Recent Posts

Configuring Auto-Shutdown on your Azure Virtual Machines

No comments
Configuring Auto-Shutdown on your Azure Virtual Machines
The auto-shutdown feature is definitely one of those extremely helpful ones as it provides a simple interface to configure those VM's you might not want to pay the extra cost when they are not being used. Having a function like this will certainly reduce cost and help better manage your cloud infrastructure. This feature also allows you to enable notifications 15 minutes before the auto-shutdown will occur so you can postpone or even skip the Virtual Machine. See the step by step below on how you can get started with the Auto-shutdown feature.  

Step by Step

  1. On the Azure Portal go to your VM blade and select the Virtual Machine.

  1. Navigate to Schedule, select Auto-Shutdown under the Operations Section and click On to enable.

  1. Schedule Shutdown on the preferred Time and Time Zone.
  2. Send notification if needed and specify the email address.

  1. Review and then Save.
  2. This is the email that you will receive when the scheduled Auto-shutdown is about to take place.


Thank you for reading, have a nice day!

References: Microsoft Docs and Azure Portal

How to connect Operations Manager 2019 (SCOM) to Azure Log Analytics (AKA OMS) in 4 simple steps

No comments

How to connect Operations Manager 2019 (SCOM) to Azure Log Analytics (AKA OMS) in 4 simple steps


Monitoring is a Key element in your IT infrastructure.  System Center a d Azure Cloud offers some phenomenal advantages when properly integrated. Connecting you on-premises SCOM environment to your Azure Log Analytics enhances monitoring while utilizing advanced analytics and machine learning which help identify issues and automatically respond to alerts. Hybrids environments certainly help that next level of productivity and even more when two exceptional platforms are integrated. SCOM +Azure Log Analytics helps to improve your operational workflows on your infrastructure.

Architecture Overview


Requirements:
1. Have your SCOM environment to be allowed to connect to 443 port over the internet.
2. An Active Azure subscription (This could be a trial one)
3. Admin Credentials to your Azure environment. 
More details at Microsoft Docs

Step by Step

1. Register or Connect to Azure Log Analytics

2. Sign in to your Microsoft Azure Account

3. Select Azure Log Analytics Workspace

4. Review and Create and after a couple of minutes, your workspace will be configured.


Heres my workspace


Thank you for viewing, please follow my LinkedIn and Twitter for more solutions and fixes.

References: Microsoft Docs







How to Deploy Active Directory Federation Services (ADFS) on Windows Server 2019

No comments

Deploying Active Directory Federation Services (ADFS) on Windows Server 2019


Active Directory Federation Services (AD FS) also popularly known as SAML/Federation Services/SSO. It provides Web single-sign-on (SSO) to authenticate a user to multiple Web applications while utilizing a single account which makes end users life much easier at the time to login to their HR cloud-based app etc. ADFS also facilitates Azure AD Connect deployment for Office 365 and Azure deployments and integration.
ADFS 2019 had so many great features to facilitate and improve our deployments for more details see What's new in Active Directory Federation Services for Windows Server 2019

ADFS Requirements

This will be the setup on my lab, this might vary depending on your environment and needs.
  1. One Application Server with Windows Server 2016
  2. One SSL Certificate CRS or AD Request Template
  3. Federation Services DNS name
  4. Service Account or Group Managed Service Account (gMSA)
  5. Domain Admin Permissions
More info at Microsoft Docs : AD FS Requirements

Installing Active Directory Federation Services (ADFS) Role on Windows Server 2019

To install utilizing PowerShell (Preferred/Easier method)

  • Open PowerShell as administrator and run the following command:
Install-windowsfeature adfs-federation –IncludeManagementTools

Installing via the Server Manager interface

  • Open Server Manager console, then navigate to Manage and select Add Roles and Features:

  • On the Before You Begin page, click Next.
  • On the Installation Type page, Select Role-Based and Next.
  • On the Server Selection page, Select ADFS Primary Farm Server and Next.
  • On the Server Roles page, Select Active Directory Federation Services Role and Next.

  • On the Features page, Next.
  • On the ADFS overview page, Next.
  • On the Confirmation page, click Install.
  • On the Results page Review and Close.

Configuring the ADFS Primary Farm Server Role

  • Open the Server Manager, navigate to the Flag Icon click and Select Post-Deployment Configuration for ADFS.

  • On the Welcome page of the Configuration, wizard select Create the first federation server in a federation server farm and click Next.

  • On the Connect to AD DS page, specify a Domain Admin account and Next.

  • On the Specify Service properties page, Import/Select Certificate, Select Federation Service Name and Specify Federation Service Display Name then Next.

Note: In my case, I will import a CSR cert which will prompt for the password. For more details see Microsoft, How to enroll an SSL Certificate for ADFS

  • On the Specify Service Account page, you can either Create a Group Managed Service Account (gMSA) or Specify an existing Service or gMSA Account.
Important: KDS Root Key needs to be set at this step or previous in order to enable AD to operate with gMSA's. One key benefit of gMSA's is auto-negotiated password update feature.

