Our previous cumulative update (CU5) shipped back in July 2011, so this one has been a while in the making.
Summary
This article contains a complete description of changes that are contained in Cumulative Update 6 for Microsoft System Center Operations Manager 2007 R2.
Cumulative Update 6 for Operations Manager 2007 R2 includes all previous cumulative updates for Operations Manager 2007 R2 and includes all cross-platform updates.
To download Cumulative Update 6 for Operations Manager 2007 R2, go to the following Microsoft Download Center website:
Download Cumulative Update 6 for System Center Operations Manager 2007 R2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=694147f8-9691-4833-97af-0de918c60141)
Cumulative Update 6 for Operations Manager 2007 R2 resolves the following issues:
- RMS promotion fails if NetworkName and PrincipalNames are not in sync for agents.
- UI is limited to only 100 MB for the Memory Usage field in the wizard.
- Additional OIDs in auth certificate are not processed correctly.
- AEM creates duplicate computer objects in OpsMgr based on Agents NetBIOS name.
- Cannot open reporting pane on OpsMgr 2007 R2 remote console.
- Cannot view schedule for scheduled report.
- ManagementServerConfigTool with the option "promoterms" fails because it stops polling the SDK Service.
- OpsMgr reports are failing on Windows 7 with the error: "Cannot initialize report."
- ACS events have "n/a" as their category in the ACS database.
- Watch agentless monitoring listener to detect failure to respond.
- SCOM SDK memory leak on cryptography keys and cryptography contexts.
- After you click Edit Schedule, a message box appears, and you cannot save the change value.
- Audit events can be lost when the AdtServer process crashes.
- The installation process for the IBM AIX 6.1 agent incorrectly checks for AIX 5.3 packages.
- After a system restart, the OpsMgr agent for Solaris may start to run before local file systems are mounted.
- On Red Hat Linux version 4 and SUSE Linux version 9, LVM disks are not discovered and cannot be monitored.
- The OpsMgr agent for AIX does not report the arguments for monitored processes.
- When Microsoft security update MS12-006 is installed on an OpsMgr management server, that management server can no longer communicate with the OpsMgr agent on any Linux or UNIX server.
- On HP-UX, OpsMgr cannot discover and monitor a logical volume that is composed of more than 127 physical volumes.
- Support for IBM AIX 7.1 (POWER).
- Support for Oracle Solaris 11 (x86 and SPARC).
System Center Operations Manager 2007 R2 Cross Platform Monitoring Management Packs (http://www.microsoft.com/downloads/details.aspx?FamilyID=b15fef5c-e331-4006-8913-be376bb0e0c1)
More Information
Issues that are resolved by Cumulative Update 6 for Operations Manager 2007 R2
Collapse this table
Symptoms | Scenario |
---|---|
Installation of the OpsMgr agent on AIX 6.1 fails with a missing dependency. | When you install the OpsMgr agent on AIX 6.1 by using the OpsMgr Discovery Wizard or manually, an error is reported about a missing dependency. This dependency is a file from AIX 5.3 that should not be a prerequisite for installing on AIX 6.1. |
After a system restart, the OpsMgr agent on Solaris may fail because it cannot find local files that it needs. | The installation process for the OpsMgr agent on Solaris creates a startup entry that does not have a dependency on local file systems being mounted. Therefore, timing variations can cause the agent to run before the local file systems are mounted, with the result that the agent cannot find files that it needs. |
On Red Hat Linux version 4 and SUSE Linux version 9, LVM disks are not discovered and monitored. | The inability to see LVM disks occurs on all Red Hat Linux 4 and SUSE Linux 9 operating systems that are monitored by using OpsMgr 2007 R2 CU5. |
On AIX, the OpsMgr agent does not report the arguments for monitored processes. | When you create custom monitors by using the CIM class SCX_UnixProcess, the "Parameters" field is always returned as blank on AIX computers. |
When Microsoft security update MS12-006 is installed on an OpsMgr management server, all communication from the management server to the OpsMgr agent on Linux or UNIX results in an HTTP 501 error. | Security update MS12-006 made a change in the way data is packaged for transport across SSL/TLS in order to remove a security vulnerability. The change is valid. However, the OpsMgr agent for all Linux/UNIX operating systems makes an incorrect assumption and cannot understand this change. This results in HTTP 501 errors for all communications. |
On HP-UX, logical volumes that have more than 127 physical volumes are not discovered and therefore cannot be monitored. | When it discovers logical volumes on an HP-UX operating system, the OpsMgr agent for HP-UX receives an internal error when it has a volume that has more than 127 physical volumes. The error results in the disk being ignored and not discovered or monitored. |
Known issues for this update
There are no known issues for this update.
