Sam Erskine’s blogs are now @

Jul 20 2012

No responses yet

Upgrading SCSM 2010 SP1 to CU3

Dec 10 2011

· Disable all connectors on the SCSM management server (CMDB)

· Create an Encryption key backup for all Management servers

· Backup all SCSM databases and the SSRS databases

· Backup all management packs

· Backup all DLLs for the custom MPs (e.g. Exchange connector)

· Install CU on DW

· Install CU on SCSM CMDB server and all secondary management servers

· Enable all Connectors

· Install CU on all consoles in use

· Install the Authoring Tool update on all systems with the Authoring tool installed on

Detailed Steps

Disable all Connectors

In the SCSM Console |Administration Node |Connectors qq3fxrkb
 Connector disabled message fxtwecvy

Create and Encryption key backup for all Management servers

Create a local folder e.g. C:\BKUPEN dppjnwxq
Insert the SCSM installation media (e.g. SCSM with SP1 ) | Navigate to  .\AMD64\Tools\SecureStorageBackup\SecureStoragebackup.exe  |Run as  Administrator btzdgfum
 Click Next ztkghxth
 Select Backup the Encryption Key | Next hxnpijgx
 Browse to the location you will be storing the Encryption Key file whtuclw0
 Specify a filename with a .BIN extension pjj0ncxb
 Provide a password yahomayd
 Click Next ms3i0hod
Copy the Encryption files to a network location  


Backup all SCSM databases and the SSRS databases

Process using SQL Server Management Studio crmwrcqe
 Right Click the database to be backed up | Tasks |Backup…. zqw4yr1r
 Select the media type |In this example you can back up to the local disk using the default SQL backup location |using a filename identifying the database e.g. ServiceManager.BAK 2qfwbms5
Repeat for all DBs yaypsxic
Ensure the Backups are stored anywhere other than the SQL servers local drives  

Install CU3 on DW

 Download the update | right Click | Run as administrator v0gockhe
 Read and Agree |Install ktpp0hgq
 Update starts ezveiaon
 Close djb00vlm
Check services and if the Data Access Service is not running, start it 4ikb5bbn

Install CU3 on all other management servers starting with Workflow /CMDB Management Server (Use same steps as DW update above)

Enable all Connectors

 In the SCSM Console |Administration Node |Connectors q14wtnebbpyaj305
 Connector Enabled message rglserdv

Update all Management Consoles

In the next post, I will show you how you can use SCCM 2007 to deploy the CU to all your consoles.

One response so far

SCSM Framework To Real Work Part IV-> AV Exclusions

Jun 22 2011

An area often overlooked during deployment of infrastructure applications is, exclusions from real-time scanning engines.

Below is the list of files and directories recommended for exclusion for SCSM (based on Forefront Protection)

Service Manager 2010 Files and Folders
%ProgramFiles%\Microsoft System Center\Service Manager 2010\Health Service State\*

Service Manager 2010 Processes
%programfiles%\Microsoft System Center\Service Manager 2010\HealthService.exe
%programfiles%\Microsoft System Center\Service Manager 2010\Microsoft.Mom.ConfigServiceHost.exe
%programfiles%\Microsoft System Center\Service Manager 2010\MonitoringHost.exe
%programfiles%\Microsoft System Center\Service Manager 2010\Microsoft.Mom.Sdk.ServiceHost.exe

2 responses so far

SCSM From Framework to Real Work Part III -> Reporting Delegation

May 14 2011

Enabling Reporting for SCSM Non Administrators

By Default only Service Manager Administrator role can see the reporting Icon in the Service Manager Console.

