Unix / Linux SCOM Commandlets

CMdLet Description
Get-SCXAgent Returns list of managed UNIX / Linux computers
Get-SCXSSHCredential Creates an SSH credential
Install-SCXAgent Install SCOM agent for discovered UNIX / Linux computers.
Invoke-SCXDiscovery Invokes the discovery operation for the specified configuration of UNIX / Linux computers.
Remove-SCXAgent Remove a UNIX or Linux computer from a management group.
Set-SCXResourcePool Change the managing resource pool for the targeted UNIX or Lunix computer.
Uninstall-SCXAgent Uninstall the UNIX / Linux agent.
Update-SCXAgent Updates the UNIX / Linux agent
scxcertconfig -list List the Xplat certificates installed in management group
scxcertconfig -remove Remove the Xplat certificates installed in management group

Example 1:

Input: get-SCXagent

Output: Will return list of all Unix / Linux managed agents

Example 2:

Input: get-SCXagent | where {$_.Name -match “X01C-XPSCOM”} | Remove-SCXAgent

Output: No output will be displayed however, agent that matches with name X01C-XPSCOM will be removed from management group.

Example 3:

Input: scxcertconfig -list

Output: Will display all Xplat certificates installed in management group.

Example 4:

Input : scxcertconfig -remove-all

Output: No output will be displayed however, all Xplat certificates installed in management group will be removed.

SCCM Primary sites design considerations

Today I will discuss scenarios under which you might require multiple primary sites.

As a thumb rule use a stand-alone primary site to support management of all of your systems and users. This topology is also successful when your company’s different geographic locations can be successfully served by a single primary site. To help manage network traffic, you can use multiple management and distribution points across your infrastructure to optimize network traffic.

A stand-alone primary site supports:

  • 175,000 total clients and devices, not to exceed:
    • 150,000 desktops (computers that run Windows, Linux, and UNIX)
    • 25,000 devices that run Mac and Windows CE 7.0

For mobile device management:

  • 50,000 devices by using on-premises MDM
  • 150,000 cloud-based devices

For example, a stand-alone primary site that supports 150,000 desktops and 10,000 Mac or Windows CE 7.0 can support only an additional 15,000 devices. Those devices can be either cloud-based or managed by using on-premises MDM.

For more information on sizing check https://docs.microsoft.com/en-us/sccm/core/plan-design/configs/size-and-scale-numbers

Now let’s get into scenarios of considering more than 1 Primary sites

  1. Load balancing across two Primary Sites

This scenario comes into play when you will have a Central Administration Site (CAS), and 2 or more Primary Sites with the thought of splitting the clients across multiple primary sites, in this scenarios if you lose one Primary site, you could still support half of your environment until the other Primary is recovered.

Below are pros and cons of this design:

Pros

  • If you lose the CAS or One Primary, then at least one Primary is still functional, as are its Secondary Sites until the CAS or other Primary is brought back online.

The deciding factor for this is if you have a tight SLA in bringing up SCCM sites then this is your best bet.

Typically, it takes around 3 hours to bring back SCCM sites if you have SCCM DB as SCCM site backup available.

  • Removes the Single Point of Failure scenario from the design, as clients assigned to other primaries would still be able to report in and be managed.

If need be, you can also manually switch clients to report to the available primary sites and continue to manage them

Cons

  • Increased Licensing costs
  • Increased hardware costs
  • Increased SQL Replication
  • Change latency across the Infrastructure as well as Locking due to replication latency
  1. Redundancy and High Availability

The data from Primary Sites and the CAS replicates among sites in the hierarchy. The CAS also provides centralized Administration and reporting.

Note that automatic Client Re-assignment does not occur when a Primary Site fails.

The result of a Primary Site failure is that the Primary Site and its Secondary sites communication are now broken, and the Secondary Sites cannot be re-parented. This coupled with the fact that the Client cannot be easily re-assigned in the time it would take to recover the failed Primary Site means there is really not a valid reason to do this unless the time it will take you to recover the Primary site, is greater than the time it would take to reassign and reinstall all of the Secondary sites the failed primary had.

However, this becomes valid when the scenario of Natural Disaster or War Type precautions for redundancy are being considered where the other location won’t be coming back online for quite some time.

  1. Geographic Boundaries

In some scenarios, companies across different countries require that each continent or country can share data, but that they also must be able to still support their country or continents clients must still be manageable. In this case, which is a business case for continuity; it would be feasible to have more than one Primary Site. Making the choice to use another Primary site in this case should be based on connectivity and client count because just using a Secondary site or remote Distribution point should be good enough for Geographic separation.

  1. Political or just that your clients want it

In some scenarios, your client you want multiple primary sites and segregate clients between them just because they are being managed by different departments or heads.

There can also be situations where they want to segregate data clients between and do not want everybody in the organization to have to access to all information.

Practically this cannot be a good reason to have multiple primary sites as SCCM user roles permissions can take care of it. And CAS by default will have access to all the information across primary sites.

However, there are situations that I have come across where this is required for client satisfaction.

Stop runbook instance by orchestrator

If you are an automation geek, you will come across multiple scenarios where you would like to stop a runbook while it is getting executed. unfortunately OOTB MS orchestrator does not have any activity that supports this model.

