Steve's OM Blog

I thought the database problems were behind us with MOM 2005. Alas, I am wrong.

Currently our DW DB is 13Gb with no signs of it stabilizing.

All last week the opsmgr DB has been growing. It appears that for some reason the grooming job could not run at midnight.

Some Symptoms
1. The RMS was red with many db related errors.
2. Many Objects were grey.
3. At a bit after midnight the OpsMgr db went into recovery mode
4. An event saying the Grooming had failed.

stored proc p_partitioningandgrooming was failing when it ran p_AlertGrooming

In short... There was not enough disk space (and therefore log space) to run the grooming job.

The solution I came up with..

p_AlertGrooming needs a huge temporary table containing all alerts that are to be deleted and the log file needed about 5Gb to hold it.

I increased the DaysToKeep setting for alerts then re-ran the cleanup.

By steadily decreasing the value by one day at a time and rerunning the job I was able to reduce the db size.

Last Friday the job went normally.

----------------------------
UPDATE dbo.PartitionAndGroomingSettings
SET DaysToKeep = 30
WHERE (ObjectName = 'Alert')
BACKUP LOG OperationsManager WITH TRUNCATE_ONLY
EXEC p_AlertGrooming
----------------------------

I started at a value of 30 and then reduced it back down to the original value 7.

Keywords:-
OpsMgr, SCOM, 2007, Database, Logfile, Growth, Uncontrolled.

Requesting and installing a certificate so that the RMS can monitor machines that are not in the Domain or even an truseted domain.

------------Tasks to complete-----------
Request a 3rd Party Certificate with the name in “full computer name”
Use CertReq.exe to generate the request file
On the 3rd Party web interface select a “Web Server Certificate”
Enter the magic codes and the paste in the CSR
Copy and paste the new certificate
Import into the personal certificate store
Import corresponding root and user certificates into the trusted certificate store
Adjust the Enhanced key uses
Run the MOMcertimport tool
Install agent
Approve the manually installed agent in OpsMgr

-------Details--------------------
Log on to the server and find the full computer name
Use this name to request the 3rd Party certificate

Use Certreq.exe with an inf file
CertReq -New -f RequestConfig.inf BinaryRequest.req

-------RequestConfig.inf----------
[NewRequest]
Subject="CN=12345678"
Exportable=TRUE
KeyLength=1024
KeySpec=1
KeyUsage=0xf0
MachineKeySet=TRUE

[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1
OID=1.3.6.1.5.5.7.3.2
-----------------------------------

Generate the Certificate with 3rd Party tool

Copy and paste the certificate into a *.cer file and import into the personal certificate store.

certreq -accept NewCertificate.cer

This seems to work better than importing via the MMC plugin. Other ways make the cert un-exportable

Do the same with the root and user certificates.

Run the most recent version of the MOMCertimport tool. This will import the Certificate’s serial number and restart opsmgr health service.
You should be able to manually select the correct certificate.

Install Agent. Make sure you install the correct version for the processor type

Go to the administration part of the opsmgr console and approve the agent.

------------Problems----------------

1. Certificate not exportable. This is something to do with the original *.inf file or when the certificate was finally imported.
2. Wrong type of certificate. Try adjusting the Enhanced Key Uses.
3. When you re-start the opsmgr agent service you will get an event with id 21021 “No certificate could be loaded or created”. Look at the event just before this one.
4. Confirm HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings\ChannelCertificateSerialNumber is the same as the certificate’s serial number only backwards.
5. Confirm you can communicate over port 5723 to the opsmgr server. (try telnet rms 5723)
6. Look for the event 20053 as this tells you that the cert has been successfully loaded by the agent.

Keywords:-
3rdParty, 3rd-Party, SCOM, 2007, OpsMgr, Operations, Manager, Workgroup, DMZ, Un-trusted