OpsMgr 2016 – QuickStart Deployment Guide


<!--[if lt IE 9]>

<![endif]-->


Comments (36)
  1. Thanks for sharing this !

  2. Gordon says:

    Trying to install second management server I am getting the following error:
    (SQL is on AlwaysOn 2014)

    SCOM\Setup\AMD64\Server\OMServer.msi returned error 1603
    :ProcessInstalls: Install Item Management Server failed to install. We did not launch the post process delegate.

  3. Steve says:

    Does the 2016 operations console support connecting to a 2012 R2 UR11 management group?

  4. Kevin Holman says:

    I don’t know if Microsoft officially “supports” that – but it certainly works.

  5. Leonardo says:

    Hi Kevin,

    What account must have the privileges for to install agents, the Action Account?

    Regards

    1. Kevin Holman says:

      I do not recommend making the action account have rights on all your agents.

      Generally speaking – you type in YOUR credential that has rights to the agent managed machines that you want to deploy agents to. The only reason to grant this to the management server action account, would be if you DON’T have rights – and you restrict individuals, but grant rights to shared service accounts (which from a security and audit perspective is archaic)

  6. Jay Prakesh says:

    Can we install Ops DB & DWH & Reporting on same SQL 2014 server with Always ON all under same named instance or there are any challenges?

    1. Kevin Holman says:

      @Jay –

      OpsDB and DWDB, and reporting *DB’s* are all fine in the same AlwaysOn availability group (assuming you fit the scale model per the sizer to be 500 agents or less)

      Any more than 500 agents, we recommend dedicated servers and instances for each database (OpsDB and DW).

      As to where to install the SRS instance, I recommend that to be on a dedicated server and not part of the always on SQL DB engine servers, because it is not redundant…. it is a stand alone web instance of SSRS.

      1. Rob B-W says:

        Hi Kevin,

        Do you have any advice you can give as to what SQL Licenses are covered under Microsoft statement that “SQL Server runtime” Licenses are included? I’ve read all available documentation, and the only detailed statement I’ve read is that “SQL Server Standard” runtime is eligible. I’ve not read anything about the number of licenses covered (i.e. are multiple instances on different servers, but all SCOM related, supported?) nor do MS state whether license mobility rights are included if deploying to a host-floating VM? I’ve attempted to get this information indirectly from MS in the past, but information has not been forthcoming.

        Ideally, I’d like to form a 2 host SQL cluster for the DB and DW and a separate host for the Reporting instance as per our existing model. Now that SQL standard edition supports clustering this could save some serious cash if its all included under the SQL runtime entitlement.

        Regards,

        1. Kevin Holman says:

          I am not a licensing expert – so always check with your Microsoft rep/TAM. However, historically speaking – SQL Standard Edition licensing is included in your System Center licensing. This means as long as you ONLY use SQL standard, for System Center deployments, and that SQL instance will ONLY support system center databases (and DB’s that support SC deployments such as the reportserver DB’s, then this is included. This means you could have a two node failover cluster housing a single instance, or two instances of SQL standard edition, and as long as you only use it for System Center product back ends, that would be included in your system center licensing.

          Additionally, there is no limit to the number of SQL database instances or SQL reporting instances to support system center. If you deployed one cluster for SCOM, and one for SCCM, one for SCSM, one for SCDPM, and one for SCORCH, etc…. Again – the limitation is they must be Standard edition of SQL, and ONLY support System Center deployments.

  7. Sergio M says:

    Hi Kevin, thanks for the guide.

    Does SCOM 2016 run any AD scripts during installation? I’m planning for a temporary test environment and I don’t want to make any permanent changes to the AD.

    1. Kevin Holman says:

      SCOM does not make any changes to AD, and the user account installing SCOM should not need any rights to the domain. Only the local administrator and SQL rights as defined by the deployment guide.

  8. Dominique says:

    Hello Kevin,

    Thank you for this excellent post as usual you are terrific!!!

