When setting up a new SCOM environment with a lot of Clusters, exchange, DC’s involved the alerts that Agent Proxying is not enabled will quickly pop up. This is in fact one of the most common alerts you get when starting to roll out agents and management packs.
This setting is set on agent level and grants the agent to forward data to the management server on behalf of another entity. This basically means that the agent can send info from another entity. Common scenarios are in fact a DC on behalf of the domain or a cluster which can send info about the cluster resources.
In various management pack guides the agent proxy setting is documented as obligatory to be able to do the initial discovery (cluster management pack) so If you did not read the guide and forgot to set this setting the discovery will just not work.
In fact this setting is disabled by default disabled. SCOM will check when data is sent by an agent which is not originated by it’s own entity and will alert you about this happening. But that’s it. No further action is taken.
You can manage this manually by browsing to the Administration pane => agent managed and open the properties of the agent and check the “allow this agent to act as a proxy and discover managed objects on other computers” tick box.
But this can be a hassle especially in a new management group.
There are various scripts out there to enable the agentproxying option on all agents. This however could pose a security risk if malicious data comes into your management group and floods your management server.
Therefore I’m pro for a more selective approach
So this is my short solution to automate this process.
First take a look at the alert. One of the most common misunderstandings is in fact that it’s not the alert source which need to have the agent proxying option enabled (in this case VSERVER03) but the server in the Alert description (in this case VSERVER001).
This alert is generated by the operations management packs which are installed by default so no tweaking required here.
My solution to automate this process it to use a PowerShell script in combination with a notification channel to react on the alert shown above.
#=====================================================================================================
# AUTHOR: Dieter Wijckmans
# DATE: 10/05/2013
# Name: set_proxy_enabled.PS1
# Version: 1.0
# COMMENT: Automatically activate agent proxy through notification channel
#
# Usage: .\set_proxy_enabled.ps1
#
#=====================================================================================================
Param ([String]$sAlertID)
###Prepare environment for run###
##Read out the Management server name
$inputScomMS = $env:computername
#Initializing the Ops Mgr 2012 Powershell provider#
Import-Module -Name “OperationsManager”
New-SCManagementGroupConnection -ComputerName $inputScomMS
#Get the alert details
$oAlert = Get-SCOMAlert | where { $_.Id -eq $sAlertID}
$AlertID
$oAlert.ID
$oalert.customfield1 = “agent proxy enabled”
$oalert.update(“”)
#Get the FQDN name of the agent to set the proxy for
$input = ($oAlert.Description).ToString()
$outputtemp = $input.Split(‘()’)[1]
$agentname = $outputtemp.Trim()
#Set the Agent proxy setting
‘”‘ + $agentname + ‘”‘ | Get-SCOMAgent | Enable-SCOMAgentProxy –Passthru
exit
download the script here:
In a nutshell the following steps will be performed:
Note I’m also updating customfield1 here to make sure the script ran correctly.
So on to the configuration of our notification:
Navigate to Administration => Notifications => channels
Right click and choose new notification channel:
Name your command notification channel:
Fill in the following (update with your respective paths of course):
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
“c:\scripts\set_proxy_enabled.ps1” ‘$Data/Context/DataItem/AlertId$’
C:\Windows\System32\WindowsPowerShell\v1.0
Move on to the Subscribers:
Click add
Fill in a name:
Configure the subscriber with the channel we just created:
Click Finish twice.
Set up the subscription:
Create a new subscription:
Choose the criteria. In this case we want to trigger this subscription when the Agent proxy not enabled rule logs an alert.
Select the addresses (I choose to send a mail to myself as well as backup option)
Select the channels
And save
Now wait for an alert and check the alert details for our update of custom field 1 and check whether the tick box is enabled at this point.
If you have any question make sure to drop me a line in the comments or ask your question via twitter (better monitored than the comments).