To allow other SCSM Console users to view reports, perform the following steps

Create the following optional Active Directory Groups:

-          SCSM Report Browsers

  • Add  the Service Manager Console users or groups who need read  access to the reporting Icon to the Browsers group

-          SCSM Report Publishers

  • Add  the Service Manager Console users or groups who need access  and publishing rights  to the Publishers group

-          Navigate to the Data Warehouse node in the SCSM Console |Security |User Roles

-          Report Users |Properties| Users |Add

-          Connect to the Report Manager URL <FQDN of DW Server>/Reports

-          Click on Details View on the Right (under Search)

-          Click on the white space next to the SystemCenter folder and Select Security

-          Click on New Role Assignment

-          Type the name of the group for the Role and select the reporting permissions (e.g. Browser for the Readers group)

-          Repeat for the Publisher Role (AD Group in our example)

-          Click OK

-          Click on the Home link

-          Click On the SystemCenter folder to Drill down to the next folder which is ServiceManager

-          Click on the white space next to the ServiceManager folder and Select Security

-          Click on New Role Assignment

-          Repeat the steps for setting the role types as performed on the SystemCenter Folder

-          Click OK

On the DW where SSRS is installed restart the SSRS Service

This would provide right level of SSRS access and also allow non SM Administrators to have the reporting Icon displayed in the Console.

No responses yet

New SCSM Self Service Portal -> Customize with no Web developement

May 04 2011

In this blog I will share

A redirection link is provided to redirect users back to the home page if the new user request is selected. Thank you to Kenny Stanford for helping me out with the web updates.

EndUsers requesting a new AD user creation is not a scenario for customers I have engaged with and the update to the page has been done due to the additional steps required to remove the hardcoded link. Instead we took the approach of presenting the end user with a message and hyper-link explaining the feature is not in use (non developer approach and business solution).

Disclaimer: This has been tested and implemented at Customers I have worked directly with and is provided with no warranty or support. The golden rule is test test test before implementing in a live environment.

 Steps to replace the existing Portals:

  • Backup current Enduser  and Analyst portal sub-directories.
  • Stop the SCSMPortal Site

  •  Rename the Analyst and EndUser sub-directories to .old as a rollback option.
  • Extract the ZIP file in this blog post to a temporary location
  • Copy the Extracted EndUser and Analyst directories to the original portal locations.
  • Restart the SCSMPortal website and test
  • The resulting site should look like below with the new Sharepoint style and the redirection link


11 responses so far

SCSM From Framework to Real Work Part II

Dec 23 2010

In part I of this series we explored the link between current frameworks and how we do our real work. We also discussed how SCSM takes you from framework to real work with less risk and more business benefit by being customizable and portable. We introduced the Administration node of the console.

In part II of Framework to Real Work, we will explore the Library node of the SCSM console


The library is your process toolbox. This part of the console contains the sub-nodes where various objects are provided for you and can be created for use in the ITIL/MOF processes SCSM implements. The objects and items in this section are relevant to the job you need to do (Incident or change management as examples). We will provide an introduction to the sub-nodes;

  • In SCSM you have things (Configuration Items – CIs) you want to do something to or, have something wrong with (Work Items). Groups are a used to organise CIs to match your organisations real work view.
  • Groups act as building block for organising CIs (e.g. All Database Servers) which then allows us to apply role based security (who has access to database servers), or how to categorise our incidents or change requests. More on Groups when we get into the specific process sections in our series of Framework to Real Work.


In SCSM you have the ability to learn from past experiences in your organisation, sharing known best practise and also providing access to external information.

  • The Knowledge sub-node presents a single pane of glass to view all your internal knowledge and use this information as part of your processes.
  • All Knowledge Articles – Where we can view all knowledge articles includes Archived, Draft and Published articles.
  • Archived – Knowledge articles that have been archived to reduce the number of articles presented/displayed whilst retaining important information (archived knowledge may be referred to if a known problem is encountered again).
  • Draft – Knowledge articles pending approval before publishing or not yet ready for publication
  • Published – Knowledge shown to our users or analyst depending on the ITIL/MOF process (e.g. in Incident Management – try this first user?)