Recommended installation order
We recommend that you install this cumulative update in the following order:
- Root management server (RMS)
- Operations Manager database - manually update by running the included stored procedure file that is discussed in the following sections:
- "Manual operations that must be performed after you update the root management server and the data warehouse"
- "Manual operations that must be performed after you update the ACS collector"
- Management packs that are discussed in the "Import the management packs" section - manually import
- Secondary management servers
- Gateway servers
- Agent update - deploy to agents that used a discovery-based installation
- Operations console role computers
Note When you update this role, select the Run Server Update option from the Software Update dialog box. - Web Console server role computers
- Manually installed agents - apply the agent update
- Audit Collection Services (ACS) role computers
Note After you apply the cumulative update to ACS computers, follow these steps:
- Net stop adtserver.
- Run DbUpgV6toV7.sql.
- Net start adtserver.
Additional installation notes
- When you update a component by using the installer splash screen, you have to complete three update installers. When you update a component such as RMS, each installer starts and requires you to click Finish when the update is complete. The next installer starts automatically.
Installation steps
To extract the files that are contained in this update, follow these steps:- Copy the following file to either a local folder or an available network share:SystemCenterOperationsManager2007-R2CU6-KB2626076-X86-X64-IA64-ENU.MSI
- Run this file locally on each applicable computer. For example, run this file on the root management server (RMS).
Notes- Run this file by using either Windows Explorer or a command prompt.
- To run this file on a computer that is running Windows Server 2008, you must use an elevated command prompt. An elevated command prompt is a command prompt that was started by using the Run as Administrator option. If you do not run this Windows-based installer file under an elevated command prompt, the System Center Operations Manager 2007 Software Update splash screen does not let the hotfix be installed.
- In the System Center Operations Manager 2007 Software Update window, select the update option for the role that will be updated.
Recommended steps for applying this cumulative update to a clustered root management server
For more information about the recommended instructions for applying this cumulative update to a clustered root management server, go to the following Microsoft website:
How to apply a SCOM hotfix to a clustered RMS (http://go.microsoft.com/fwlink/?LinkId=190856)
Manual operations that must be performed after you update the root management server and the data warehouse
Run the SQL scripts
This update contains fixes that must be manually applied. These fixes are applied by running the c:\program files (x86)\System Center 2007 R2 hotfix utility\KB2626076 \SQLUpdate\CU_DataWarehouse.sql file against the Operations Manager data warehouse (OperationsManagerDW) and by running the c:\program files (x86)\System Center 2007 R2 hotfix utility\KB2626076 \SQLUpdate\CU_Database.sql file against the Operations Manager database (OperationsManager). To do this, follow these steps:- Log on to the computer that hosts the Operations Manager 2007 database by using a user account that has database system administrator (SA) rights to the Operations Manager 2007 database instance. To perform the database update remotely, log on to a computer that hosts SQL Server Management Studio by using a user account that has the appropriate SA rights to the Operations Manager 2007 database.
- Run SQL Server Management Studio.
- In the Connect to Server dialog box, connect to the instance of SQL Server that hosts the Operations Manager database. The default database name is OperationsManager.
- On the toolbar, click New Query.
- From the SQL Editor toolbar, use the Available databases option to select the Operations Manager database.
- On the File menu, click Open, browse to C:\program files (x86)\System Center 2007 R2 hotfix utility\KB2626076\SQLUpdate\, select the CU_Database.sql file that was extracted by the Windows installer (.msi file), and then click Open.
- When the file is loaded, click Execute in the SQL Editor toolbar.
- View the Messages pane to check whether the Transact-SQL commands ran successfully.
- Exit SQL Server Management Studio.
- For the Operations Manager data warehouse, repeat steps 1 through 8. However, connect to the instance of SQL Server that hosts the Operations Manager data warehouse, and then run the \SQLUpdate\CU_DataWarehouse.sql file.
Manual operations that must be performed after you update the ACS collector
Run the SQL scripts
This update contains fixes that must be manually applied. These fixes are applied by running the %SystemDrive%\Windows\System32\Security\AdtServer\DbUpgV6toV7.sql file against the ACS DB (OperationsManagerAC2). To do this, follow these steps:- Log on to the computer that hosts the ACS database by using a user account that has database system administrator (SA) rights to the ACS database instance. To perform the database update remotely, log on to a computer that hosts SQL Server Management Studio by using a user account that has the appropriate SA rights to the ACS database.
- Run SQL Server Management Studio.
- In the Connect to Server dialog box, connect to the instance of SQL Server that hosts the ACS database. The default database name is OperationsManagerAC2.
- On the toolbar, click New Query.
- From the SQL Editor toolbar, use the Available databases option to select the ACS database.
- On the File menu, click Open, select the %SystemDrive%\Windows\System32\Security\AdtServer\DbUpgV6toV7.sql file that was installed by the Windows installer (.msi file), and then click Open.
