he confirmed the issue and got a KB article out that day. What a palaver that was. Luckily SMS and WSUS also needed MSI v3 so it got pushed out.

I have picked up from bink.nu that the new update to WS-Management will be needed for SCOM SP1 and SCVMM.

“WS-Management OOB is a targeted release for supporting WS-Management functionality on the following platforms: Windows XP SP2, Windows Server 2003 SP1, Windows Server 2003 SP2, Windows 2003 Server R2. It replaces the WS-Management version that shipped in Windows Server 2003 R2. Customers are advised to update their Windows 2003 Server R2 with this update. This is a required component for Microsoft System Center Virtual Machine Manager 2007 and Microsoft System Center Operations Manager 2007 SP1.
Please review KB article KB936059. ”

The KB article does not mention SCOM SP1 or SCVMM so it would be nice to get confirmation from Microsoft that this is indeed a prerequisite and for which components. If it is the agent, which means that SCOM SP1 will be updating the agent” then we need to know sooner rather than later so organisations can fit this into their testing and change control schedules.

And I think SP1 will be a must have update.

Not All Services Show Up

I was watching Baelson’s presentation from the 2007 MMS DVD and I picked up this useful piece of information which may help explain why not all services show up for monitoring. There were so many sessions that it is useful to have the DVD to go back and watch them again to pick up items that I missed first time around.

If you use the wizard to create a monitor for a Windows Service then you can browse to see the services you can monitor. However the list presented is shorter than the list in the Services MMC. This is because in this version OpsMgr can only monitor services that are not shared. A number of services may share and run under svchost.exe so these can not be picked up. The product group are looking to fix that in the next version. If you have in house developers make sure that they create separate services for their applications otherwise you will not be able to monitor them.

McAfee Again

I wrote before about how MOM 2005 has a problem with McAfee ScriptScan. Well it is a problem with 2007 as well. Certainly v8.

At a customer site we saw some servers peaking at 100% and multiple copies of Cscript.exe running. On some servers that were near their limit people started to complain of sluggish response.

We stopped ScriptScan from running (which is now a McAfee recommendation on servers – see below) but additionally we had to exclude the SCOM program files directory. I presume because all the scripts are stored in directories there and run from there. When both were done then servers went back to about 2% utilization. Much better.

Here is McAfee’s KB on it with the note at the end – important if you need your manager to approve the change.

https://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=KB40067&sliceId=SAL_Public&dialogID=2123018&stateId=0%200%202121540

“When installed to a server, McAfee recommends that ScriptScan be disabled. JScript and VBScript protection is intended for use with Microsoft Internet Explorer and Microsoft Outlook, which generally are not used on server platforms. Additionally, ScriptScan is not designed for high-throughput requirements of servers.

Despite having On-Access Scanner protection, there is some risk in disabling ScriptScan. The On-Access Scanner detects malicious script attacks when the script, or its activity, accesses the file system. However, not all scripts must interact with the file system to become a hindrance or modify system settings. ScriptScan would block those malicious scripts from executing.”

Facebook

It seems that Facebook is the latest social network craze to sweep the net and I already have a few other OpsMgr bloggers linked in. If we get enough people perhaps we can start a new group for OpsMgr. Of course there will be an argument about what to call it – OpsMgr, Operations Manager, SCOM or even MOM!

If you are on Facebook my id is http://www.facebook.com/profile.php?id=726041323.

Ian