You are browsing the archive for scom 2012.

Avatar of alkin

by alkin

Install OpsMgr Agent remotely with Powershell

1:59 pm in Powershell, SytemCenter by alkin

As you are aware by now I’m creating a series of Powershell automation activities to automate some System Center installation tasks. Below you can find a Powershell script that will connect to the Opsmgr server remotely (so you dont need the OpsMgr powershell snappin installed locally) deploy the scom agent and enable agent proxiyng on them.

# NAME: Opsmgr 2012 Agent Install
# AUTHOR: Alexandre Verkinderen
# DATE  : 10/23/2013
# Requirements: FIrewall needs to be disabled
# COMMENT: This script is designed to install OpsMgr 2012 agents.
# The following serfvers  need agents instaled using default options: Install-SCOMAgent <a href=""></a> DC01, SCVMM01

$MS = ""

#Connect remotely to the SCOM server
Invoke-Command -ComputerName $MS -ScriptBlock {

$MS = ""
$AgentList = @("")
$Password = ConvertTo-SecureString "Passw0rd!" -AsPlainText -Force
$username = "contoso\administrator"
$InstallAccount = New-Object System.Management.Automation.PSCredential($username,$Password)

#Import PowerShell Modules
import-module OperationsManager

#Connect to OpsMgr Management Group
New-SCOMManagementGroupConnection -ComputerName $MS

#OpsMgr Agent Installation

Foreach($Agent in $AgentList)

Install-SCOMAgent -Name $Agent -PrimaryManagementServer (Get-SCOMManagementserver -Name $MS) -ActionAccount $InstallAccount
write-host $Agent "Installed"


#Sleep so the agent install can finish before enabling agent proxying

Start-Sleep -s 60

#enabling agent proxying for vmm and AD management pack

#Enable Agent Proxying
Get-ScomAgent | where{$_.ProxyingEnabled.Value -eq $False} | Enable-SCOMAgentProxy


Alexandre Verkinderen

Avatar of alkin

by alkin

How to change SCOM reporting to use Kerberos instead of NTLM

12:06 pm in Uncategorized by alkin

One of the Domain admins at one of my customers was complaining about all the NTLM request generated by the scom server to the reporting server. One of the issues with NTLM is that you need to re-authenticate every time, with Kerberos you receive a ticket that is valid for a longer period of time (by default 10hours). You can find more info about NTLM VS Kerberos here: 


All the SQL servers at this customer are configured to use Kerberos but apparently when the SCOM reporting is being installed and modifying the RSReportServer config file it will change the authentication method as well back to NTLM!! Although Microsoft is recommending Kerberos over NTLM for almost 10 years now, new products like SCOM 2012 are still using NTLM!!


To change the report server authentication settings, edit the XML elements and values in the RSReportServer.config file.

You can find the file in the following location: C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer



Change the setting from RSWindowsNTLM to RSWindowsNegotiate



Important note Important

Using RSWindowsNegotiate will result in a Kerberos authentication error if you configured the Report Server service to run under a domain user account and you did not register a Service Principal Name (SPN) for the account. Make sure to create the SPN for the SQL reporting service as described here:




Visit Us On TwitterVisit Us On Linkedin