- When the file is loaded, click Execute in the SQL Editor toolbar.
- View the Messages pane to check whether the Transact-SQL commands ran successfully.
- Exit SQL Server Management Studio.
Import the management packs
The management packs that are supplied in the ManagementPacks folder must be manually imported by using the Import Management Packs Wizard in the Operations console.The following updated management packs are located in the ManagementPacks folder of the package installation:
- Microsoft.SystemCenter.DataWarehouse.Report.Library.mp
- Microsoft.SystemCenter.WebApplication.Library.mp
- Microsoft.SystemCenter.WSManagement.Library.mp
Update the Web.Config file on the Web Console server role computers
To make sure that all cookies that are created by the Web Console cannot be accessed by the client cscript, add the following configuration to the Web.Config file on the Web Console server:However, if the Web Console is configured to run under SSL, add the following configuration to the Web.Config file instead to make sure that all cookies are encrypted:
Install Linux/UNIX management packs, and update Linux/UNIX agents
Cumulative Update 6 for Operations Manager 2007 R2 contains new agents for all supported Linux and UNIX operating systems, together with new management packs for AIX 7.1 and Solaris 11. Therefore, to fully install this cumulative update, you should follow these steps to make sure that your monitoring of Linux/UNIX computers is up to date:- Download and then install the updated management packs from the following Microsoft website:System Center Operations Manager 2007 R2 Cross Platform Monitoring Management Packs (http://www.microsoft.com/downloads/details.aspx?FamilyID=b15fef5c-e331-4006-8913-be376bb0e0c1)
- Import the updated management pack for each version of Linux or UNIX that you are monitoring in your environment.
- Use the Operations Manager 2007 R2 Discovery Wizard to rediscover the Linux and UNIX computers that you monitor. After you rediscover the computers, the agents on those computers upgrade automatically.
Updated support tools that are included in this cumulative update
The following updated file in the SupportTools folder supports the upgrade from Microsoft SQL Server 2005 Reporting Services to SQL Server 2008 Reporting Services and from SQL Server 2008 Reporting Services to SQL Server 2008 R2 Reporting Services:
SRSUpgradeTool.exe
Note Use the appropriate platform version of this file instead of the file that is supplied in the SupportTools folder of the Operations Manager 2008 R2 distribution media.
Advanced installation instructions at a command prompt
The installer (hotfix utility) that is downloaded from this site unpacks the bootstrapping application and necessary MSP files to install Cumulative Update 6 for Operations Manager 2007 R2. It is better to run the hotfix utility on each computer and to deploy Cumulative Update 6 for Operations Manager 2007 R2 by using the GUI interface that is invoked after you run the hotfix utility. However, you can avoid multiple installations of the hotfix utility by copying the unpacked directory and files to the appropriate computers. These files are unpacked to the following location by the hotfix utility:
\Program Files (x86)\System Center 2007 R2 Hotfix Utility\KB2626076\
If you decide to install Cumulative Update 6 for Operations Manager 2007 R2 at a command prompt, use the following command:
SetupUpdateOM.exe /x86msp:KB<#>-x86.msp /amd64msp:KB<#>-x64.msp /ia64msp:KB<#>-ia64.msp /x86locmsp:KB<#>-x86-
Note The /Silent flag is not necessary if you want to install Cumulative Update 6 for Operations Manager 2007 R2 by using the GUI interface. Replace the
For example, run the following command for the English version of Cumulative Update 6 for Operations Manager 2007 R2:
SetupUpdateOM.exe /x86msp:KB2626076-x86.msp /amd64msp:KB2626076-x64.msp /ia64msp:KB2626076-ia64.msp /x86locmsp:KB2626076-x86-ENU.msp /amd64locmsp:KB2626076-x64-ENU.msp /ia64locmsp:KB2626076-ia64-ENU.msp /UpdateAgent /Silent /noreboot
Advanced installation instruction to manually update agents
With Cumulative Update 6 for Operations Manager 2007 R2, you can manually update agents without copying the full contents of the package. To deploy updates to an agent, follow these steps:- Install the hotfix utility by using the instructions in the "Advanced installation instructions at a command prompt" section. By default, the files that you have to have to update the agent are at the following location:C:\Program Files (x86)\System Center 2007 R2 Hotfix Utility\KB2626076
- Copy the appropriate .msp files to a folder of your choice (for example, C:\temp\CU6_Agent) on each computer on which you want to manually update the agent.