  • Lists drive the Framework to Real Work flexible approach implemented by SCSM. This sub-node has default predefine lists used in the ITIL/MOF processes SCSM is designed to implement. We can extend this list to match our environment.
  • One approach to understanding the use of lists is to view their use to support the incident management process.
Incident Management Lists Description/Use
Incident Classification  Type of incident e.g Printer problems. Add your custom types. this list is presented as a drop down in the incident form
Incident Source  How the incident was raised. Email, portal and console are all examples. Also provides us with a method to measure and track where the incidents are generated
Incident Tier Queue  The levels of service support. The default is tier 1 , 2 and 3. Most environments may have 1st line , 2nd line and 3rd line. Rename and or extend as required to reflect your needs
Impact  Impact of the incident (NB this is a shared list with other processes) – Low, Medium and High. Extend as required.
Urgency Urgency of the incident (NB this is a shared list with other processes) – Low, Medium and High. Extend as required.


  • The default lists in SCSM can be renamed to suit the organisation terminology (Do Not Delete the default lists; they are referenced by GUID in default SCSM Workflows etc.). We can also create and extend the lists in the console (Some list types have to be created in the Authoring Tools only)

  • Queues are used to create collections of what needs to be done (Work Items – WIs) so we can assign it to the teams or individuals for doing what needs to be done. So we create a queue for all Desktop incidents and we can then assign the queue to the Desktop Group (Configuration Items user group).
  • Typically Queues are mapped to the Incident, Change and Configuration Management processes. We will expand on this as we progress through this series of Framework to Real Work.

  • This sub-node is where you create a gateway to external calls to tools used to support processes like incident and problem management. So we can create a ping task to launch the command prompt and ping a CIs (Computer) that is reported as unavailable.  SCSM allows you to pass the computer name automatically by querying the information in the SCSM Database. This not only presents a single gateway but also reduces the time it takes to switch consoles whilst also increasing user input quality.
  • Tasks can be scoped to specific areas in the SCSM Console (e.g. only present the launch Active Directory Users and Computers console from the Users node in SCSM). This means we can extend our role based security as well as only showing what is relevant to a section.

  • The templates found in the Library node is the second type of templates in SCSM. The two types are Notification and Forms. The forms (Library)Templates in SCSM provide two common functions; static (standard prefilled templates) or dynamic (workflow and activity templates). Templates are also best viewed by the process they support. Looking at the incident management process;  
    • Static (standard prefilled templates) – similar to traditional templates (e.g. MS word template with company logo and prefilled address); Template for all incidents created using the portal. From the image we can see that the incident source (refer to the use of lists described earlier) is prefilled with “Portal” and also the Urgency and Impact are also filled.

  • Dynamic (Workflow and Activity templates) – to perform an activity like changing the support team from 1st line to 2nd line, we have to create a template with the assigned field set to 2nd line. The workflow step will then “change” the field by “applying” our template. A second  workflow example is to assign incidents with a specific classification category (also refer to the Incident Classification List) to a support tier.


The library components in action

In our scenario to demonstrate the use of the Library node, all tickets are initially assigned to Tier 1. Once investigated we assign the ticket to the team responsible for further investigation; we will use the database team as our example.

Tier 1 use the Knowledge base as the reference to perform diagnostic tasks and escalation processes. Tier 1 assign the category to the relevant team (e.g. database team) using the Incident Category. A workflow monitoring the incident category field automatically assigns the incident to the next tier team.

Steps to achieve the scenario

  1. Create active directory group e.g. Database Support Team (add members)
  2. Create Active directory group called Tier 1 Support (add members)
  3. Synchronise the AD connector for SCSM
  4. Create the SCSM Group for the database components. We can use the business service as input for the group. Services are a component under the configuration Items node. We can define a simple service that includes all database servers.
  5. Modify the default Incident Template – change the Assigned to field to Tier 1 Support (AD group created)
  6. Create a Knowledge Article for Database Service Issue first diagnostics steps (e.g. KB directs Tier 1 to ping the server(s) and then check for the DB services; if unsuccessful change the Incident Category to the Database Services Problem)
  7. Create a task for the database diagnostics (e.g. ping task, services applet)
  8. Add a new list item to the Incident classification list (e.g. Database Service Problems)
  9. Create an Assigned to changing Template (dynamic) where the Assigned to field is set to the Database Support Team
  10. Create a Queue for the Database Support Team by using the Incident Classification field  equals “Database Service Problems”
  11. Create a Workflow that checks the Incident Category equals Database Service Problems and applies the Assigned to changing Template from step 9

In this blog we discussed the Library node in the SCSM console and how this node is core to the SCSM processes. We also explored a scenario for incident management to demonstrate how the various components interact and depend on each other.

