SCOM 2012 ACS: Powershell Collector (automatic) failover script

Standard

Last week I was installing a SCOM 2012 R2 environment with Audit Collection Services. Audit Collection Services is one of the additional functionalities of SCOM 2012 R2. ACS uses one or more Management Servers for the collector role. This role will collect all security logs from the agents. The challenge with the collector role is about the high availability of this role.

Updated version and post can be found here!

The collector has normally a 1 on 1 connection with the ACS database. So if you have more collectors you will end up with 2 or more databases with security information. But this is not completely right, there is a possibility to have a warm disabled standby collector which can be activated through some actions. The possible high availability are described in detail in this blog post: http://blogs.technet.com/b/neharris/archive/2011/03/22/acs-forwarders-and-high-availability-part-1.aspx. Although this blog post is from 2011 the scenarios still applies. I applied the third scenario, this means that I don’t have two databases, but manual activities are needed to failover. After executing these tasks two times I decided to create a PowerShell script which executes the failover. This script has the following functionality:

  • Disabling the failed active collector;
  • Copying the ACSConfig.xml from the active collector to the standby collector;
  • Activating the standby collector.

As you can see the script copies the ACSConfig.xml from the active to the standby collector. This is needed to prevent duplication of logged events in the database. The Powershell script:

######################################
#
# Script Name: ACS_Collector_Failover.ps1
# Script Author: A. Vroege
# Script Version: 1.0
# Script Description: Automatic failover script which failovers the collector role
#
######################################

##### Section 1 - Initialization #####
#
#Import the OperationsManager Powershell module and create connection to SCOM Management Server
Import-Module OperationsManager
New-SCOMManagementGroupConnection -ComputerName << SCOM MS SERVER >>
#
##### End Section 1  ############

##### Section 2 - Variables #####
#
#Define the Management Pack naming for the Overrides Management Pack for Audit Collection Services
$mp_name           = "CUSTOM.SCOM.ACS.Overrides"
#Define the ACS Collectors
$acs_collector_1   = "<< ACTIVE ACS COLLECTOR >>" 
$acs_collector_2   = "<< STANDBY ACS COLLECTOR >>"
#
##### End Section 2  ############

##### Section 3 - Script Logic #####
#
#Check if ACS Override Management Pack exists in the SCOM environment, if not a new Management Pack will be created
$MP       = Get-SCOMManagementPack -Name $mp_name | where {$_.Sealed -eq $False}

if (!$MP) {
    Write-Output "Management Pack does not exist. Will be created"
    $mp_store          = New-Object Microsoft.EnterpriseManagement.Configuration.IO.ManagementPackFileStore
    $mp_object         = New-Object Microsoft.EnterpriseManagement.Configuration.ManagementPack($mp_name, $mp_name, (New-Object Version(1, 0, 0,0)), $mp_store)

    Import-SCOMManagementPack $mp_object

    $MP       = Get-SCOMManagementPack -Name $mp_name | where {$_.Sealed -eq $False}
}

#Get Active ACS Collector
$acs_service_1    = Get-WmiObject -ComputerName $acs_collector_1 -Class Win32_Service -Property StartMode -Filter "Name='AdtServer'"
$acs_service_2    = Get-WmiObject -ComputerName $acs_collector_2 -Class Win32_Service -Property StartMode -Filter "Name='AdtServer'"

if($acs_service_1.StartMode -eq 'Disabled') {
    $active_collector  = $acs_collector_2
    $standby_collector = $acs_collector_1 
} ElseIf ($acs_service_2.StartMode -eq 'Disabled') {
    $active_collector  = $acs_collector_1
    $standby_collector = $acs_collector_2
}

#Set the failed Collector to Disabled
Set-Service -ComputerName $active_collector -Name 'AdtServer' -StartupType Disabled
if($? -eq $True) {
    #Now Copy the ACS Server Config File from active to standby ACS Collector
    Copy-Item -Path "\\$active_collector\c$\Windows\System32\Security\AdtServer\AcsConfig.xml" -Destination "\\$standby_collector\c$\Windows\System32\Security\AdtServer\AcsConfig.xml"

    if($? -eq $True) {
        #Activate the Standby Collector
        Set-Service -ComputerName $standby_collector -Name 'AdtServer' -StartupType Automatic
        
        if($? -eq $True) {
            Set-Service -ComputerName $standby_collector -Name 'AdtServer' -Status Running
            
            if($? -eq $True) {
                $active_instance    = Get-SCOMClass -DisplayName 'Microsoft Audit Collection Services Collector' | Get-SCOMClassInstance | Where-Object {$_.Displayname -eq $active_collector}
                $standby_instance   = Get-SCOMClass -DisplayName 'Microsoft Audit Collection Services Collector' | Get-SCOMClassInstance | Where-Object {$_.Displayname -eq $standby_collector}

                If($? -eq $true) {
                    $Monitor_service   = Get-SCOMMonitor -DisplayName 'Microsoft Audit Collection Services Collector Running State'
                    $Monitor_database  = Get-SCOMMonitor -DisplayName 'Microsoft Audit Collector Service Collector Database Connection Establishment State'
    
                    If($? -eq $true) {
                        #Enable the State Monitor for the 'new' Active Instance 
                        Enable-SCOMMonitor -Instance $standby_instance -ManagementPack $MP -Monitor $Monitor_service
                        Enable-SCOMMonitor -Instance $standby_instance -ManagementPack $MP -Monitor $Monitor_database
        
                        #Disable the State Monitor for the 'new' Standby Instance 
                        Disable-SCOMMonitor -Instance $active_instance -ManagementPack $MP -Monitor $Monitor_service
                        Disable-SCOMMonitor -Instance $active_instance -ManagementPack $MP -Monitor $Monitor_database
                    } else {
                        Write-Output "Collector Failover Success, but override configuration could not be changed"
                    }
                } else {
                    Write-Output "Collector Failover Success, but override configuration could not be changed"
                }
            } else {
                Write-Output "Standby Collector Service could not be started. Manual action needed. Script exists.."
                Exit
            }
        } else {
            Write-Output "Standby Collector Service could not be activated. Manual action needed. Script exists.."
            Exit
        }
    } else {
        Write-Output "Collector Configuration could not be copied. Manual action needed. Script exists.."
        Exit
    }   
} else {
    Write-Output "Active ACS Collector could not be disabled. Manual action needed. Script exists.."
    Exit
}

 

When you run this script manually I will failover the active ACS collector. The only pre-requisite of this script is that the active collector must be accessible for the script.  This is why this is not a complete solution for all scenarios. I have configured this script as a recovery for the monitor ‘Microsoft Audit Collection Services Collector Running State’. This will create a fully automatic failover scenario. See below the screenshots of this Recovery:

image

image

Some improvements to the script can be made but it’s functional and working. You can copy the script from above or drop me an email if you want to have a copy.

Updated version and post can be found here!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.