- Run the following two commands at a command prompt from the folder that contains the update files. This folder is C:\temp\CU6_Agent if you follow the suggestion here. (ex: x64 architecture and English language):
msiexec.exe /p "C:\temp\CU6_Agent\KB2626076-x64-Agent.msp" REBOOT="ReallySuppress"
msiexec.exe /p "C:\temp\CU6_Agent\KB2626076-x64-ENU-Agent.msp" REBOOT="ReallySuppress"
File list and roles
This update installs updated UNIX and Linux agents to the following folder, and this update removes older UNIX and Linux agents in the following folder:
Program Files\System Center Operations Manager 2007\AgentManagement\UnixAgents
The updated agents have file names that use the following format and a version number of 298:
scx-1.0.4-298-ServerType.ServerVersion.Architecture.PackageType
Notes
- The placeholder ServerType represents the name of the UNIX or Linux server product.
- The placeholder ServerVersion represents the version number of the server type.
- The placeholder Architecture represents the processor architecture of the destination computer.
- The placeholder PackageType represents the kind of installation file.
For example, the following is the file name format for the agent for SUSE Linux Enterprise Server 10 (x86):
scx-1.0.4-298-sles.10.x86.rpm
The agents that are included with Systems Center Operations Manager 2007 R2 Cumulative Update 5 have a version number of 277. All agent files for this version number are removed during the installation of this update.
The agents that are included with Systems Center Operations Manager 2007 R2 Cross Platform Cumulative Update 2 (hotfix 979490) have a version number of 258. All agent files for this version number are removed during the installation of this update.
The agents that are included with System Center Operations Manager 2007 R2 Cross Platform Agent Update (hotfix 973583) have a version number of 252. All agent files for this version number are removed during the installation of this update.
The agents that are included with the original release of System Center Operations Manager 2007 R2 have a version number of 248. These files are not removed during installation. However, these files are replaced with 1 kilobyte (KB) files. You have the option of removing these 1 KB files. These files are as follows:
- scx-1.0.4-248.aix.5.ppc.lpp.gz
- scx-1.0.4-248.aix.6.ppc.lpp.gz
- scx-1.0.4-248.hpux.11iv2.ia64.depot.Z
- scx-1.0.4-248.hpux.11iv2.parisc.depot.Z
- scx-1.0.4-248.hpux.11iv3.ia64.depot.Z
- scx-1.0.4-248.hpux.11iv3.parisc.depot.Z
- scx-1.0.4-248.rhel.4.x64.rpm
- scx-1.0.4-248.rhel.4.x86.rpm
- scx-1.0.4-248.rhel.5.x64.rpm
- scx-1.0.4-248.rhel.5.x86.rpm
- scx-1.0.4-248.sles.10.x64.rpm
- scx-1.0.4-248.sles.10.x86.rpm
- scx-1.0.4-248.sles.9.x86.rpm
- scx-1.0.4-248.solaris.10.sparc.pkg.Z
- scx-1.0.4-248.solaris.10.x86.pkg.Z
- scx-1.0.4-248.solaris.8.sparc.pkg.Z
- scx-1.0.4-248.solaris.9.sparc.pkg.Z
--------------------------------------------------------------------------------------------------------
Let’s Roll:
So – first – I download it. The hotfix is about 1000MB.
Now – before your heart rate starts rising…. understand… this update combines the Cross Plat CU with the OpsMgr CU. (CU3, CU4, and CU5 did this as well) Aligning these is a very good thing – but it ends up increasing the size of the initial download. No worries though – I will demonstrate how to only have to copy specific files to lessen the impact of distributing this update to all your management servers and gateways, if copying a 1GB file around is a problem for you. Read about that here: http://blogs.technet.com/b/kevinholman/archive/2010/10/12/command-line-and-software-distribution-patching-scenarios-for-applying-an-opsmgr-cumulative-update.aspx
Next step – READ the documentation… understand all the steps required, and formulate the plan.
I build my deployment plan based on the release notes in the KB article. My high level plan looks something like this:
- Backup the Operations and Warehouse databases, and all unsealed MP’s.
- Apply the hotfix to the RMS
- Run the SQL script(s) update against the OpsDB AND Warehouse DB.
- Import the updated management packs provided.
- Apply the hotfix to all secondary Management Servers.
- Apply the hotfix to my Gateway Servers.
- Apply the hotfix to my agents by approving them from pending
- Apply the hotfix my dedicated consoles (Terminal servers, desktop machines, etc…)
- Apply the hotfix to my Web Console server
- Apply the hotfix to my Audit collection servers
- Update manually installed agents…. well, manually.
****Requirement – as a required practice for a major update/hotfix, you should log on to your OpsMgr role servers using a domain user account that meets the following requirements:
These rights (especially the user account having SA priv on the DB instances) are often overlooked. These are the same rights required to install OpsMgr, and must be granted to apply major hotfixes and upgrades (like RTM>SP1, SP1>R2, etc…) Most of the time the issue I run into is that the OpsMgr admin logs on with his account which is an OpsMgr Administrator role on the OpsMgr servers, but his DBA’s do not allow him to have SA priv over the DB instances. This must be granted temporarily to his user account while performing the updates, then can be removed, just like for the initial installation of OpsMgr as documented HERE. At NO time do your service accounts for MSAA or SDK need SA (SysAdmin) priv to the DB instances…. unless you decide to log in as those accounts to perform an update (which I do not recommend).
