none
SCOM 2012 R2 UR14 update RRS feed

  • Question

  • Hi All,

    We are updating the SCOM 2012 R2 with UR14 soon.

    Got a doubt with the user account to be used to install the UR14. Currently we are planning to use two seperate accounts.

    One account to install the UR14 and another account to run the UR14 SQL queries.

    This is becase the SCOM team do not have permission to login to the SCOM Database and Datawarehouse Servers, this is managed by a seperate team.

    So, the question is by using seperate accounts will the UR14 update be affected in any way. Like Agents do not show up in Pending Management after UR14 update, etc...

    I had read in Kevin Holman's bolg for updating Update Rollups in SCOM "we MUST log on to each server role as a Local Administrator, SCOM Admin, AND the account must also have System Administrator role to the SQL database instances that host your OpsMgr databases "

    Please advice, thanks in advance!

    Sreejeet


    • Edited by Sreejeet Monday, January 20, 2020 11:26 AM
    Monday, January 20, 2020 11:25 AM

Answers

  • Hi All,

    We have successfully updated SCOM 2012 R2 with UR14 patch. We contacted Kevin Holman regarding the usage of an Account for implementing UR14, he advice on all the SCOM Management Servers to update any Update Rollup we should use a single account having the following rights:

    Local Administrator, SCOM Admin, and the account must also have System Administrator role to the SQL database instances that host your OpsMgr databases.

    Thanks,

    Sreejeet

    Monday, February 3, 2020 2:55 PM

All replies

  • Hi Sreejeet,

    you need Local and SCOM Admin credentials to install the Update on your infrastrcuture servers:

    "You MUST log on to each server role as a Local Administrator, SCOM Admin"

    and you need SQL Admin permissions in order to tun the query in a successfull way:

    "AND your account must also have System Administrator role to the SQL database instances that host your OpsMgr databases"

    but the query can also be run from another user, who has SQL Admin rights, like an user from your DBA Team. It is not a must to run the query with the SAME account, which also does the installation. I have done this many times:

    - Installed the UR with Local Admin/SCOM Admin account
    - Delegated the query to another user, who has SQL Admin permissions. 

    Hope I was able to help. 

    Regards,


    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer" where applicable. This helps the community, keeps the forums tidy, and recognizes useful contributions. Thanks!) Blog: https://blog.pohn.ch/ Twitter: @StoyanChalakov



    Monday, January 20, 2020 11:49 AM
    Moderator
  • Hi,

    Kevin pointed out clearly what permissions are required, if your account lacks any of those the update might fail.

    To apply the .msp files you will be required to have 1) local administrator, 2) SCOM administrator on the SCOM management servers.

    To apply the SQL scripts, this account will require to have 1) sysadmin privileges.

    Note: Better make sure to have backups prior to the upgrade as well.

    Best regards,
    Leon


    Blog: https://thesystemcenterblog.com LinkedIn:

    Monday, January 20, 2020 11:51 AM
  • You are right, The account used for the UR installation will need both Local Admin, SCOM Admin, SQL Sysadmin rights or the "Windows Agents" will not show in the pending management.

    This does not impact the Linux Agents however.

    If you are OK to upgrade the Windows Agents via SCCM or Windows update you should be OK.

    In this case you can ask your SQL Admin to provide temp permissions to your SCOM Account and remove them later on.

    Gautam.75801

    Monday, January 20, 2020 11:56 AM
  • Hi Gautam,

    So you mean if I use two seperate accounts once for UR14 installation and another for running UR14 SQL queries, we might face issue where the SCOM Agent will not show up under Pending Management?

     Thanks,

    Sreejeet

    Monday, January 20, 2020 12:16 PM
  • Hi Leon,

    Thank you for the reply.

    As Gautam replied below, if we don't use an account which has all the rights as local administrator, SCOM administrator and sysadmin privileges, we might face an issue where the SCOM Agents will not show up in Pending Management.

    Please advice with your experience on this.

    Regards,

    Sreejeet

    Monday, January 20, 2020 12:20 PM
  • Hi Stoyan,

    Thanks for your reply.

    Did you face Agent Update issue after UR update, like SCOM Agent not showing up under Pending Management if using two seperate accounts one for MSI installation and another for running SQL query?