There is PS command lets that you can use but it is quite complex and most important it is very difficult to  have it triggered automatically (runbook runtime).

However, there is awesome ready made integration pack available from Kelverion Kelverion integration pack for runbook management you can use this IP to stop, start, get runbook status and get runbook ID. Obviously this comes at a cost, now if you are an geek like me who like to do things rather than buy them then click here: Stop runbook instance

How it works:

Just enter  Runbook ID or unique ID is taken as an input parameter, (you need to fetch this info the orchestraor database or orchestrator web URL).

Once unique ID is entered,  stop runbook will automatically fetch it instance id (this will be unique every time a runbook runs) from orchestrator DB and stop only that instance of the runbook.

I hope this will be of  help to the community.

Please post your feedback in comments section below.

System Center Service Manager Version / Build #

I have compiled all the build numbers for SCSM, incase you see something is missing or incorrect, please post them in comments.

Service Manager 2016 

Build Number Version
7.5.4108.0 System Center Technical Preview
7.5.4295.0 System Center Technical Preview 2
7.5.4458.0 System Center Technical Preview 3
7.5.7217.0 System Center Technical Preview 4
7.5.7314.0 System Center Technical Preview 5
7.5.7487.0 SCSM 2016 RTM

Service Manager 2012 R2 Self Service Portal

Build Number Version
7.5.3079.507 SCSM 2012 R2 Update Rollup 8
7.5.3079.523 Update 1 for SCSM 2012 R2 Self Service Portal
7.5.3079.548 Update 2 for SCSM 2012 R2 Self Service Portal
7.5.3079.572 Update 3 for SCSM 2012 R2 Self Service Portal

Service Manager 2012 R2

Build Number Version
7.5.3046.276 SCSM 2012 R2 Preview
7.5.3079.0 SCSM 2012 R2 RTM
7.5.3079.61 SCSM 2012 R2 Update Rollup 2
7.5.3079.148 SCSM 2012 R2 Update Rollup 3
7.5.3079.236 SCSM 2012 R2 Update Rollup 4
7.5.3079.315 SCSM 2012 R2 Update Rollup 5
7.5.3079.367 SCSM 2012 R2 Update Rollup 6
7.5.3079.442 SCSM 2012 R2 Update Rollup 7
7.5.3079.504 Fix for SCSM 2012 R2 Update Rollup 7
7.5.3079.507 SCSM 2012 R2 Update Rollup 8 (Self Service Portal only)
7.5.3079.571 SCSM 2012 R2 Update Rollup 9 (withdrawn by MS)
7.5.3079.601 SCSM 2012 R2 Update Rollup 9 v2(withdrawn by MS)
7.5.3079.607 SCSM 2012 R2 Update Rollup 9 v3

Service Manager 2012 SP1

Build Number Version
7.5.2053.0 SCSM 2012 SP1 CTP2
7.5.2205.0 SCSM 2012 SP1 Beta
7.5.2905.0 SCSM 2012 SP1 RTM
7.5.2905.125 SCSM 2012 SP1 Update Rollup 2
7.5.2905.150 SCSM 2012 SP1 Update Rollup 4
7.5.2905.158 SCSM 2012 SP1 Update Rollup 4 Re-released
7.5.2905.179 SCSM 2012 SP1 Update Rollup 6

Service Manager 2012

Build Number Version
7.5.1088.276 SCSM 2012 CTP2
7.5.1354.0 SCSM 2012 Beta
7.5.1464.0 SCSM 2012 RC
7.5.1561.0 SCSM 2012 RTM
7.5.1561.106 SCSM 2012 Update Rollup 2
7.5.2905.150 SCSM 2012 Update Rollup 3
7.5.2905.158 SCSM 2012 SP1 Update Rollup 3 Re-released

Service Manager 2010

Build Number Version
7.0.5813.0 System Center Service Manager 2010 Release Candidate
7.0.5826.0 System Center Service Manager 2010 RTM
7.0.5826.859 Cumulative Update 1 for System Center Service Manager 2010
7.0.5826.881 Cumulative Update 2 for System Center Service Manager 2010
7.0.5826.886 Cumulative Update 3 for System Center Service Manager 2010

Service Manager 2010 SP1

Build Number Version
7.0.6545.0 System Center Service Manager 2010 Service Pack 1 Release Candidate
7.0.6555.0 System Center Service Manager 2010 Service Pack 1
7.0.6555.101 Cumulative Update 1 for System Center Service Manager 2010 Service Pack 1
7.0.6555.110 A hotfix for Cumulative Update 1 for System Center Service Manager 2010 SP1: May 2011
7.0.6555.115 Cumulative Update 2 for System Center Service Manager 2010 Service Pack 1
7.0.6555.116 Hotfix package for System Center Service Manager 2010 Service Pack 1(Requires CU2)
7.0.6555.118 Active Directory Connector does not synchronize new updates after you switch domain controllers (Requires CU2. Not cumulative—does not include 2250444)
7.0.6555.128 Cumulative Update 3 for Microsoft System Center Service Manager 2010 Service Pack 1
7.0.6555.131 Cumulative Update 4 for Microsoft System Center Service Manager 2010 Service Pack 1 (SP1)