- OpsMgr administrator role
- Member of the Local Administrators group on all OpsMgr role servers (RMS, MS, GW, Reporting)
- SA (SysAdmin) privileges on the SQL server instances hosting the Operations DB and the Warehouse DB.
Ok, Lets get started.
1. Backups. I run a fresh backup on my OpsDB and Warehouse DB’s – just in case something goes really wrong. Since I haven’t grabbed my RMS encryption key in a long while – I go ahead and make a backup of that too, just to make sure I have it somewhere.
I also will take a backup of all my unsealed MP’s. You can do the backup in PowerShell, here is an example which will backup all unsealed MP’s to a folder C:\mpbackup:
Get-ManagementPack | where {$_.Sealed -eq $false} | export-managementpack -path C:\MPBackupWe need to do this just in case we require restoring the environment for any reason.
2. Apply the hotfix to the RMS.
Tip #1: Here is a tip that I have seen increase the success rate: Reboot your RMS/RMS nodes before starting the update. This will free up any locked processes or WMI processes that are no longer working, and reduce the chances of a timeout for a service stopping, file getting updated, etc.
Tip #2: If you are running any SDK based connectors – it is a good idea to stop these first. Things like a Remedy product connector service, Alert Update Connector, Exchange Correlation Engine, etc… This will keep them from throwing errors like crazy when setup bounces the SDK service.
Tip #3: If you are low on disk space, and you have previously installed prior R2-CU’s, you can uninstall those and make sure they are removed from \Program Files (x86)\System Center 2007 R2 Hotfix Utility\ directory. This can free up a substantial amount of disk space, and once applied these files are no longer necessary.
Tip #4: If you are running the Exchange Correlation Service for the Exchange 2010 MP, it might be a good idea to disable this service during the CU update. This service uses a lot of resources and would be best to keep it out of the picture for the CU process.
****Note: If applying this update to a RMS cluster – FIRST see: How to apply a SCOM hotfix to a clustered RMS
****Note: Many people struggle with OpsMgr hotfixes – for failing to follow instructions. When applying an OpsMgr hotfix – you need to copy the downloaded MSI file (such as SystemCenterOperationsManager2007-R2CU6-KB2626076-X86-X64-IA64-ENU.MSI) to EACH and EVERY Management server and Gateway. You need to INSTALL this hotfix installer utility to EACH Management Server and Gateway. Don’t try and just copy the update MSP files. This wont work and you will fail to update some components. Common complaints are that the agents never go into pending actions, or the agent update files never get copied over to the \AgentManagement folders. In almost ALL cases, people were taking a shortcut and making assumptions. Don’t. Copy the 1GB file to each machine, then install the hotfix utility, then run the hotfix from the splash screen that comes up (this is a bootstrapper program), immediately after installing the downloaded MSI. The only acceptable alternative to this process – is to install/extract the 1GB MSI to a workstation, and then build a command line based package as described below. For memory limited test environments – the command line method is the way to go.Since my RMS is running Server 2008 R2 – I need to open an elevated command prompt to install any SCOM hotfixes. That is just how it is. So I launch that – and call the MSI I downloaded (SystemCenterOperationsManager2007-R2CU6-KB2626076-X86-X64-IA64-ENU.MSI). This will install the Hotfix Utility to the default location. I always recommend installing this hotfix utility to the default location. You can always uninstall the utility later to clean up disk space.
Tip: (This part may take a LONG TIME to complete if calling the 1GB file on a system will limited memory resources. This is because it must consume 1GB of RAM to open the file, temporarily. For production systems meeting the minimum supported 4GB, this probably wont be as much of an issue. For virtualized labs and test environments where you are running very limited memory, (1-2GB RAM) you will see this process take a considerable amount of time. On my 1GB memory virtualized management servers, it would not install at all. I upped them to 2GB and they took about 10-20 minutes to open and run the setup program. See section at the end of this article **Command line install** for ideas on how to mitigate this issue if affected)Eventually – a splash screen comes up:
I choose Run Server Update, and rock and roll. You MUST execute the update from this “Run Server Update” UI. NO OTHER METHOD will work.
It runs through with success, I click finish – then another setup kicks off. This is by design. There should be three actual setups running consecutively (once for the core update, one for the localization, and one for Xplat.)
You could see this potentially three times:
Then wait around 30 seconds for any post install processes to complete, and then click “Exit” on the splash screen.
If you have trouble at with this stage – get some error messages, or if the installation rolls back – see the troubleshooting and known issues at the KB article and below in this post.