    Regards,

    Sreejeet

    Monday, January 20, 2020 12:22 PM
  • I have not encountered this as I've always upgraded with an account that has local admin, SCOM admin and sysadmin permissions.

    I would highly suggest you to ask your SQL team to temporarily give your account sysadmin for the upgrade process only, this would ensure you don't get into any problems during the upgrade.


    Blog: https://thesystemcenterblog.com LinkedIn:

    Monday, January 20, 2020 12:24 PM
  • Hi Stoyan,

    Thanks for your reply.

    Did you face Agent Update issue after UR update, like SCOM Agent not showing up under Pending Management if using two seperate accounts one for MSI installation and another for running SQL query?

    Regards,

    Sreejeet

    Hi Sreejeet,

    this applies only when updating over Windows Update. I never had an issue with the agents, when different accounts were used, during the UR install.

    Like already stated you need to ensure that the account, used for installing the patches on your Management and Gateway Servers is Local Admin and SCOM Admin and the account, running the queries is Sysadmin in SQL, but I have never read a requirements, which states that this must be the SAME account. 

    Can you imagine the consequences of such requirement in an Enterprise environment, where you have strict roles and teams, each with their own npermission set? 

    Hope I could clarify this. 

    Regards,



    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer" where applicable. This helps the community, keeps the forums tidy, and recognizes useful contributions. Thanks!) Blog: https://blog.pohn.ch/ Twitter: @StoyanChalakov


    Monday, January 20, 2020 12:51 PM
    Moderator
  • Thanks for the information Stoyan!
    Monday, January 20, 2020 1:32 PM
  • Thank you for the update Leon.
    Monday, January 20, 2020 1:33 PM
  • With refer to Update Rollup 14 for System Center 2012 R2 Operations Manager,https://support.microsoft.com/en-us/help/4024942/update-rollup-14-for-system-center-2012-r2-operations-manager, the update sequence as

    1)

    Install the update rollup package on the following server infrastructure:

    Account user right

     

    Management server or servers

    Local administrator right

     

    Audit Collection Services

    Local administrator right

     

    Gateway servers

    Local administrator right

     

    Web console server role computers

    Local administrator right

     

    Operations console role computers

    Local administrator right

     

    Reporting

    Local administrator right

     

    Agent

    Local administrator right

    2)

    Apply SQL scripts (see installation information).

    System Administrator role to the SQL database instances

    3)

    Manually import the management packs.

    Operations Manager Administrator

    4)

    Apply the agent update to manually installed agents, or push the installation from the Pending view in the Operations console.

    Local administrator right

    Roger

     
    Tuesday, January 21, 2020 4:29 AM
  • Hi,
     
    I didn’t find article mentioned the permission need on one account. Either I didn’t separate the permission to do the upgrade before. If you have test environment, you can try the method what Stoyan said. Also if you can ask your SQL team to get temp permission, you can also consider what Leon suggested.
     
    Hope it can help.
     
    Best regards.
    Crystal

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, January 21, 2020 6:00 AM
  • Hi All,

    We will update SCOM 2012 R2 with UR14 on 30th Jan. We are using seperate accounts; one for UR14 MSI installation and another for running UR14 SQL scripts. I will inform you all with how the update went.

    Thank you all for the valuable information.

    Regards,

    Sreejeet

    Tuesday, January 21, 2020 7:46 AM
  • Hi Sreejeet,

    Thanks for your information. We will wait for your update. If there's anything we can help during that time, feel free to post back to discuss together.

    Best regards.

    Crystal


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, January 22, 2020 4:50 AM
  • Hi All,

    We have successfully updated SCOM 2012 R2 with UR14 patch. We contacted Kevin Holman regarding the usage of an Account for implementing UR14, he advice on all the SCOM Management Servers to update any Update Rollup we should use a single account having the following rights:

    Local Administrator, SCOM Admin, and the account must also have System Administrator role to the SQL database instances that host your OpsMgr databases.

    Thanks,

    Sreejeet

    Monday, February 3, 2020 2:55 PM
  • Hi Sreejeet,

    Thanks for the reply. I am glad to hear that the update is installed successfully. Congratulations! And thanks for the sharing.

    Have a nice day.

    Best regards.

    Crystal


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, February 4, 2020 5:17 AM