다음을 통해 공유


Enabling the Act as Proxy setting for Operations Manager Agents using the Service Manager Self-Service Portal

This post is the 9th in a series of posts focused on making common administrative tasks in System Center and Azure available via the Service Manager Self-Service Portal. The Configuration Manager and Operations Manager Connectors pull a lot of information into Service Manager but not everything necessary to manage clients, agents, and other settings. This solution allows for the managing of Operations Manager agents "act as proxy" setting.

Series

Using the Service Manager Self-Service Portal for Common Tasks in Configuration Manager, Operations Manager, and Azure

Prerequisites

The scenarios were designed using the following

  • System Center Service Manager 2012 R2
    • Self-Service Portal configured and working
    • Active Directory Connector configured and working
    • Configuration Manager Connector configured and working
    • Orchestrator Connector configured and working
  • System Center Configuration Manager 2012 R2
    • Discovery configured and working
  • System Center Orchestrator 2012 R2
    • SC 2012 Configuration Manager Integration Pack configured and working
    • SC 2012 Service Manager Integration Pack configured and working
    • Configuration Manager Console installed on runbook servers (open the console, make sure you can connect to your site server)
    • Operations Manager Console installed on runbook servers
    • Service Manager Console installed on runbook servers
    • Runbook servers configured to allow PowerShell scripts to run
  • Previous Blogs
    • Sync Configuration Manager Client and Operations Manager Agent State in Service Manager

Create a service account or use the one created in the previous blog post

  1. Give the account admin rights to Service Manager
  2. Give the account admin rights to Configuration Manager
  3. Give the account admin rights to Operations Manager

Create a share to store scripts and logs or use the one created in the previous blog post

  1. Create a share that the service account you created and authenticated users will have access to on the Runbook Servers that will be used for this scenario.
  2. In the share, create a folder called "Automation" and give the service account access to it.
  3. Copy EnableOMProxy.ps1 into the Automation Folder
  4. In the share, create a sub-folder called "Logs" in the Automation Folder and give the applicable administrators access to it. Orchestrator will write logs to this folder and admins can use these logs for troubleshooting.
  5. In the Logs folder, create a sub-folder called "SRLogs" and give authenticated users access to it. Users of the Service Manager Portal will use these to see the status of the Collection Sync task so they will need rights to this folder.
 param
(
  [Parameter(Mandatory=$true)]
  $OMManagementServer,
  [Parameter(Mandatory=$true)]
  $Agents,
  [Parameter(Mandatory=$true)]
  $VerboseLogging,
  [Parameter(Mandatory=$true)]
  $ServiceRequest
)

#Functions
function LogIt
{
  param (
  [Parameter(Mandatory=$true)]
  $message,
  [Parameter(Mandatory=$true)]
  $component,
  [Parameter(Mandatory=$true)]
  $type )

  switch ($type)
  {
    1 { $type = "Info" }
    2 { $type = "Warning" }
    3 { $type = "Error" }
    4 { $type = "Verbose" }
  }

  if (($type -eq "Verbose") -and ($Global:Verbose))
  {
    $toLog = "{0} `$$<{1}><{2} {3}><thread={4}>" -f ($type + ":" + $message), ($Global:ScriptName + ":" + $component), (Get-Date -Format "MM-dd-yyyy"), (Get-Date -Format "HH:mm:ss.ffffff"), $pid
    $toLog | Out-File -Append -Encoding UTF8 -FilePath $Global:LogFile
    $Global:LogBuffer = $Global:LogBuffer + $toLog + "`r`n"
    Write-Host $message
  }
  elseif ($type -ne "Verbose")
  {
    $toLog = "{0} `$$<{1}><{2} {3}><thread={4}>" -f ($type + ":" + $message), ($Global:ScriptName + ":" + $component), (Get-Date -Format "MM-dd-yyyy"), (Get-Date -Format "HH:mm:ss.ffffff"), $pid
    $toLog | Out-File -Append -Encoding UTF8 -FilePath $Global:LogFile
    $Global:LogBuffer = $Global:LogBuffer + $toLog + "`r`n"
    Write-Host $message
  }
  if (($type -eq 'Warning') -and ($Global:ScriptStatus -ne 'Error')) { $Global:ScriptStatus = $type }
  if ($type -eq 'Error') { $Global:ScriptStatus = $type }
}

function CreateServiceRequestLog
{
  param($serviceRequest, $srLogPath)

  LogIt -message ("Full Log File Path:" + $Global:LogFile) -component "Main()" -type 1
  if ($serviceRequest)
  {
    $srLog = Join-Path $srLogPath ("Logs\SRLogs\" + $serviceRequest + ".log")
    LogIt -message ("Service Request Log File Path:" + $srLog) -component "Main()" -type 1
    $Global:LogBuffer | Out-File -Append -Encoding UTF8 -FilePath $srLog
  }
}

function GetScriptDirectory
{
  $invocation = (Get-Variable MyInvocation -Scope 1).Value
  Split-Path $invocation.MyCommand.Path
}

function GetOMManagementGroupConnection
{
 param ($computerName)
  Import-Module OperationsManager
  try { $OM = New-SCManagementGroupConnection -computerName $computerName -ErrorAction Stop }
  catch
  {
    LogIt -message ("Cannot connect to OM management group: " + $computerName + " Error: " + $_.Exception.Message) -component "GetOMManagementGroupConnection()" -type 3
    exit
  }
  LogIt -message ("Connected to OM management group: " + $computerName) -component "GetOMManagementGroupConnection()" -type 1
  return $OM
}