If you are patching a clustered RMS – you can continue the process using the link posted above – and complete the second node.
Now – it is time to validate the update applied correctly. I can see the following files got updated on the RMS in the standard install path: \Program Files\System Center Operations Manager 2007\
**note – this isn't all the files included in the hotfix package, just a spot check to make sure they are getting updated.
Next I check my \AgentManagement folder. This is the folder that any agents will get updates from. I check the \x86, \AMD64, and \ia64 directories:
It is good – that our KB2626076 CU6 agent MSI’s got copied over. In this CU, we did remove the previous CU files if they existed. (these will get moved to the root directory \Program Files\System Center Operations Manager 2007\AgentManagement folder)
3. Time to run the SQL scripts. There are 2 scripts, located on the RMS, in the C:\Program Files (x86)\System Center 2007 R2 Hotfix Utility\KB2626076\SQLUpdate folder:
- CU_Database.sql
- CU_DataWarehouse.sql
I simply need to open this file with SQL management studio – or edit it with notepad – copy the contents – and paste it in a query window that is connected to my Operations (OperationsManager) Database. I paste the contents of the file in my query window, it takes about a minute to complete in my lab. It will return a list of rows updated.
Next up – we now need to connect to the Warehouse database instance, and open a new query window against the OperationsManagerDW database. We will execute CU_DataWarehouse.sql which will return “Command(s) completed successfully”.
DO NOT skip step number 3 above, and do not continue on until this is completed.
4. Next up – import the MP updates. That's easy enough. They are located at C:\Program Files (x86)\System Center 2007 R2 Hotfix Utility\KB2626076\ManagementPacks\ and are named:
- Microsoft.SystemCenter.DataWarehouse.Report.Library
- Microsoft.SystemCenter.WebApplication.Library.mp
- Microsoft.SystemCenter.WSManagement.Library.mp
At this point – if you are using cross platform monitoring for Unix agents – you would upgrade the Xplat MP’s via a separate download. See the KB article for steps on this, and potentially upgrading your Unix agents if required.
System Center Operations Manager 2007 R2 Cross Platform Monitoring Management Packs
This download site contains the latest MP’s for Solaris/AIX which were updated/included for CU6. The other Xplat MP’s have not been revved since the previous CU.
5. Time to apply the hotfix to my management servers. I have 1 secondary MS server which is Windows Server 2008 R2 SP1. So I open an elevated command prompt to run the hotfix utility MSI,
Again – I MUST RUN SystemCenterOperationsManager2007-R2CU6-KB2626076-X86-X64-IA64-ENU.MSI on each Management server. This installs the hotfix utility, which will then launch the splash screen.
Tip: (This part may take a LONG TIME to complete if calling the 1GB file on a system will limited memory resources. This is because it must consume 1GB of RAM to open the file, temporarily. For production systems meeting the minimum supported 4GB, this probably wont be much of an issue. For virtualized labs and test environments where you are running very limited memory, you will see this process take a considerable amount of time. On my 1GB memory virtualized management servers, it would not install. I upped them to 2GB and they took about 10-20 minutes to open and run the setup program. See section at the end of this article **Command line install** for ideas on how to mitigate this issue if affected)***On this server I could NOT get the splash screen (bootstrapper) to show up. I was being lazy and did not run the full MSI from an elevated command prompt. (GASP!) Once I opened an elevated CMD, mapped a drive to my CU6 MSI, and ran it, it worked perfectly. Key message – don’t be lazy – run these updates from an elevated CMD – because UAC will kill you!
Once the splash screen comes up I “Run Server Update” These all install without issue (again – three setups run consecutively). I spot check the \AgentManagement directories and the DLL versions, and all look great. REMEMBER – you can sure patch all your management servers at the same time, however, your agents WILL fail over during this time because we stop the MS HealthService during the update. Keep this in mind. It is best to update management servers one at a time, synchronously, to keep your agents from failing over to the RMS and overloading it, or causing massive Heartbeat failures because they have nowhere to report to.
6. Next up – any Gateway machines here. Since my gateways all have limited memory, I don’t want to run the full 1GB MSI. I am running these from a command line which uses a LOT less resources. I build a local install package in my local C:\temp\ directory from my article at this LINK using the following command line modified for CU5:
SetupUpdateOM.exe /x86msp:KB2626076-x86.msp /amd64msp:KB2626076-x64.msp /ia64msp:KB2626076-ia64.msp /x86locmsp:KB2626076-x86-ENU.msp /amd64locmsp:KB2626076-x64-ENU.msp /ia64locmsp:KB2626076-ia64-ENU.msp /Agent /norebootI “Run Gateway Update” from the splash screen, and setup kicks off. It runs three separate installs and I see the following – 3 times:
Remember to spot check your DLL versions and \AgentManagement directories. They both should be updated.