    The installation on new server is working fine but for an upgrade it seems there are hurdles …

    I am trying to upgrade SQL 2012 to SQL 2016 (Both enterprise Edition) and I am getting two errors during the setup:

    SQL Enterprise to SQL Standard Failed
    Rule “No Custonm Security Extensions”
    The Report Server has some custom security extensions configured
    Rule “No Custom Authentication Extensions” failed
    The Report Server has some custom authentication extensions configured

    The only steps I found so far are:

    http://thoughtsonopsmgr.blogspot.in/2013/01/om12-sp1-upgrading-sql-server-2008-sp1.html

    This seems heavy for an upgrade!!! and also risky…

    Any other idea?

    Thanks,

    Dom

  9. Birdal says:

    Hi Kevin,
    thank you for your very good article!
    I have some questions about planning of SCOM server roles.
    We will deploy SCOM 2016 and have 5 server in the 1.Active Directory domain, and 2 servers in 2.Active Direcrory domain. All server OS (Windows Server 2012 R2) are deployed on the VMWARE virtual machines.

    We planned following server roles and want to know your opinion / feedback about these role distribution:

    In the 1.Active Directory domain

    ————————————–

    Server1: Management Server, Operations Console

    Server 2: Management Server, Operations Console, Web Console

    Server3: Management Server, Operations Console, Web Console, SQL Server Reporting Services & DB

    Server4: SQL Server Operations Manager Instance & DB

    Server5: SQL Server Datawarehouse Instance & DB

    In the 2.Active Directory domain (untrusted)

    —————————————

    Server6: Gateway Server, Operations Console, Web Console

    Server7: Gateway Server, Operations Console, Web Console

    We want to deploy two Gateway Servers in the 2.Active Directory domain because of availability. Is it perhaps better, these both server (Server6 and Server7) also deploying as Management Server in this untrusted domain?

    Can I deploy all Web Console in the 1.Active Directory domain with only one FQDN (load balancing? availability?), and in the 2.Active directory domain with another one FQDN? Is there any references/documentation about Web Console deployment?

    I will be very glad to hear from you.
    Best Regards
    Birdal

    1. Kevin Holman says:

      @Birdal –

      I am afraid these conversations are far too complex to be handled over this forum. Please send me an email via the contact page with any questions like this.

      But basic holes I’d point out:

      1. We dont support management servers in untrusted domains. So that’s not an option. Management servers should be in the same domain and in the same datacenter, on the same network preferred.
      2. You should not install the Console or Web Console on your gateway servers.

      1. Birdal says:

        Hi Kevin,
        thank you for your feedback.
        Can you give me please the link for the “contact page”? I could not see this link in this page.
        Best Regards
        Birdal

  10. Amier says:

    Hi Kevin

    I am upgrading from SCOM 2012 Sp1 to SCOM 2016.
    and since there is no upgrade path from 2012 Sp1 to 2016.
    I want to go for Alongside Migration.
    I have new servers for SCOM 2016, I will install a new copy of SCOM 2016 on the new servers.
    but now the trick is how to move the current data from 2012 Sp1 on the old servers to 2016 on the new servers.
    I know I can’t backup the operations manager DB from 2012 Sp1 and restore it in 2016 because the DB structure is different.
    So is there is any Scenario I can use to move the Data From SCOM 2012 Sp1 to SCOM 2016 without a need for going to the upgrade operation ?

  11. philippe augras says:

    Hello Kevin,
    I’m planning a migration from SCOM 2012 SP1 to SCOM 2016 and I thought about side by side migration. Can I deploy SCOM 2016 agent to my SCOM 2012 SP1 monitored servers so that their SCOM 2012 SP1 agent is upgraded to SCOM 2016 and multihomed between the SCOM 2012 SP1 management group and the SCOM 2016 management group ?
    Regards,
    P.

    1. Kevin Holman says:

      We did not test nor support a SCOM 2016 agent reporting to a SCOM 2012 SP1 management group, that I am aware of. We did test and support a SCOM 2016 agent reporting to a SCOM 2012R2 management group. It will likely work just fine, however…. but you’d need to verify that.

  12. SCOM-PHL says:

    If I just have a dedicated SQL server and another server for the rest of the SCOM functions does it mean that I have to install the web console on the SQL server too based on the below? I also see an error in SCOM stating that the reporting console is unavailable, but I can browse to the directories. “The Reporting Console is unavailable. This was detected by pinging the reporting URL from the reporting server. By default, this monitor pings the reporting URL every 15 minutes”

    “Although SQL Server Reporting Services is installed on the stand-alone server, Operations Manager reports are not accessed on this server; instead, they are accessed in the Reporting work-space in the Operations console. If you want to access published reports through the web console, you must install the Operations Manager web console on the same computer as Operations Manager Reporting server.”

