Quick Tip ! Automate it !

April 28, 2016

Hello,

I am a big fan of automation , you improve efficiency by generating a consistent result fast.

But it needs to be worth it, you need a certain quantity of requests before the investment pays off.

Luckily we have these kind of environments in our partner portfolio.

Here we use the service manager portal not for the end-users but we present the portal to the first line helpdesk so they don’t have to escalate certain tasks to second line. All requests are automated by orchestrator runbooks.

clip_image002

And we are on 4874 completed request.

clip_image004

Simple math : about 10 minutes if the action is performed manually , this makes 48740 minutes -> 812 hours -> 101 working days saved, this time can be spent on tasks that create a real added value for the partner.

Enjoy.

Gino D


ZTIexecuterunbook MDT 2013 Update 1

November 20, 2015

Hello,

Strange issue today , a fresh install of Orchestrator and sccm , both latest version installed. SCCM 2012 R2 SP1 CU1 and Orchestrator 2012 R2 UR7.

Combined this with the power of MDT 2013 update 1 in order to execute runbooks from a task sequence.

So far so good, I’ve had a similar setup for another customer so nothing could go wrong…

But when I run the task sequence for executing the runbook my task sequence fails and ztiexecuterunbook under MININT\SMSOSD\OSDLogs show:

Microsoft Deployment Toolkit version: 6.3.8298.1000 ZTIExecuteRunbook 11/18/2015 3:58:54 PM 0 (0x0000)

The task sequencer log is located at C:\Windows\CCM\Logs\SMSTSLog\SMSTS.LOG. For task sequence failures, please consult this log. ZTIExecuteRunbook 11/18/2015 3:58:54 PM 0 (0x0000)

Orchestrator server URL = http://SERVERNAME:81/Orchestrator2012/Orchestrator.svc/Jobs ZTIExecuteRunbook 11/18/2015 3:58:54 PM 0 (0x0000)

Runbook name = New Runbook ZTIExecuteRunbook 11/18/2015 3:58:54 PM 0 (0x0000)

Runnbook ID = 444a1fd8-3168-470c-9a8f-805523de27b3 ZTIExecuteRunbook 11/18/2015 3:58:54 PM 0 (0x0000)

Runbook parameter mode = MANUAL ZTIExecuteRunbook 11/18/2015 3:58:54 PM 0 (0x0000)

Added parameter IntExchange (17ebabac-3fa0-4585-b7e4-54fb0156d650) ZTIExecuteRunbook 11/18/2015 3:58:54 PM 0 (0x0000)

Added parameter StrComputername (c684fd8f-e6e0-44b1-b8d0-6e91f879681f) ZTIExecuteRunbook 11/18/2015 3:58:54 PM 0 (0x0000)

Added parameter StrClusterName (5e029040-b071-4499-a04e-ad593fe5f795) ZTIExecuteRunbook 11/18/2015 3:58:54 PM 0 (0x0000)

Property UserDomain is now = *** ZTIExecuteRunbook 11/18/2015 3:58:54 PM 0 (0x0000)

Property UserID is now = *** ZTIExecuteRunbook 11/18/2015 3:58:55 PM 0 (0x0000)

<Message containing password has been suppressed> ZTIExecuteRunbook 11/18/2015 3:58:55 PM 0 (0x0000)

FAILURE ( 10802 ): Unable to find job. ZTIExecuteRunbook 11/18/2015 3:58:55 PM 0 (0x0000)

The runbook gets started on orchestrator but the task sequence fails !

So we started to do some tests and found that we could simulate the issue on another environment.

Problem turned out to be an error in the scripts of MDT2013update 1. We created 2 identical task sequences executing a simple runbook. One with MDT 2013 toolkit files and one with MDT2013 update 1 toolkit files.

clip_image002

MDT 2013 works fine :

clip_image004

Ztiexecuterunbook shows the wait for completion state.

clip_image006

Now for the MDT 2013 update 1 :

clip_image008

And ztiexecuterunbook shows:

clip_image010

Apparently something slipped through Quality Control 🙂

Enjoy.

Gino D


Orchestrator Quick Tip ! Junction

August 26, 2015

Hello,

When you have multiple actions that you want to run in a parallel way you can link them and use the junction in order to wait for all actions to be finished before continuing.