We would explore detailed processes with screenshots in future blogs. The SCSM official step by step guides are available here

No responses yet

SCSM From Framework to Real Work Part I

Dec 05 2010

The latest addition to the System Center suite of products requires a change in mind set and approach to unleash the value and benefits to organisations who invest in it.

In this blog we will explore

The connection between frameworks and how we work

How to make frameworks like ITIL and MOF work for you

An introduction to the Administration node in SCSM Console and the business functions behind the node.

Frameworks and how we work

I received an expensive photo frame as a gift. static frame

The colour, quality and dimensions were just right. This would be perfect for the lounge. As excited as I was, I knew I had a major challenge ; I had hundreds of digital pictures on my computer and phones that would need to be printed ;

Which would be my favourite picture

Right size of pictures

Manually swap the pictures out or use the same picture but which one?

Printing cost – photographic shop or expensive printer and photographic printer paper?

My solution Digital Photo frame

Use my new static photo frame as a guide on dimensions for a digital photo frame

Get a digital frame of the same dimension


Display multiple pictures, sort by occasion and significantly reduce my cost.

SCSM – Making frameworks like ITIL and MOF work fork you

ITIL is an international framework which enables an organisation to address the challenge of providing excellent services without high costs. MOF is Microsoft’s framework for achieving the same result. ITIL does not state specific technology however, MOF is aligned with the Microsoft products that enable organisations to adopt and adapt both frameworks.

More on MOF here and ITIL here

Microsoft System Center Service Manager provides you the ability to apply ITIL and MOF frameworks in a digital photo album framework style, instead of, the traditional static photo frame style which has hidden costs and flexibility challenges.

Let me unpack this for you


Static frame type products require on-going customisation that introduces cost, e.g. cut the picture to fit the framework; modify the frame to fit the picture.

SCSM is built for customization – save your picture in multiple formats and sizes, preview before displaying and transport with ease, at a lower investment with great returns

Real work introduction to SCSM

To get the value of SCSM let us start with a foundation and build our ITIL/MOF processes on this core area of the product.

When you complete the installation of SCSM you are introduced to the SCSM console

SCSM ConsoleSCSM Admin Node

So where do you start?

In this section we will explore the Administration node

SCSM Admin Node Expanded



SCSM Announcements


Used to communicate proactive messages to organisation. Messages can be configured to expire automatically, priority assigned and role based security is applied to control quality of messages.

Active announcements are the announcements that have not expired (as set by the SCSM administrative user)


scsm connectorsThis node is used to create connectors to other systems like Active directory, SCCM , OpsMgr and other 3rd Party Systems

We can also use the CSV connector to upload data into SCSM

We will discuss connectors in detail in a future bog

Deleted Items

scsm deleted Items


SCSM objects that have been deleted (first phase deletion – similar to a recycle bin).

Once an object is deleted from the Deleted Items, it is removed from the Service Manager database

Management Packs (MPs)

scsm MPs


SCSM container or bucket for the default objects and how they are configured. Similar to OpsMgr MPs

There are 2 types , sealed and unsealed

Sealed = Read only and signed by you or the supplier of the MP to guarantee author source

Unsealed = Read /write. You can do a Save As on a sealed read only MP (i.e. export and then modify)

MPs are created and configured in a number of tools. The default for the SCSM administrator is the SCSM Authoring Tool (stand-alone and external to the console) and also within the SCSM Administrative console. Advanced developer type customisations to extend the product are typically performed in Visual Studio and similar tools.