#Main
$Version = "1.0"
[bool]$Global:Verbose = [System.Convert]::ToBoolean($VerboseLogging) 
$Global:LogFile = Join-Path (GetScriptDirectory) 'Logs\ManageOMAgents.log'
$Global:ScriptName = 'ManageOMAgents.ps1'
$Global:LogBuffer = ''
$Global:ScriptStatus = 'Success'
LogIt -message ("Enable Operations Manager Agent Proxy Script v{0}" -f $Version) -type 1 -component "Main()"

#Connect to OM
$OM = GetOMManagementGroupConnection -computerName $OMManagementServer
$MS = Get-SCOMManagementServer -Name $OMManagementServer

$Agents = $Agents.Split(",")
foreach ($Agent in $Agents) 
{
  LogIt -message ("Enabling Agent Proxy on {0}" -f $Agent) -type 1 -component "Main()"
  Get-SCOMAgent -DNSHostName ($Agent + "*") | Enable-SCOMAgentProxy
}

#Log Result
$Ret = $Global:ScriptStatus
LogIt -message ("Script Complete, Result: {0}" -f $Ret) -component "Main()" -type 1

#Create SR Log if needed
CreateServiceRequestLog -serviceRequest $ServiceRequest -srLogPath (GetScriptDirectory)

Create the Enable Agent Proxy Runbook

This Runbook will enable proxy for agents in Operations Manager, trigger the Windows Computer Extended Runbook created previously, and finally update the Description in the Service Request with the result of the Windows Computer Extended Runbook.

  • Open the Orchestrator Runbook Designer
  • Create a new runbook
  • Drag the "Runbook Control\Initialize Data" activity into the new runbook
  • Rename it to "Get Runbook GUID"
  • Create a new string parameter under "Details" called RunbookID, and click "Finish"
  • Drag the "SC 2012 Service Manager\Get Object" activity into the new runbook
  • Rename it to "Get Runbook Object"
  • Link "Get Runbook GUID" to "Get Runbook Object"
  • Fill out the following properties under "Details"
    • Connection: <Your Service Manager Connection>
    • Class: Runbook Automation Activity
    • Filters: SC Object Guid Equals {RunbookID from "Get Runbook GUID"

clip_image001

  • Click "Finish"
  • Drag the "SC 2012 Service Manager\Get Relationship" activity into the new runbook
  • Rename it to "Get SR GUID"
  • Link "Get Runbook Object" to "Get SR GUID"
  • Fill out the following properties under "Details"
    • Connection: <Your Service Manager Connection>
    • Object Class: Runbook Automation Activity
    • Object Guid: {SC Object Guid from "Get Runbook Object"}
    • Related Class: Service Request

clip_image002

  • Click "Finish"
  • Drag the "SC 2012 Service Manager\Get Object" activity into the new runbook
  • Rename it to "Get Service Request"
  • Link "Get SR GUID" to "Get Service Request"
  • Fill out the following properties under "Details"
    • Connection: <Your Service Manager Connection>
    • Class: Service Request
    • Filters: SC Object GUID Equals {Related Object Guid from "Get SR GUID"}

clip_image003

  • Click "Finish"
  • Drag the "Utilities\Query XML" activity into the new runbook
  • Rename it to "Get Action"
  • Link "Get Service Request" to "Get Action"
  • Fill out the following properties under "Details"
    • XML Text: {User Input from "Get Service Request"}
    • Xpath Query: /UserInputs/UserInput[@Question='Action']/@Answer

clip_image004

  • Click "Finish"
  • Drag the "Utilities\Query XML" activity into the new runbook
  • Rename it to "Get Devices"
  • Link "Get Action" to "Get Devices"
  • Fill out the following properties under "Details"
    • XML Text: {User Input from "Get Service Request"}
    • Xpath Query: /UserInputs/UserInput[@Question='Devices']/@Answer

clip_image005

  • Click "Finish"
  • Drag the "Utilities\Query XML" activity into the new runbook
  • Rename it to "Get Device Display Names"
  • Link "Get Devices" to "Get Device Display Names"
  • Fill out the following properties under "Details"
    • XML Text: {Query result from "Get Devices"}
    • Xpath Query: //@DisplayName

clip_image006

  • Under "Run Behavior" select "Flatten" and use a comma as the separator
  • Click "Finish"
  • Drag the "System\Run Program" activity into the new runbook
  • Rename it to "Enable Agent Proxy"
  • Link "Get Device Display Names" to "Enable Agent Proxy"
  • Under "Details" fill in the following properties:
    • Program path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    • Parameters: -File c:\portal\automation\enableomproxy.ps1 -OMManagementServer 'scom2012r2.contoso.com' -Agents "{Query result from "Get Device Display Names"}" -VerboseLogging false -ServiceRequest {ID from "Get Service Request"}
    • Working folder: c:\portal\automation