7. I check my Pending Management view in the Administration pane of the console – and sure enough – all the agents that are set to “Remotely Manageable = Yes” in the console show up here pending an agent update. I approve all my agents (generally we recommend to patch no more than 200 agents at any given time.)
After the agents update – I need to do a quick spot check to see that they are patched and good – so I use the “Patchlist” column in the HealthService state view to see that. For creating a “Patchlist” view – see LINK
In the above view – I can see that it does show my CU6 applied – but it left some stuff about CU5 – which is unfortunate. What actually happened – is that we tried to install 2 components – the KB2626076-x64-Agent.msp and then the KB2626076-x64-ENU-Agent.msp. HOWEVER – the ENU components (localization stuff) never got installed. The reason?
Log Name: ApplicationThis is the same issue that been a bit of a pain for ages…. the first MSP (the agent update) requires a restart of the COMPUTER because of some process that was locked and not allowing all the binaries to be updated. Therefore – Windows Installer blocks any more MSP’s until this reboot happens. This isn't critical (missing the ENU components) but the agent is not fully patched until you reboot it, AND then you need to manually install ENU components MSP, OR run a “repair”. Once you reboot the monitored server, and run a repair agent from the console (or manually update the ENU components) the Patchlist looks correct:
Source: MsiInstaller
Date: 5/18/2012 5:00:55 PM
Event ID: 1038
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: SCOMRS.opsmgr.net
Description:
Windows Installer requires a system restart. Product Name: System Center Operations Manager 2007 R2 Agent. Product Version: 6.1.7221.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Type of System Restart: 2. Reason for Restart: 1.
Frustrating – but this has been an issue ever since CU3/4, where the behavior was changed to stop with the agent updates whenever a restart was required. In CU3/4, RestartManager (a component of Windows Installer) would try to stop other services and processes in order to continue with the update, which was WAY worse than this condition.
8. I have a few dedicated consoles which need updating. One is a desktop machine and the other is my terminal server which multiple people use to connect to the management group. So – I kick off the installer – and just choose “Run Server Update” as well. I do a spot check of the DLL files – and see the following was updated on the terminal server:
I can also perform a “Help > About” in the console itself – this will now show the update version for your console:
9. Next up – Web Consoles. I run mine on a stand alone management server, which I have already patched with CU6. So – I will simply just go check their DLL files to ensure they got updated.
From: \Program Files\System Center Operations Manager 2007\Web Console\bin
Additionally – there are some manual steps needed to secure the Web Console from a client side script vulnerability, per the KB Article (you might have already done this in a previous CU):
Update the Web.Config file on the Web Console server role computers
Now – ONE of these lines need to be added to your web.config file. Scroll down in that file until you see the
- To ensure that all cookies created by the web console cannot be accessed by client cscript, add the following configuration to the Web.Config file on each Web console server:
- If the web console is configured to run under SSL, add the following configuration to ensure all cookies are encrypted:
Use the correct line based on your SSL configuration status for your web console. Reboot your web console server to pick up these changes.
10. At this point – I update ACS components on any ACS running Management servers that have already been patched with CU6 – but this time run the update and choose to “Run ACS Server Update”
After you update your collector…. you must run a SQL script that is included in the update. This script will be run against your ACS database. See the KB article for instructions.
11. Manually installed agents. I have a fair bit of these… so I will do this manually, or set up a SCCM package to deploy them. Most of the time you will have manually installed agents on servers behind firewalls, or when you use AD integration for agent assignment, or when you installed manually on DC’s, or as a troubleshooting step.
Additional Activities:
12. Since this particular environment I am updating is going from CU5 to CU6 – I need to import the latest cross platform management packs. If I am not using and don’t desire to use OpsMgr to monitor cross platform OS’s like SUSE, RedHat, and Solaris… then I can skip this step. However, if I do want to be fully up to date for Xplat monitoring – I need to ensure I have the latest Xplat MP’s available. The ones that are version .277 are current: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=18891
Additionally there are some newer updated ones for RHEL6, Solaris, and AIX.
13. I need to update the ACS reports, if I am using ACS. We have included in the CU6, some new reports which fix some reported issues with the reports. These can be found at:
C:\Program Files (x86)\System Center 2007 R2 Hotfix Utility\KB2495674\ACS\Reports
You might have already updated these in a previous CU. They started shipping in CU5.
At this point I would browse to my Sql Reporting Services website that hosts my ACS reports, and import these RDL’s over the existing reports, or place them in a new folder for testing, and then move them later.
Now – the update is complete.
The next step is to implement your test plan steps. You should build a test plan for any time you make a change to your OpsMgr environment. This might include scanning the event logs on the RMS and all MS for critical and warning events… looking for anything new, or serious. Testing reporting is working, check the database for any unreasonable growth, run queries to see if anything looks bad from a most common alerts, events, perf, state perspective. Run a perfmon – and ensure your baselines are steady – and nothing is different on the database, or RMS. If you utilize any product connectors – make sure they are functioning.