  13. Alfred Nims says:

    After upgrading from SCOM2012R2 to SCOM2016, how soon must I upgrade the agents? Will SCOM2016 still monitor 2012r2 agents?

    1. Kevin Holman says:

      When doing an *in-place* upgrade from SCOM 2012R2 to SCOM 2016, we support the SCOM 2012R2 agents communicating with a SCOM 2016 infrastructure ONLY for the purposes of upgrade. This was not intended for a long term support. We expect the agents to be updated in this scenario as soon as possible. We also call out some known issues of running SCOM 2012R2 agents with SCOM 2016 infrastructure, during this upgrade process: https://technet.microsoft.com/en-us/system-center-docs/om/deploy/how-to-upgrade-a-management-server-to-system-center-2016-operations-manager-upgrading-a-distributed-management-group

  14. Rob Czymoch says:

    This is a great little guide. However and perhaps I missed this you do not seem to go over the SPN registrations needed for action accounts? I found another article that you posted on your blog
    https://blogs.technet.microsoft.com/kevinholman/2011/08/08/opsmgr-2012-what-should-the-spns-look-like/

    This article helped clear up some issues I had with my deployment.
    I now have some event ID 7016’s on some of my agents installed on RODC’s in child domains, strangely its not happening on all of them. It has been mentioned that for cross domain boundaries I need to setspn for these runas accounts as well?

  15. Sergio M says:

    I just finished a new deployment and when I try to run some reports, I am getting the following error:

    System.InvalidOperationException: Some parameters or credentials have not been specified
    at Microsoft.Reporting.WinForms.ServerReport.GetDocumentMap(String rootLabel)
    at Microsoft.EnterpriseManagement.Mom.Internal.UI.Console.ReportForm.OnRenderingCompleteJob(Object sender, ConsoleJobEventArgs args)

    What is confusing me is that the first time I ran the report it worked fine, but after the second run it is now always giving this error.
    Any suggestions?

  16. Chris Cundy says:

    I am receiving this error during configuring the operational database part of setup:

    The installed version of SQL Server could not be verified or is not supported. Verify that the computer and the installed version of SQL Server meet the minimum requirements for installation, and that the firewall settings are correct. See the Supported Configurations document for further information.

    We are running SQL Server 2012 11.3.6020.0

    1. Kevin Holman says:

      What OS are the SQL servers on? When I hear this – it is usually Server 2012 RTM or earlier, which arent supported.

      1. Chris Cundy says:

        Hi Kevin,
        Our SQL Servers run off Windows Server 2012 R2.
        For the record I am performing a fresh install (which I’ve now read may not be supported if not doing an in-place upgrade).

  17. Hello Kevin,

    First of all thanks for the post!!

    I have followed your post and deployed SCOM 2016 with two MS server. And deployed 1 Gateway server in UN-trusted domain. Gateway approval is done successfully. Certificate import is also completed successfully.
    Still I am facing issues with Gateway Server communication with MS Server. (Port 5723 is open from Gateway Server to MS server and ICMP is open from MS to Gateway Server.)

    I see following critical logs in event log of Operations Manager.

    1.
    Log Name: Operations Manager
    Source: OpsMgr Connector
    Date: 4/25/2017 6:57:33 AM
    Event ID: 21023
    Task Category: None
    Level: Information
    Keywords: Classic
    User: N/A
    Computer: USWS1DMZSCOMG01.Prd.hrbl.dmz
    Description:
    OpsMgr has no configuration for management group xxx_xxx_xx and is requesting new configuration from the Configuration Service.
    Event Xml:

    21023
    4
    0
    0x80000000000000

    688
    Operations Manager
    USWS1DMZSCOMG01.Prd.hrbl.dmz

    HLF_WS_SCOM

    2.
    Log Name: Operations Manager
    Source: OpsMgr Connector
    Date: 4/25/2017 6:52:49 AM
    Event ID: 21001
    Task Category: None
    Level: Error
    Keywords: Classic
    User: N/A
    Computer: USWS1DMZSCOMG01.Prd.hrbl.dmz
    Description:
    The OpsMgr Connector could not connect to MSOMHSvc/xxx.xx because mutual authentication failed. Verify the SPN is properly registered on the server and that, if the server is in a separate domain, there is a full-trust relationship between the two domains.
    Event Xml:

    21001
    2
    0
    0x80000000000000

    687
    Operations Manager
    USWS1DMZSCOMG01.Prd.hrbl.dmz

    MSOMHSvc/USWS1PRSCOMM01.hrbl.net

    3.
    Log Name: Operations Manager
    Source: OpsMgr Connector
    Date: 4/25/2017 6:52:49 AM
    Event ID: 20057
    Task Category: None
    Level: Error
    Keywords: Classic
    User: N/A
    Computer: USWS1DMZSCOMG01.Prd.hrbl.dmz
    Description:
    Failed to initialize security context for target MSOMHSvc/USWS1PRSCOMM01.hrbl.net The error returned is 0x80090303(The specified target is unknown or unreachable). This error can apply to either the Kerberos or the SChannel package.
    Event Xml:

    20057
    2
    0
    0x80000000000000

    686
    Operations Manager
    USWS1DMZSCOMG01.Prd.hrbl.dmz

    MSOMHSvc/USWS1PRSCOMM01.hrbl.net
    0x80090303
    The specified target is unknown or unreachable

    4.
    Log Name: Operations Manager
    Source: OpsMgr Connector
    Date: 4/25/2017 6:52:33 AM
    Event ID: 21023
    Task Category: None
    Level: Information
    Keywords: Classic
    User: N/A
    Computer: USWS1DMZSCOMG01.Prd.hrbl.dmz
    Description:
    OpsMgr has no configuration for management group HLF_WS_SCOM and is requesting new configuration from the Configuration Service.
    Event Xml:

    21023
    4
    0
    0x80000000000000

    685
    Operations Manager
    USWS1DMZSCOMG01.Prd.hrbl.dmz

    HLF_WS_SCOM

    5.
    Log Name: Operations Manager
    Source: OpsMgr Connector
    Date: 4/25/2017 6:47:33 AM
    Event ID: 21023
    Task Category: None
    Level: Information
    Keywords: Classic
    User: N/A
    Computer: USWS1DMZSCOMG01.Prd.hrbl.dmz
    Description:
    OpsMgr has no configuration for management group HLF_WS_SCOM and is requesting new configuration from the Configuration Service.
    Event Xml:

    21023
    4
    0
    0x80000000000000

    684
    Operations Manager
    USWS1DMZSCOMG01.Prd.hrbl.dmz

    HLF_WS_SCOM

    6.
    Log Name: Operations Manager
    Source: OpsMgr Connector
    Date: 4/25/2017 6:42:33 AM
    Event ID: 21023
    Task Category: None
    Level: Information
    Keywords: Classic
    User: N/A
    Computer: USWS1DMZSCOMG01.Prd.hrbl.dmz
    Description:
    OpsMgr has no configuration for management group HLF_WS_SCOM and is requesting new configuration from the Configuration Service.
    Event Xml:

    21023
    4
    0
    0x80000000000000

    683
    Operations Manager
    USWS1DMZSCOMG01.Prd.hrbl.dmz

    HLF_WS_SCOM

    7.
    Log Name: Operations Manager
    Source: OpsMgr Connector
    Date: 4/25/2017 6:37:36 AM
    Event ID: 21016
    Task Category: None
    Level: Error
    Keywords: Classic
    User: N/A
    Computer: USWS1DMZSCOMG01.Prd.hrbl.dmz
    Description:
    OpsMgr was unable to set up a communications channel to USWS1PRSCOMM01.hrbl.net and there are no failover hosts. Communication will resume when USWS1PRSCOMM01.hrbl.net is available and communication from this computer is allowed.
    Event Xml:

    21016
    2
    0
    0x80000000000000

    682
    Operations Manager
    USWS1DMZSCOMG01.Prd.hrbl.dmz

    USWS1PRSCOMM01.hrbl.net

    8.
    Log Name: Operations Manager
    Source: OpsMgr Connector
    Date: 4/25/2017 6:37:33 AM
    Event ID: 21001
    Task Category: None
    Level: Error
    Keywords: Classic
    User: N/A
    Computer: USWS1DMZSCOMG01.Prd.hrbl.dmz
    Description:
    The OpsMgr Connector could not connect to MSOMHSvc/USWS1PRSCOMM01.hrbl.net because mutual authentication failed. Verify the SPN is properly registered on the server and that, if the server is in a separate domain, there is a full-trust relationship between the two domains.
    Event Xml:

    21001
    2
    0
    0x80000000000000

    681
    Operations Manager
    USWS1DMZSCOMG01.Prd.hrbl.dmz

    MSOMHSvc/USWS1PRSCOMM01.hrbl.net

    9.
    Log Name: Operations Manager
    Source: OpsMgr Connector
    Date: 4/25/2017 6:37:33 AM
    Event ID: 20057
    Task Category: None
    Level: Error
    Keywords: Classic
    User: N/A
    Computer: USWS1DMZSCOMG01.Prd.hrbl.dmz
    Description:
    Failed to initialize security context for target MSOMHSvc/USWS1PRSCOMM01.hrbl.net The error returned is 0x80090303(The specified target is unknown or unreachable). This error can apply to either the Kerberos or the SChannel package.
    Event Xml:

    20057
    2
    0
    0x80000000000000

    680
    Operations Manager
    USWS1DMZSCOMG01.Prd.hrbl.dmz

    MSOMHSvc/USWS1PRSCOMM01.hrbl.net
    0x80090303
    The specified target is unknown or unreachable

    Please help me if i missed something to be implemented cross forest Gateway Deployment.

    Regards,
    Rana

  18. Brett says:

    Hey Kevin,
    Does SCOM 2016 Support SQL Basic availability groups which is part of SQL 2016 Standard? If yes does it support having it configured in Synchronous mode and have the two DB’s at different locations? The desire is to auto failover to the alternate location. My first thought and concern is the additional latency of Synchronous mode as well as the single point of failure of between sites. I want to find out if it is even supported before I way the options.

    Thank you,

    Brett

    1. Brett says:

      * the single point of failure the two link between the two sites creates. * weigh my options. 🙂

  19. AlexLarkin says:

    Hi Kevin,

    We are running a SCOM 2016 UR3 / SQL 2016 Always On solution. When we fail over to node B there seems to be a permissions issue oarising. The current security model is mixed mode on SQL. We have run into the issue Travis Wright has documented with the Azman auth errors and SQL config changing back in 2011. Have you or anyone you know possible run into this issue and found a resolution?

  20. mezzotinto says:

    Getting this error at SCOM 2016 installation at DB instance page:
    [12:45:32]: Error: :Error in Forcing Service to Running state.: Threw Exception.Type: System.InvalidOperationException, Exception Error Code: 0x80131509, Exception.Message: Cannot open Service Control Manager on computer ‘XXXXX’. This operation might require other privileges.
    [12:45:32]: Error: :StackTrace: at System.ServiceProcess.ServiceController.GetDataBaseHandleWithAccess(String machineName, Int32

    rror: :Inner Exception.Type: System.ComponentModel.Win32Exception, Exception Error Code: 0x80131509, Exception.Message: The RPC server is unavailable

  21. Philippe Augras says:

    Hi Kevin,

    got a question related to SCOM setup : is it possible – and supported – to prestage SCOM databases and if so, how to do it ?
    SCOM 2016 setup still does not recognize mount points and I’m on a configuration where I can’t resize up the volumes hosting the mount points dedicated to SQL.

    Regards,

    P.

  22. rganga says:

    Hello Kevin,
    Is there any detailed document explaining about setting up SCOM 2016 Management Servers as on-standby recovery in secondary datacenter ?, if yes, could you please provide me the link or let me know what steps need to be taken care when my primary datacenter is not reachable. Many Thanks, Raj

  23. Does SCOM 2012 R2 agent work with SCOM 2016 Management Servers/Gateways? Or do they grey out when you update your SCOM 2012 R2 environment (management servers) to SCOM 2016?

Comments are closed.

Skip to main content