Automatically Placing Servers in Maintenance Mode with SCOM during SCCM patching Reboot




In this post, I will walk you through automatically placing Servers in Maintenance Mode  during SCCM patching Reboot with a SCOM rule 

I have done this with a  SCOM rule, SCOM subscription, and Orchestrator runbook. in here ,I will only discuss the  SCOM rule. I will share the other methods in future postings.

1- Create a SCOM Alert based "Detects SCCM Reboot "in "Custom- Windows Server Monitoring " Management Pack

 Authoring | Rules| New Rule

Under Alert generating Rules Slect "NT Event Log" 




Name the rule 
For Target Select "Windows Computer "

Next Select System for Log Name


For Parameter See below

This is based on 
Event ID 1074
The process C:\Windows\CCM\CcmExec.exe (SERVERNAME) has initiated the restart of computer SERVERNAME on behalf of 
user NT AUTHORITY\SYSTEM



2- Now Tie an action script to run acommad that will place Server in Maintenance mode for X minutes.
Go to Authoring | Rules| and search for your new Rule
Open the new Rule 
Under Responses Add | Run Command

Place in Maintenance Mode



"D:\Scripts\Operations\MM_Mode.ps1" Start-serverScommaintenance -servername $Target/Property[Type="MicrosoftWindowsLibrary7585010!Microsoft.Windows.Computer"]/NetbiosComputerName$ -message "SCCM Patching/Reboot" -maintmodeinMinutes '30'


3- Create the MM_Mode.ps1 
-------------------------Below is the syntax for MM_Mode.ps1------------------------------

Param (
[string] $servername , 
       [string]$message, 
       [int]$maintModeinMinutes
       ) 
  Import-Module OperationsManager


    $funcName = 'func - Start-ServerScommaintenance:' 
    if(get-command -Name 'Get-SCOMClassInstance') 
    { 
        $server = (Get-SCOMClassInstance -DisplayName "$servername*") | select -first 1 | select -ExpandProperty Displayname 
        $scommanagementServers = (Get-SCOMManagementServer).displayName 
        if($scommanagementServers -ccontains $server) 
        { 
            Write-Warning "$funcname contains a Management Server $server.. You cannot put a management server in Maintenance Mode!!!" 
        } 
        else 
        { 
            $time = ((get-date).AddMinutes($maintModeinMinutes)) 
            $serverClassIds = Get-SCOMClassInstance -DisplayName $server 
            foreach($classid in $serverClassIds) 
            { 
                $server1 = Get-SCOMClassInstance -id ($classid.id) | Where-Object{$_.DisplayName -match $server} 
                write-host "$funcName putting " ($server1.id) ' in maintenance Mode Servername -->' ($Server1.DisplayName) 
                if(!(Get-SCOMMaintenanceMode -Instance $classid)) 
                { 
                    Start-SCOMMaintenanceMode -Instance $server1 -EndTime $time -reason PlannedOther -Comment $message 
                } 
                else 
                { Write-host "$funcname " $classid.id " has already been placed in Maintenance Mode"} 
            } 
        } 
    } 
    else 
    { Write-host "$funcname doesn't have the Operationsmanager module imported for this session"} 




  $File ="D:\Scripts\Operational\Live\MM_Mode\mm.txt"
#$File ="D:\Scripts\Operational\Live\SvcMgr_Ticketing\Logs\HPSM_Open_IM.txt"

"Alert Source"   | Out-File $File  -Append
$servername | Out-File $File  -Append
Get-Date | Out-File $File  -Append 

--------------------------------------------------End of Script------------------------------------------------------------

 Keep in mind that you can accompliush this with a  SCOM rule, SCOM subscription/channel, and Orchestrator runbook




Comments

  1. OdgeUKOctober 4, 2018 at 3:26 AM

    This looks like it executes the script from the Agent? Why not put the script in the Rule, so it's executed by the Management Server?

    ReplyDelete

Post a Comment

Popular posts from this blog

SCORCH 2016 Migration issue: an error occurred saving the activity to the data store Please check the orchestrator management service trace logs

Issue  After migrating to System Center Orchestrator 2016,  you encounter this error: An error occurred saving the activity to the data store Please check the orchestrator management service trace logs  The Management Service log (C:\ProgramData\Microsoft System Center 2012\Orchestrator\ManagementService.exe\Logs) contains only thes line for every attempt 2015-10-15 12:45:02 [3752] 1 COpalisManager::ModifyObject::CheckAccess (HRESULT=0x80070005) 2015-10-15 13:16:09 [3176] 1 COpalisManager::ModifyObject::CheckAccess (HRESULT=0x80070005) 2015-10-15 13:17:21 [3176] 1 COpalisManager::ModifyObject::CheckAccess (HRESULT=0x80070005) Cause This happens because the Runbook has an Email activity with attachment. This is a known bug with System Center Orchestrator 2016. Workaround If you only have few runbooks with  Email activity with attachment .you can perfrom these 2 workarounds: 1)  You need to remove the attachements and re-add in order to ch...
Read more

Useful Orchestrator T-SQL Queries

In this article, I will share some useful T-SQL queries for Orchestrator 2012. --List all active Runbooks in your environment SELECT       [Name]       FROM [Orchestrator].[dbo].[POLICIES]   where [Deleted] = '0' --Find Runbook/Parameter GUIDs for Web Service call Select lower(POLICIES.UniqueID) as RunbookID, lower(CUSTOM_START_PARAMETERS.UniqueID) as ParameterID, CUSTOM_START_PARAMETERS.value From POLICIES INNER JOIN OBJECTS  on POLICIES.UniqueID = OBJECTS.ParentID LEFT OUTER JOIN CUSTOM_START_PARAMETERS on OBJECTS.UniqueID = CUSTOM_START_PARAMETERS.ParentID Where POLICIES.Name = 'CloseIncident' and policies.deleted = 0 --List  Runbooks are currently running SELECT J.[RunbookId], P.[Name], A.[Computer] FROM [Orchestrator].[Microsoft.SystemCenter.Orchestrator.Runtime.Internal].[Jobs] J INNER JOIN [dbo].POLICIES P ON J.RunbookId = P.UniqueID INNER JOIN [dbo].[ACTIONSERVERS] A ON J.RunbookServerId = A.UniqueID WHER...
Read more

Error in Orchestrator Web console and Web Service after moving Database

Image
I encountered these errors with Orchestrator Web console and Web Service Web console Errors: 1) Error executing the current operation [Arg_SecurityException] [ httpWebRequest_WebException_RemoteServer] Arguments: NotFound Debugging resource strings are unavailable. Often the key and arguments provide sufficient information to diagnose the problem 2) Error executing the current operation. Web Service Error: Orchestrator server encountered an error processing the request. The exception message is 'Keyword not supported: 'server'.'. See server logs for more details This happened after moving the database server. However, I have used the same process to fix issues with Web Console after a new installation. I updated the Data Store Configuration and the connection string in IIS Manager. This was recommended by this post: https://social.technet.microsoft.com/Forums/en-US/c3afc430-5811-4c8c-a797-79c98459d792/console-fails-to-open-error-executi...
Read more