Here’s the Technet explanation : https://technet.microsoft.com/en-us/library/hh206089.aspx

Now consider the following example :

We use the logging IP in order to grab some information in service manager and save it in a custom field. This is accomplished by calling several sub runbooks.

It looks like this :

clip_image002

Now if we return no data from the junction then our get log data is not succesful as the logging ID is empty.

clip_image004

If you run the tester you recieve no error but the logging id is empty.

clip_image006

clip_image008

While the action clearly stated to use the logging_id from the start activity.

clip_image010

Now if we add the return activity from our previous branch we recieve exactly the same issue.

clip_image012

I had to add a link to our first subrunbook in order to be able to retrieve the Logging_id from our first start action. Then it works.

clip_image014

And set the returned data from the junction to this activity.

clip_image016

At last success.

Enjoy.

Gino D


Orchestrator run .NET version

June 22, 2015

 

All,

We’re using a simple script to enumerate all AD groups containing info in a notes field in Orchestrator.

The script is this :

import-module activedirectory -force

$ArrayProcessList = @()

$Searchbase = “OU=Security Groups,OU=Groups,DC=localdomain,DC=com”

$results = get-adgroup -filter {info -like “*”} -searchbase $searchbase

foreach ( $result in $results )

{

$ArrayProcessList += $result.distinguishedname

}

$ArrayProcessList

When running in the runbook tester with an admin user all works fine. However when testing with a calling runbook so the runbook is executed on the runbook server using service acocunts I recieve an error:

clip_image002

Hmm strange.

Digging into this issue I noticed that the powershell version running using the run .net script is a V2.0 X86 powershell edition ( thank for that Thomas 🙂 )

As you can see in the default V3 version the import-module works.

clip_image004

And this doesn’t work in the V2 version :

clip_image006

Okay , so we have identified the issue , how to resolve it ?

We like this : http://karlprosser.com/coder/2012/04/16/calling-powershell-v3-from-orchestrator-2012/

Modify the script so it starts a new powershell session and pass the output

clip_image008

So start with a variable and run powershell { command} after this, make sure you output the desired result and then pass the initial variable as published data.

clip_image010

And check result !

clip_image012

clip_image014

Yes ! Success.

Enjoy.

Gino D


Orchestrator : Automate exchange Actions !

January 15, 2014

Hello,

First of all happy 2014 !

Orchestrator is great. It allows you to automate lots of ICT related tasks and there are a bunch of integration packs out there.

Let’s automate some exchange actions.

First download and deploy the Exchange admin integration pack from here : http://www.microsoft.com/en-us/download/details.aspx?id=34611

Now create a test runbook and add an action for creating a mailbox after the necesarry connection parameters have been supplied.

Now test !


The exact error is :

Error opening remote PowerShell runspace to endpoint http://srvexch01.rdsolutions.local/powershell: Connecting to remote server failed with the following error message : The WinRM client cannot process the request. The authentication mechanism requested by the client is not supported by the server or unencrypted traffic is disabled in the service configuration. Verify the unencrypted traffic setting in the service configuration or specify one of the authentication mechanisms supported by the server. To use Kerberos, specify the computer name as the remote destination. Also verify that the client computer and the destination computer are joined to a domain. To use Basic, specify the computer name as the remote destination, specify Basic authentication and provide user name and password. Possible authentication mechanisms reported by server: For more information, see the about_Remote_Troubleshooting Help topic.Error opening remote PowerShell runspace to endpoint http://srvexch01.rdsolutions.local/powershell: Connecting to remote server failed with the following error message : The WinRM client cannot process the request. The authentication mechanism requested by the client is not supported by the server or unencrypted traffic is disabled in the service configuration. Verify the unencrypted traffic setting in the service configuration or specify one of the authentication mechanisms supported by the server. To use Kerberos, specify the computer name as the remote destination. Also verify that the client computer and the destination computer are joined to a domain. To use Basic, specify the computer name as the remote destination, specify Basic authentication and provide user name and password. Possible authentication mechanisms reported by server: For more information, see the about_Remote_Troubleshooting Help topic.