Any customisation you make in the SCSM Administrative console needs to be stored in an MP, as most of the default MPs are sealed you need to create an MP for your customisations. The Authoring Tool has much more customisation functions and also extends the types of customisation that can be performed in the console in a controlled environment.

The MPs are the differentiator of SCSM from other products when it comes to customisation

Your customisation is stored in the portable container (MPs)

Move your customisations from development to production in a controlled manner

Share your customisations with other instances and also preserve during upgrades without the need for re-engineering costs.


scsm notifications


This where we configure foundation settings for notifications in other parts of SCSM Administration Console

Channels – the channel (SMTP infrastructure settings, default recipient etc.) for your notifications are configured here.

The first step in enabling email workflows (more on this in future blogs)

Subscription – who should we send notifications based on the workflow activity e.g. when a ticket is created for a queue or assigned to an individual.

Templates – preconfigured messages for your subscriptions, you are provided with default templates which you can copy and modify. You can also create your own (store it in an MP for portability).


scsm portalThis is where you customise the portal settings

Service Desk – Phone Number, email and Chat URL with their expected response times

What applications are published for users of the portal (has a dependency on the SCCM connector)

Automated Software Deployment workflow for users when they request published software (depends on the SCCM Connector and SCCM configured to allow the creation of deployment objects)


scsm securityRun As Accounts – connector and service manager controlled user accounts are configured and stored here. Examples include the installation accounts, Active Directory connector account etc. This will vary by environment (refer to the SCSM documentation for best practise guidance).

User Roles – Where we configure role based security settings; who has access to do what and what objects do they have access to do what on.


scsm settingsConfigure general settings here like

Incident ticket Prefix (default is IRxxx where xxx = sequence of numbers incremented with each new ticket)), Change Request Prefix (default is CRxxx where xxx = sequence of numbers incremented with each new change request) , Priority calculation matrix and your custom resolution time settings for incidents are all the types of settings configured here.

OpsMgr URL (part of OpsMgr integration)


SCSM WFsThis is where we use the guidance from our frameworks like ITIL, MOF and also how our organisation really works to automate the associated processes. Examples include

Routing tickets to a different team (SCSM term is Tier) based on the priority of a ticket or a category (e.g. Messaging category tickets get assigned to the messaging team and also moved to the messaging Queue (more on Queues in a future blog)

Configuration – Where we make configuration changes to the workflow (NB Workflows we create in the SCSM Authoring Tool will be displayed where once we have imported the relevant MP into the SCSM console).

Status – View the status of your workflows once they have been executed as specified in the specific workflow.

Bringing it all together

In this blog we explored the connection between industry standard frameworks and how we really work. We also discussed how SCSM allows you to bridge the gap between the frameworks and how we really work in our respective environment.

Finally we explored the Administration node of the SCSM console, providing a general explanation of the sub-nodes and their functions.

The detailed step by step guides for the SCSM can be found here . We will discuss other parts of the console in future blogs.

No responses yet

Asset Management with SCSM and SCCM -> SAFE with Provance -> The 80<->20 Story

May 22 2010

It is a known principle that 20% of challenges have an 80% negative impact on the business/technological Environment.


The converse is 20% of value add processes have an 80% positive impact on the business/technological environment.


In this blog we will be Stepping Away From the Environment (Thanks to my mate Andrew Craig)!!

We will look at the

- People side of Asset Management

- How System Center Configuration Manager addresses the technological challenges

- How the Provance Asset Management completes the story in System Center Service Manager

People side of Asset Management:

Asset Management begins and ends with people and ultimately can cost or add value to a business. I will step away from technology, and revisit my first job as a shop assistant; for this is where my first lesson in Asset management began; the Annual stock takes.

The dreaded stock take was the best opportunity for the shop to evaluate the stock levels and get the most accurate figure for its profit or loss on stock.

Damaged goods = financial offset for tax = lost revenue

Missing goods = lost revenue

Hidden goals = discounted sales = lost revenue = new people policies and procedures

With the introduction of technology (bar code readers for the life cycle of stock) and Just In Time stock ordering technology, the retail industry has minimized this loss. The dreaded stock take still goes on to validate the accuracy of the technology and provide visibility into goods missed by the technology tools.