  • In order to enable set the KDS Root Key, proceed to login to one of your Domain Controllers and run the below PowerShell Command: Add-KdsRootKey –EffectiveTime (Get-Date).AddHours(-10)

  • After the command is successfully run go back to your ADFS Server and go to the previous page and then Next.
  • Select Create a Group Managed Service Account, enter the preferred name then Next.

  • On the Specify Database page, select Create a Database on this server Using WID and Next.

Note: you could also specify a SQL Server, make sure you have a sysadmin or a least dbcreator permissions. For more details see Microsoft https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/configure-a-federation-server.

If using a gMSA then you will need to pre-create gMSA Account via PowerShell unitizing the following script:
#User at your own risk :)
#Define gMSA account name.
$gMSA_Account = 'ADFS_gMSA_Farm'
#gMSA DNS Name.
$gMSA_FQDN = 'adfs.systemitpro.com'
#gMSA Servers Group Name (Optional, you could pre-stage servers that will need to retrieve the passwords such as SQL)
$gMSA_ServersGroupName = 'gMSA_ADFS_Farm_Group'
#Create new gMSA Account
New-ADServiceAccount -Name $gMSA_Account -DNSHostName $gMSA_FQDN -PrincipalsAllowedToRetrieveManagedPassword $gMSA_ADFSServersGroup
  • On the Review Options page, Review and Next.
  • On the Pre-requisite Checks page, review and click Configure.

  • On the Results page, review any warnings and close.

Verify ADFS Services

  • Open the Event Viewer and navigate to the ADFS View and search for the Event ID 100.

References

ADFS Deployment https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/ad-fs-deployment



I hope you've found this article helpful, have a nice day and thank you for reading. :)

How to configure SCOM HTML Notification Alerts from Orchestrator 2012/16 Step by Step

No comments
How to configure SCOM HTML Notification Alerts from Orchestrator 2012/16 Step by Step
clip_image001
This post is another great option that could be quite effective when you are notifying your engineers/application owners. This type of email formatting will allow them to easily read and take appropriate actions to correct the reported issues instead of trying to translate a very complicated and non organized text.

Before you start

  • Make sure you have the SCOM Orchestrator integration pack installed and configured.
  • Make sure your credentials and Orchestrator have access to your SCOM environment.
clip_image002
clip_image003

Creating the Runbook

On Orchestrator Runbook Designer Console, create a new Runbook and add the following activities;
  • Monitoring Alerts
  • Email Activity
clip_image004
On the SCOM Alert Monitoring Activity, add Title, SCOM connection, the trigger for New alerts and your needed filters.
Note: If you are looking for a closed alert email then you will need to select the Updated alerts trigger and status closed.
clip_image005
On the Send Email Activity, set the Title and Message Format to HTML.
clip_image006
On the Details Page Subject section, set your Subject details and subscribe to your monitoring data so you can dynamically display the alert name/instance.
clip_image007
On the Details Page Recipients section, set the email accounts that will be receiving this notification.
clip_image008
On the Details Page Message section, copy and paste the HTML formatted code you’re your published data IDs.
clip_image009
While working with your message you can also expand to have a better view of the HTML code.
clip_image010
Review your code and test with Notepad++ or Visual Studio then proceed to configure your SMTP/email channel.
clip_image011
On the published data you can add the needed fields to the message section select them all, copy and paste them into a notepad to get the actual ID which its way easier to add into your HTML code.
clip_image012
clip_image013
On the Connect page, set your Email address and SMTP connection.
clip_image014
Close all the activities and Check in the Runbook.
clip_image015

Click here to Download the actual HTML code and image. 


Here’s the email design that you will be sending out, feel free to customize and comment with your updates Smile
clip_image016
Hope this post was helpful and makes your IT life a bit easier Smile






















































Integrating Windows Admin Center (formerly Project Honolulu) with SquaredUp and SCOM 2016

No comments

Integrating Windows Admin Center (formerly Project Honolulu) with SquaredUp and SCOM 2016

clip_image001
Hello, I'm glad I was part of the insiders program with MS and SquaredUp and worked on this fantastic project. I have worked with SCOM for many many years and this is a phenomenal advancement on monitoring and server management. The usage of this extension its quite powerful as you can manage, troubleshoot any system from your browser. This integration enables you to Map every app (VADA/ServiceMap) and discover any dependencies and make sure your IT world is monitored and understood from any level (hardware all the way down to applications).

Before you start

  • Make sure of the following items;
    • Admin Center installer
    • Shared folder from the SCOM server or any other file server
    • SquaredUP extension pack

Installing the new Windows Admin Center

clip_image002
clip_image003
clip_image004
clip_image005
Windows Admin Center installed.

Installing the SquaredUp Extension

Go to the extensions menu and configure the package URL from the Extension Manager workspace.
clip_image006
Once URL its configured install the SquaredUp extension and that will do it.
clip_image007

Utilizing the extension

clip_image008
Configure your SCOM/SquaredUp site URL.
Cluster view
clip_image009
Server View
clip_image010
Integration and current server details.
clip_image011
clip_image012
Service Map on the fly with VADA so you can discover what's interconnected with this system and what other applications could be affected.
clip_image013
That's it you have now deployed Admin Center and integrated with SquaredUp.
Please feel free to install your free copy and also getting the extension from the SquaredUp Team.