Archive for August, 2013

Today I needed to access the registry of a remote computer to find out what Management Groups this agent is part of. That means I needed to find out what Subkeys existed at this path: HKLM\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups.


# $Srv needs to be the name of the Server you want to query.

$key = “SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups”
$type = [Microsoft.Win32.RegistryHive]::LocalMachine
$regKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($type, $Srv)
$regKey = $regKey.OpenSubKey($key)
Foreach($sub in $regKey.GetSubKeyNames()){$sub}


Works great, but will require you to have permissions to access the registry remotely (obviously).

When you manually install an agent, it is no longer ‘Remotely Manageable’ from the SCOM Console so this means there are certain things you cannot do remotely. This is really just a simple flag in the database, so to change it, you ‘ll either have to install the agent using the discovery wizard (or PowerShell)…or change the flag in the Operational Database.


So here’s a query to return which Agents which are set as manually installed:

select bme.DisplayName from MT_HealthService mths
INNER JOIN BaseManagedEntity bme on bme.BaseManagedEntityId = mths.BaseManagedEntityId
where IsManuallyInstalled = 1


The following query will set all agents back to Remotely Manageable.

UPDATE MT_HealthService
SET IsManuallyInstalled=0
WHERE IsManuallyInstalled=1


Now – the above query will set ALL agents back to “Remotely Manageable = Yes” in the console.  If you want to control it agent by agent – you need to specify it by name here:

UPDATE MT_HealthService
SET IsManuallyInstalled=0
WHERE IsManuallyInstalled=1
AND BaseManagedEntityId IN
(select BaseManagedEntityID from BaseManagedEntity
where BaseManagedTypeId = ‘AB4C891F-3359-3FB6-0704-075FBFE36710’
AND DisplayName = ‘’)

So just change ‘’ to the name of your server…


Alternatively, you can wrap all of this up nicely inside a PowerShell Script.

# $computername needs to be the FQDN of the Server the Agent is being installed on.
# Set ‘YOURMANAGEMENTSERVERNAME’ to the name of your OperationsManager Database Server.

Param (
$RemotelyManageable = @”

UPDATE MT_HealthService
set IsManuallyInstalled=0
where IsManuallyInstalled=1
AND BaseManagedEntityId IN
(select BaseManagedEntityID from BaseManagedEntity
where BaseManagedTypeId = ‘AB4C891F-3359-3FB6-0704-075FBFE36710’
AND DisplayName = ‘$computername’)
$SqlConnection = New-Object System.Data.SqlClient.SqlConnection
$SqlConnection.ConnectionString = “Server=YOURMANAGEMENTSERVERNAME;Database=OperationsManager;Integrated Security=True”
$SqlCmd = New-Object System.Data.SqlClient.SqlCommand
$SqlCmd.CommandText = $RemotelyManageable
$SqlCmd.Connection = $SqlConnection
$SqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter
$SqlAdapter.SelectCommand = $SqlCmd
$DataSet = New-Object System.Data.DataSet
$SqlAdapter.Fill($DataSet) | Out-Null


To run the script, save it as a new powershell script and call it this way:

Set-AgentRemotelyManageable.ps1 AgentHostName.YourDomain.Com

Active directory User and Computer accounts and Groups are simply objects that exist in the Active Directory Database. These objects have attributes. Attributes can be things like “First Name”, “Last Name”, “Description”, “Telephone Number” and so on.

Computer and User accounts are rather similar in the way they operate on a Windows domain and they both share an attribute called servicePrincipalName (SPN). An account object can have multiple ServicePrincipalName attributes defined. Where SCOM is concerned, the job of the setspn.exe tool is simply to modify this ServicePrincipalName attribute for the Data Access Service (SDK) account.

Read more

Today I went to multi-home a few agents to my SCOM 2012 network and was presented with the following error:


The Management Group Configuration could not be saved.


Management configuration 1















In my case, the issue was that SCOM had already entered the new SCOM Management Group details into the registry, so trying to add it again into the Operations Manager Agent Control Panel Applet caused the error. So fire up “Regedit” and navigate to HKLMSystemCurrentControlSetServicesHealthServiceParametersManagement Groups

Then find the appropriate management group and delete it from the registry and restart the healthservice!


Management configuration 2













Now try and add it back into the control panel applet again. If that doesn’t work, try uninstalling the agent and then reinstalling it. I’ve tried both options and both worked for me.