Wednesday, October 25, 2017

SCOM 2016 Update Rollup 4 (UR4) Now Available

Yesterday Microsoft announced the release of Update Rollup 4 (UR4) for SCOM 2016.

The Fixes

This latest update contains bug fixes for the following 12 known issues:
  • This update resolves an issue that causes a crash of IIS application pools that are running under CLR 2.0 when the APM feature is installed on the server as part of SCOM Agent. The code now uses appropriate memory instructions, based on the CLR version.
  • When a log file is being monitored by SCOM, Monagent locks the file and won't allow it to be renamed.
  • Adds support for TLS 1.2.
  • Addresses an issue in which the APM AppDiagnostics console fails to create a Problem Management rule due to a FormatException. The appropriate string is now used for formatting, and the Problem Management wizard is able to run without issues.
  • Failure of GetOpsMgrDBWatcherDiscovery.ps1 script causes the Monitoring Host to crash.
  • WMI Health monitor doesn't work if WINRM is configured to use https only.
  • WMI Health monitor doesn't work if SPN http://servername is set to a user account.
  • Product knowledge of "Windows Cluster Service Discovery" includes an incorrect reference to "Windows NT."
  • SCOMpercentageCPUTimeCounter.ps1 script generates WMI errors that are caused by Service Principle Name (SPN) configuration issues.
  • After a network outage, the management server does not reconnect to the gateway server if the gateway server was installed with the /ManagementServerInitiatesConnection=True option.
  • A configuration change to the network device triggers a rediscover of the device, and this process changes the SNMP agent address.
  • The UseMIAPI registry subkey prevents collection of custom performance rules data for all Linux servers.

I've highlighted the two issues that I've been waiting to be resolved for a while - with the agent APM feature crashing IIS application pools issue also being the top ask from customers and the community since the initial release of SCOM 2016 late last year. This issue was supposed to be fixed in UR3 and although I've seen a decrease in the number of people reporting the issue in UR3 environments, it still wasn't completely resolved so hopefully they have it nailed in UR4.

The WMI Health Monitor issue is widely anticipated too and this should supersede the recently released 'Inbox MP Hotfix' Microsoft released for scenarios where WINRM was configured to use https only.

The Gotcha's

For the first time in a long while with these Update Rollups, Microsoft have released a list of known issues that you need to consider when deploying UR4.

Here's what they say to watch out for:

  • During Audit Collection Services (ACS) update or removal, the Audit Collection Services Collector Setup wizard is incorrectly titled "System Center Operations Manager 2012 Audit Collection Server."
  • When you access Silverlight dashboards, a “Web Console Configuration Required” message is displayed.
To work around the Silverlight dashboard issue, they've listed the following steps:
  1. Click Configure in the dialog box.
  2. When you are prompted to run or save the SilverlightClientConfiguration.exe file, click Save.
  3. Run the SilverlightClientConfiguration.exe file.
  4. Right-click the .exe file, click Properties, and then select the Digital Signatures tab.
  5. Select the certificate that has Digest Algorithm as SHA256, and then click Details.
  6. In the Digital Signature Details dialog box, click View Certificate.
  7. In the dialog box that appears, click Install Certificate.
  8. In the Certificate Import Wizard, change the store location to Local Machine, and then click Next.
  9. Select the Place all certificates in the following store option and then select Trusted Publishers.
  10. Click Next and then click Finish.
  11. Refresh your browser window.

My Advice

All in all, Update Rollup 4 seems like it will solve some important outstanding issues but the journey to deploying it and potentially having to manually import certificates seems like a pain. Outside the UR4 deployment I've already completed in my lab and on our internal corporate SCOM 2016 environments, I don't have enough hands-on experience with this UR to confirm if it solves all the problems it is supposed to.

My advice is that unless you're being screwed with the APM agent crash issue, then just hang tight on deploying this into production until more people across the SCOM community have pushed it out and until Kevin Holman gets a chance to put together another one of his awesome step-by-step guides to getting this installed.