The above retail story is the same challenge faced by the IT industry when it comes to true Asset Management.

System Center Configuration Manager’s role:

In my IT support and Consultancy journey I have often come across the myth that your CMDB and Asset Management challenges will be addressed with SCCM.

I agree partially and will add the statement that SCCM only plays a part in this process. Our IT assets have a life cycle

- They are born (ordered and received) – Financial Management 10% = People

- Grow up and may lose their way(Configured Networked and Managed) – Configuration Management (SCCM) 80% = Technology

- Go to technology paradise camp – Asset Disposal Processes and Financial management 10% = People

Provance and System Center Service Manager:

The most challenging part of true Asset Management is the 20% people part. The illustration below tells the story of how it all begins and ends with the Asset register. The technology part is the CMDB and the automation of the Asset Inventory processes using system management tools like System Center Configuration Manager to feed System Center Service Manager (Your new CMDB repository).


Here are four Reasons Why Asset Management is a Prerequisite for Creating a CMDB (Thank you to Peter Salfi from Provance for discussing and sharing your thoughts with me) .

­ The “dots” need to be identified before you start connecting them.  Build an Asset Registry first.  Focus on identifying and understanding “what” you have to work with before worrying about how they need to come together to form a service.

­ An IT Asset Management program allows you to maximize the use of what you have.  The appropriate mix of people, processes and technologies provides the necessary foundation for comprehensive and accurate asset information.  Once in place, the necessary relationships to define services that drive client-centric value and operational-centric efficiencies can be established.

­ Building a CMDB is a journey, not a destination.  Starting with a CMDB is impossible.  A fundamental core set of data that you can rely on is needed first.  Evolve from an Asset Registry to a CMDB.  Building a CMDB from scratch cannot be done easily, if at all.

­ Starting with Asset Management is the responsible thing to do.  Without a reliable starting point, building a CMDB will be time consuming, labour intensive and costly.  Establish a proper roadmap to assure your organization takes the right steps in the appropriate sequence to save on effort and expense.

· Microsoft is committed to including IT Asset Management capabilities as part of SCSM.

· Provance IT Asset Management Pack is the only native IT Asset Management solution Microsoft SCSM developed using the Service Manager common platform.

· Provance IT Asset Management Pack allows IT Asset Managers, Software Asset managers, IT Service Managers and IT Operations Managers in Organizations using SCSM to:

­ Take control of IT costs;

­ Improve IT Service management; and

­ Reduce security and compliance risks.

· Supporting ITIL, and the MOF 4.0, Provance IT Asset Management Pack strengthens the IT effectiveness of enterprises and government organizations at every level of the Microsoft Core IO model.  Provance IT Asset Management Pack accomplishes this by:

­ Being Native to SCSM;

­ Providing Software Asset Management;

­ Providing IT Asset Life Cycle management

­ Enhancing ITSM; and

­ Leveraging SCSM.

· Provance IT Asset Management Pack

­ Identifies overspending on unused software and compliance risks;

­ Allows contractual, organizational and financial details associated with IT assets to be viewed and managed within the System Center CMDB;

­ Improves decision support with supplemental costs, contract and organizational information.

· For Microsoft Solution Specialists and Technology Specialists, Provance IT Asset Management Pack fulfills customer demand for IT Asset Management and increases the competitiveness of Service Manager.

· For Solution Integrators and Partners of Microsoft Infrastructure solutions, Provance IT Asset Management increases the competitiveness of Microsoft System Center and creates additional engagements and consulting opportunities.

­ Solution Integrators, in working with Provance IT Asset Management Pack, can configure and customize it, using existing knowledge of Microsoft applications and technologies.

Remember you need the 20% of your people commitment and processes to deliver on the rest of the 80% true business value through Asset Management.

Visit the System Center Service Manager site

Provance site

No responses yet

Older posts »