Thursday, January 16, 2014

Hotfix patch needed for existing Windows 7 clients when installing new AD RMS server (WS2012) in Crypto Mode 2

The initial default crypto key length for WS2K8 R2 and Win7 is only RSA 1024. After I setup a new WS2012R2 AD RMS server in crypto mode 2 to replace the old WS2008 RMS server in crypto mode 1, the crypto key length is increased from RSA 1024/SHA-1 to RSA 2048/SHA-256. I have to install this hotfix patch for my Win7 RMS clients to increase crypto key length. There is also another update for Office 2010 clients.

If need be, clear the existing AD RMS client caches as well.

More details on AD RMS Cryptographic Modes.

Tuesday, January 7, 2014

Installing OpsManager Database on AlwaysOn SQL cluster

According to this Technet link, AlwaysOn database instance is supported for System Center Operations Manager 2012/R2. You'll just need to supply the AlwaysOn Group Listener name and port number to the installation wizard. The first management server will use the Group listener to get the primary SQL instance, and will install the databases on that instance. Subsequently, you can manually add it to a Availability Group.

This method won't work. After a long wait, the wizard will return an error asking you to ensure sufficient permissions. A closer look to the installation wizard logs located at (%LOCALAPPDATA%\SCOM\LOGS\OpsMgrSetupWizard.txt) reveals that the wizard was unable to connect to the hidden drive share of the active SQL host
[13:06:59]: Info: :Info:Creating db path: \\SQL_LIS\D$\MSCMDB\MSSQL11.MSCMDB\MSSQL\DATA\
[13:22:21]: Error: :Could not create valid path: \\SQL_LIS\D$\MSCMDB\MSSQL11.MSCMDB\MSSQL\DATA\: Threw Exception.Type: System.IO.IOException, Exception Error Code: 0x80070043, Exception.Message: The network name cannot be found.
[13:22:21]: Error: :StackTrace:   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.Directory.InternalCreateDirectory(String fullPath, String path, Object dirSecurityObj, Boolean checkHost)
   at System.IO.Directory.InternalCreateDirectoryHelper(String path, Boolean checkHost)
   at Microsoft.EnterpriseManagement.OperationsManager.SetupCommon.SetupUtils.CreateDirectoryForDatabase(String physicalSqlServerInstance, String localPath, Boolean& createdDirectory)
[13:22:21]: Error: :Error:Could not create the directories for the specified DB Path
[13:22:21]: Always: :Database creation permission check failed for CMDB_AG_LIS\MSCMDB instance
You can try to access the hidden SMB share using the listener name, it won't connect. You'll have to supply the actual active host name to the wizard. Hence, the workable approach should be:

  1. Supply active host name to the installation wizard. Complete the installation.
  2. Ensure that the Operations Manager console can log in successfully.
  3. Rename the database server to the Group Listener name using the same procedure as "How to move Operations Manager database"
  4. Restart the OM service.
  5. Stop the primary SQL service to force a SQL cluster service move.
  6. Start the OM console to check the connectivity.