Lessons learned SCOM SP1 Upgrade – Part 3

I am a strong believer in not using AD integration any more. I think the management of the agents long term and in a DR situation is easier with a little planing.

Durring an upgrade to SCOM SP1 I ran into an few unexpected results.

When the management server upgrade fails you will be left without a management server on the host that failed to upgrade.

AD integration was setup and 90% of the agents’ primary management server was the Management Server that had just failed and the install removed from the server.  The failed Management Server still showed up in the console as management server but it is grayed out, you need to delete the server from the console if you want to reinstall the management server role on the same server. Here is the catch, you can’t delete the server while there is still agents assigned to the server as the primary management server. Since AD integrated agents are not remotely manageable this created a lot of extra work that when you have other problems you are trying to address only complicate things and increase the time to resolution. you can find the steps to convert the agents from AD integrated here.

I have taken the SQL script to make all agents remotely manageable and put it in a Orchestrator runbook and set it to run every 7 days, this will ensure that any manually installed agents in the future will be manageable from the console. My next version of this runbooks will also balance the agents between management servers every time it runs.

runbook overview


SCOM Agent Mgmt runbook

Step 1

Scom Agent mgmt Step 1


Step 2 set all agents to be remotely manageable

Scom Agent mgmt Step 2


Step 3

Powershell script to approve agent in pending in ManualApproval status

Import-Module OperationsManager
New-SCOMManagementGroupConnection -ComputerName scomn01
$Passwd = ConvertTo-SecureString “password” -AsPlainText -Force
$Account = New-Object System.Management.Automation.PSCredential (“SCOMAction”, $Passwd)
$Agents = Get-SCOMPendingManagement | where {$_.AgentPendingActionType -eq “ManualApproval”} | Approve-SCOMPendingManagement -ActionAccount $Account


If you are doing something similar and have installed the SCOM agent in MDT and set it to AD integrated in the OS wim. The SCOM agent will have to come out of the base OS image and become a step of the SCCM OSD task sequence.

Leave a Reply

Your email address will not be published. Required fields are marked *