29 August 2014

SCOM 2007 - error 0x80090303

Event ID 21001
The OpsMgr Connector could not connect to MSOMHSvc/hostname.local because mutual authentication failed. Verify the SPN is properly registered on the server and that, if the server is in a separate domain, there is a full-trust relationship between the two domains.

Event ID 20057
Failed to initialize security context for target MSOMHSvc/hostname.local. The error returned is 0x80090303 (The specified target is unknown or unreachable). This error can apply to either the Kerberos or the SChannel package.

my setup: certificate based authentication for servers in workgroup.

problem identified: MOMCertImport tool wrote the wrong certificate serial number to the registry so the wrong certificate was used for authentication.

registry key: HKLM\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings\ChannelCertificateSerialNumber

this registry key must contain the certificate serial number from : Local Computer / Personal / Certificates folder

!!! the certificate serial number is wrote in the registry in reverse order.!!!



20 August 2014

Script to rename groups in FIM


Add-PSSnapin FIMAutomation

$filter = "/Group[(starts-with(DisplayName,'recipients%'))]"

# import grups from FIM
$fimgroups = Export-FIMConfig -Uri http://faber:5725/ResourceManagementService -CustomConfig $filter -OnlyBaseResources

foreach ($fimgroup in $fimgroups){
   
    $groupNewName = $fimgroup.ResourceManagementObject.ResourceManagementAttributes.Where({$_.AttributeName -eq 'AccountName'}).Value.Replace('recipients ','MR_')
    $fimgroupid = $fimgroup.ResourceManagementObject.ResourceManagementAttributes.Where({$_.AttributeName -eq 'Objectid'}).Value
   
    # To perform an operation on a FIM object, first we need to create an ImportObject:
    $importObject = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject
    # "shortcut" for the enum that defines the import state
    $ImportState = [Microsoft.ResourceManagement.Automation.ObjectModel.ImportState]
    # "shortcut" for the enum that defines the operation type
    $ImportOperation = [Microsoft.ResourceManagement.Automation.ObjectModel.ImportOperation]
    # import object properties
    $importObject.ObjectType = 'Group'
    $importObject.TargetObjectIdentifier = $fimgroupid
    $importObject.SourceObjectIdentifier = $fimgroupid
    $importObject.State = $ImportState::Put

    # import change object for account name
    $importChange = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportChange
    # import change properties
    $importChange.Operation = $ImportOperation::Replace
    $importChange.AttributeName = 'AccountName'
    $importChange.AttributeValue = $groupNewName
    $importChange.FullyResolved = 1
    $importChange.Locale = 'Invariant'
    # add changes to importObject
    $importObject.Changes += $importChange

    # import change object for account name
    $importChange = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportChange
    # import change object for displayname
    $importChange.Operation = $ImportOperation::Replace
    $importChange.AttributeName = 'DisplayName'
    $importChange.AttributeValue = $groupNewName
    $importChange.FullyResolved = 1
    $importChange.Locale = 'Invariant'
    # add changes to importObject
    $importObject.Changes += $importChange

    # import change object to FIM
    Import-FIMConfig -Uri http://faber:5725/ResourceManagementService -ImportObject $importObject
}

Find and delete mail messages in queue

To find messages that are in queue:

Get-Message -Queue "server_name\submission" | where {$_.status -eq "Retry"} -Queue "server_name\submission" | where {$_.status -eq "Retry"}


to delete messages:

Get-Message -Queue "server_name\submission" | where {$_.status -eq "Retry"} | Remove-Message -WithNDR $false 

12 August 2014

Invoke-Item

Invoke-Item - performs the default action on the specified item.

The default action depends on the type of specified item.

for example: on a document file ( .doc)  it will open the file withe the associated application (Microsoft Word).

alias for this cmdlet is ii

to open a windows explorer to the current foder use: ii .