clip_image007

  • Under "Security" enter the credentials for the service account
  • Drag the "Runbook Control\Invoke Runbook" activity into the new runbook
  • Rename it to "Sync CI's in SM"
  • Link "Enable Agent Proxy" with "Sync CI's in SM"
  • Under "Details" choose the Windows Computer Extended runbook created in the previous blog and ensure that "Wait for completion" is checked
  • Configure the ServiceRequest parameter: {ID from "Get Service Request"}
  • Click "Finish"
  • Drag the "Text File Management\Find Text" activity into the new runbook
  • Rename it to "Get Script Result"
  • Link "Sync CI's in SM" to "Get Script Result"
  • Fill out the following properties under "Details"
    • File: <local sharepath>\Automation\Logs\SRLogs\{ID from "Get Service Request"}.log
    • File encoding: Auto
    • Search text: Info:Script Complete, Result:

clip_image008

  • Click "Finish"
  • Drag the "SC 2012 Service Manager\Update Object" activity into the new runbook
  • Rename it to "Update Description of Service Request"
  • Fill out the following properties under "Details"
    • Connection: <Your Service Manager Connection>
    • Class: Service Request
    • Object Guid: {SC Object Guid from "Get Service Request"}
    • Fields: Description {Original line from "Get Script Result"} CMTrace Log File: {File path from "Get Script Result"}

clip_image009

  • Click "Finish" and link "Get Script Result" to "Update Description of Service Request"
  • Check in the Runbook, it should look similar to this:

clip_image010

Create the Runbook Automation Activity Template for the Enable Agent Proxy Runbook

The Runbook Automation Activity Template will be link the Runbook we just created to a Service Request that we will be created later.

  1. Open the Service Manager Console
  2. Go to Administration\Connectors and Synchronize your Orchestrator Runbook Connector
  3. Go to Library\Templates and click "Create Template"
    • Name: Enable Agent Proxy RAA Template
    • Description: Enable OM Agent Proxy RAA Template
    • Class: Runbook Automation Activity
    • Management Pack: DataCenter Automation: Operations Manager Agents UI
    • Click OK, the Runbook Activity Form should appear. Check "Is Ready For Automation"
      • Title: Enable Agent Proxy RA
      • Description: Enable OM Agent Proxy RA
      • Click the "Runbook" Tab
      • Click "Select" and choose the Runbook created earlier
      • Click "Edit Mapping" and choose "Object\Id"
      • Click "OK"

Create the Service Request Template for the Manage Agents Runbook

The Service Request Template is needed to create a Request Offering using the Runbook Activity Template created previously

  1. Open the Service Manager Console
  2. Go to Library\Templates and click "Create Template"
    • Name: Enable Agent Proxy SR Template
    • Description: Enable OM Agent Proxy SR Template
    • Class: Service Request
    • Management Pack: DataCenter Automation: Operations Manager Agents UI
    • Click OK, the Service Request Form should appear.
      • Title: Enable Agent Proxy SR
      • Description: Enable OM Agent Proxy SR
      • Click the "Activities" Tab
      • Click the Plus sign and select the Runbook Activity Template created earlier
      • Click OK when the form is launched

Create Request Offering for Manage Agents

The Enable Agent Proxy request offering will be used to configure the user interface displayed via the self-service portal

  1. Open the Service Manager Console

  2. Go to Library\Service Catalog\Request Offerings and Click "Create Request Offering"

    • Title: Enable Agent Proxy
    • Description: Enable OM Agent Proxy
    • Template name: Enable Agent Proxy SR Template
    • Management Pack: DataCenter Automation: Operations Manager Agents UI
  3. User Prompts

    • Devices | Required | Query Results
  4. Configure Prompts

    • Select Devices

      • Select Class: Windows Computer
      • Display Columns: DisplayName, PrincipalName, OMAgent, OMProxyEnabled
      • Options: Check Allow the user to select multiple objects and Add user-select objects to template object as related items (Enable Agent Proxy SR - (Service Request))
    • Publish: Published

Add Request to Existing Service Offering for Agent Management

The Agent Management service offering will be used to display the Operations Manager agent related requests via the self-service portal

  1. Open the Service Manager Console
  2. Go to Library\Service Catalog\Service Offerings and open the Agent Management Offering
  3. Under Request Offering, add the Enable Agent Proxy offering

Request Form

clip_image011

CMTrace Log

clip_image012

Summary

This solution allows administrators to enable “Act as Proxy” on Operations Manager agents which is a common task required for certain types of monitoring. When done via the portal it also forces on-demand synchronization so that the setting replicates from Operations Manager to Service Manager.

Continue to 10th post in this series: Managing Operations Manager Agent Maintenance Mode using the Service Manager Self-Service Portal

EnableOMProxy.zip