The implementation of a solid test plan is very important to change management. Please don't overlook this step.
*** Command line install option
In some situations, you might want to perform a command line installation of the update on your RMS/management server. Most of the time – I don’t recommend this, because you generally need the feedback if each part was successful or not. However, there are situations where it is required.
One example is for users who have issues with the 1GB MSI file, and getting the hotfix installer running, especially on limited memory systems. For those, you can use a command line options which removes the issue.
For additional command line options, including how to make a CU package smaller, and how to patch consoles, agents, etc…. see the KB article which contains some guidance, and the following post which contains command line package ideas from a previous CU:
http://blogs.technet.com/b/kevinholman/archive/2010/10/12/command-line-and-software-distribution-patching-scenarios-for-applying-an-opsmgr-cumulative-update.aspx
Known issues/Troubleshooting:
1. New management packs cannot be edited in the authoring console after the Cumulative Update is installed
When a new management pack is created after CU4, CU5, or CU6 is installed and then an attempt is made to edit the management pack in the Authoring console, the Authoring console cannot edit the management pack because it cannot find the latest version of the Microsoft.SystemCenter.Library Management Pack (build .61 for CU4 and build .81 for CU5 and CU6). This is resolved – please see: http://support.microsoft.com/kb/2590414
2. CU6 fails to apply. The SDK or config service may not start after this, and CU6 fails on subsequent retries. The installation rolls back and you get a dialog box that the setup was interrupted before completion. There are two possible issues, with workarounds to this. One is caused by a general timeout, the other is a .NET 2.0 Issue due to a CRL response delay. Start with workaround “#1” and if that fails, try workaround “#2”. #2 is a fairly rare condition.
Workaround #1:
The services are timing out while trying to start. Using http://support.microsoft.com/kb/922918 set the ServicesPipeTimeout entry for all services to have 3 minutes (180000 milliseconds) and REBOOT the server. Then try and apply CU4. It should apply. You likely will see a few warning messages about failure to start the OMCFG service – just click ok and the setup will continue.
Workaround #2:
Using Follow the steps that are outlined in Microsoft Knowledge Base article KB936707
***Note: This hotfix likely will not be required. The hotfix is ONLY required if you are still running .NET 2.0 RTM. This hotfix is included in .NET 2.0SP1 and later. The hotfix does not resolve the issue, simply put – the hotfix (or .NET 2.0SP1 or later) simply ENABLES the use of a new tag in XML which will allow for disabling of CRL checking. If your RMS is on Windows Server 2008 or 2008R2 – you already have this hotfix included.
***Note: Once you have verified you have .NET 2.0 SP1 or later installed – you MUST perform the second step – which involves editing 2 application.exe.config files. The KB article is misleading in that it tells you to add this information as an entire section – which is incorrect – you must find thesection in your existing config files – and add a SINGLE new line to that existing section.
The manifest files are located on the RMS at the \Program Files\System Center Operations Manager 2007\ root directory. The manifest files will need to be edited for the config and sdk service on affected RMS. The file names are:
In between the EXISTING
- Microsoft.Mom.Sdk.ServiceHost.exe.config
- Microsoft.Mom.ConfigServiceHost.exe.config
and lines – you need to ADD a NEW LINE with the following:
This solution disables CRL checking for the specified execute-ables, permanently.3. Agent patchlist information incomplete, or CU6 patching failure. The agent Patchlist is showing parts of CU6, or CU5 but also CU4, CU3, CU2 or CU1 or nothing. The CU6 localization ENU update is not showing in patchlist. This appears to be related to the agents needing a reboot required by Windows Installer from a previous installation package. Once they are rebooted, and a repair initiated, the patchlist column looks correct with the CU6 and CU6 ENU (localized) information. The correct and complete patchlist information will appear as below:
System Center Operations Manager 2007 R2 Cumulative Update 6 (KB2626076); System Center Operations Manager 2007 R2 Cumulative Update 6 (KB2626076) - ENU Components
If you apply Cumulative Update 3 or 4 for Operations Manager 2007 R2, the pushed agent may not display the update list correctly. This issue occurs because the agent updates in Cumulative Update 3/4 for Operations Manager 2007 R2 may require a restart operation and then a repair operation. If you do not restart these servers after you apply Cumulative Update 3/4 for Operations Manager 2007 R2, the agent updates in Cumulative Update 6 for Operations Manager 2007 R2 are not applied. However, the restart required state is set on these computers. Therefore, you have to restart these computers and then repair the agent to apply the updates in Cumulative Update 6 for Operations Manager 2007 R2.
Kevin Holman--------------------------------------------------------------------------------------------