Exception: ExchangeGatewayException

Target site: RemoteExchangeGateway.OpenRunspace

Stack trace:

at SystemCenter.IntegrationPack.ExchangeAdmin.Gateway.Core.RemoteExchangeGateway.OpenRunspace()

at SystemCenter.IntegrationPack.ExchangeAdmin.Domain.ExchangeGatewayFactory.CreateRemote(ExchangeConfiguration configuration, IActivityLogger logger)

at SystemCenter.IntegrationPack.ExchangeAdmin.Domain.ExchangeGatewayFactory.CreateGateway(ExchangeConfiguration configuration, IActivityLogger logger)

at SystemCenter.IntegrationPack.ExchangeAdmin.Activity.ExchangeActivity.Execute(IActivityRequest request, IActivityResponse response)

Now check the prereqs precisely.

http://technet.microsoft.com/en-us/library/jj614529.aspx

Specifically the WinRm settings :


Hmmm… strange now I recieve the following error



Error opening remote PowerShell runspace to endpoint http://srvexch01.rdsolutions.local/powershell: Connecting to remote server failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.

Exception: ExchangeGatewayException

Target site: RemoteExchangeGateway.OpenRunspace

Stack trace:

at SystemCenter.IntegrationPack.ExchangeAdmin.Gateway.Core.RemoteExchangeGateway.OpenRunspace()

at SystemCenter.IntegrationPack.ExchangeAdmin.Domain.ExchangeGatewayFactory.CreateRemote(ExchangeConfiguration configuration, IActivityLogger logger)

at SystemCenter.IntegrationPack.ExchangeAdmin.Domain.ExchangeGatewayFactory.CreateGateway(ExchangeConfiguration configuration, IActivityLogger logger)

at SystemCenter.IntegrationPack.ExchangeAdmin.Activity.ExchangeActivity.Execute(IActivityRequest request, IActivityResponse response)

Now let’s modify the username in the connection, add the domain


And … success



Now you can take the lift of the exchange team.

Enjoy

Gino D



SA Application Approval Workflow

August 11, 2013

Hello,
Today we install and configure the solution accelerator for the link between service manager and the config manager self service portal.
Download here : http://www.microsoft.com/en-us/download/details.aspx?id=29687
Now let’s install.

Install on Service manager management server.



Install on Orchestrator server.




Issue 1 on orchestrator

Solution :
Add user used in wizard to OrchestratorSystemGroup


Issue 2 on orcehstrator console.


And in service manager event viewer.


Add rb user to scsm admins


Ok ! Now for the configuration of the Solution Accelerator.
Create new template with class “Application Request”


Add one activity , a default review activity.


Save the template.


Now follow the wizard to create a new selection criteria ( found in administration )



Give it a name and select a template. Choose from the created Application templates.
Attention ! If you select a template without the review activity then you won’ t be able to modify the reviewer section later in the wizard.


Now you can select Applications , users or both



Modify the reviewer activity as wanted.



Set the selection to Production


Now logon to a workstation and use the normal CM application portal and request an app


The user can see the status of the request


The sync runbook runs every 30´, you can trigger it manually and then you’ll see the request.


Now you can see that the user ( in this case the line manager ) has a request activity assigned



Approve it.
Wait for the syncing and you’ll see the app gets installed.



You can see the Application request once completed in the service request view. ( it can no longer be found in the application request view )


Remember that the application requests are based on software approval in sccm so a second install will no longer create an Application request in service manager because the app has allready been approved in config manager.


Enjoy.


System Center Orchestrator 2012: License expired

August 17, 2012

The info is already available on forums, but because I already encountered this in several environments I am posting this on my blog.

There is a known bug in System Center Orchestrator 2012. When the Orchestrator server loses its connectivity with the SQL server, you get the following message: “License expired”, even though the product is licensed.

The solution is restarting the runbook service on that server. If the issues persist, it is possible to open a call with microsoft to receive a hotfix. The fix should be included in SP1 which has nog official release date yet but is expected to come Q4 2012 or Q1 2013.

More info: http://social.technet.microsoft.com/Forums/en-US/scogeneral/thread/bf30249d-bf13-40c6-8c67-18fd94d6a081/