How to Restore in a Single-Server Deployment

  • Article

Use the following procedure to restore Essentials 2007 in a single management server deployment.

Important

Restoring the WSUS code signing certificate is possible only with the SP1 version of System Center Essentials 2007. With the RTM version, you cannot restore any software packages that were created prior to a failure, and therefore, you must re-create them.

To restore Essentials 2007 data

  1. Repair the failing management server, or designate a new server for that role. In either case, follow these guidelines:

    • The new management server must be configured with the original management server name.

    • The new management server must be in the same original domain. If it was not possible to properly uninstall Essentials 2007 after the failure, then you must delete the computer container for the Essentials 2007 management server prior to re-joining the server to the domain.

    • If Active Directory has also been failing, then it must be restored. Ensure that the System Center Essentials All Computers Policy and the SCE managed computers policy ([SCESERVER]_MG) exist.

  2. If you have a backup of the update content files folder, copy those files into a location that the Essentials 2007 Management Server can access.

  3. Install Essentials 2007 on the new management server:

    1. Select a database instance with the same name as the previous Essentials 2007 database instance.

    2. Specify the same action account that was used before.

    3. Specify the location of the existing update content files folder during Essentials 2007 setup.

      Note

      For example, if the update content files are stored at the %SYSTEMDRIVE%\SCE\WsusContent folder, then you need to specify the Update content location as %SYSTEMDRIVE%\SCE during Essentials 2007 setup.

    4. Complete Essentials 2007 setup.

  4. On the Essentials 2007 Management Server, stop the following services:

    • OpsMgr Health Service

    • OpsMgr Config Service

    • OpsMgr SDK Service

    • Update Services

  5. Detach the newly created databases from the selected SQL Server 2005 database instance as follows:

    1. Launch SQL Server Management Studio.

    2. Right-click the Essentials 2007 database name, and select Tasks > Detach to detach the Essentials 2007 database.

    3. Repeat step b for the WSUS and the Essentials 2007 Data Warehouse databases.

    4. Right-click the Databases node, and then click Attach.

    5. Click Add, and then select the .mdf and .ldf files of the previous Essentials database from your backup.

    6. Repeat steps d and e for the WSUS and Essentials 2007 Data Warehouse databases.

  6. Set ENABLE_BROKER for the OperationsManager database if needed. See the Set ENABLE_BROKER section below to determine if this step is needed, and for information about how to perform it.

  7. Run the SecureStorageBackup tool from the System Center Essentials 2007 installation folder, and use the Encryption Key Backup or Restore Wizard to restore the management server encryption key. For information about how to restore the encryption key, see How to Restore the Encryption Key.

  8. Restart the following services:

    • OpsMgr Health Service

    • OpsMgr Config Service

    • OpsMgr SDK Service

    • Update Services

  9. If you are running the SP1 version of Essentials 2007, then you can restore the WSUS Code Signing Certificate as follows:

    1. Start a Microsoft Management Console (MMC) session by clicking Start, clicking Run, typing mmc, and then clicking OK.

    2. Add the Certificates snap-in to the MMC console as follows:

      1. Click File, and then click Add/Remove Snap-in.

      2. In the Add/Remove Snap-in dialog box, click Add.

      3. In the Add Standalone Snap-in dialog box, in the Snap-in list, double-click Certificates.

      4. On the Certificates snap-in page, click Computer account, and then click Next.

      5. In the Select Computer page, select Local computer, and then click Finish.

      6. Close the Add Standalone Snap-in dialog box, and then click OK the Add/Remove Snap-in dialog box.

    3. In the Console Root window, expand Certificates (Local Computer).

    4. Run the Certificate Import Wizard to import the <SCE InstallDir>/Certificates/WSUSCodeSigningCert.cer (the WSUS code signing certificate file) to the Local Computer Trusted Publisher store, the Trusted Root Certification Authorities, and the Third-Party Root Certification Authorities stores.

    5. Use the WSUSCertificateRestore.exe tool to restore the WSUS Code Signing Certificate’s PFX file to the management server. In a command prompt, go to the <SCE installation>\Tools folder, and type:

      WSUSCertificateRestore [PFXCertificateFile] [PFXPassword]

    6. Ensure that the WSUSCodeSigningCert.cer certificate file is in the <SCE Installation>/Certificates folder.

  10. If the domain based policies System Center Essentials All Computers Policy and the SCE managed computers policy ([SCESERVER]_MG) were previously used, and are no longer available in Active Directory, then start the Essentials 2007 console, and run the Feature Configuration Wizard to re-create them.

  11. Run the Certificate Import Wizard to import the <SCE InstallDir>/Certificates/WSUSSSLCert.cer certificate file to the Local Computer Trusted Root Certification Authorities store.

  12. If using local policy or if the domain based policy is still available, attach the WSUSSSLCert.cer to the WSUS Administration website in IIS. Ensure that the WSUSSSLCert.cer certificate file is in the <SCE Installation> /Certificates folder.

    For more information, see the IIS Help topic on TechNet Installing Server Certificates (IIS 6.0).

  13. This step is necessary only if you selected the Local Policy option for configuring Essentials 2007 servers and managed computers in the Feature Configuration Wizard. Select the Repair option for all managed computers as follows:

    1. In the Essentials 2007 console, click the Administration button.

    2. In the Administration pane, expand Device Management.

    3. Click Agent Managed.

    4. Right-click all managed computers, and click Repair.

  14. If any computers were added after the date of the database snapshot, then you can restore them as follows:

    1. In the Essentials console, select Administration.

    2. In the Administration pane, select Settings.

    3. In the Settings pane, expand the Server group, and double-click Security.

    4. In the Server Settings–Security dialog box, select the Review new manual agent installation in pending management view option, and then click OK.

    5. You can view and re-approve these agents in the Administration pane when you expand Device Management, and Pending Management.

Set ENABLE_BROKER

Before you can run tasks and use the Discovery Wizard to install agents, you need to set the ENABLE_BROKER value.

After moving the OperationsManager database, the status of the Sql Broker Availability Monitor might be set to ‘critical’ or to 'Sql Broker is disabled'. You can check the state of the Sql Broker Availability Monitor by running the following SQL query:

SELECT is_broker_enabled FROM sys.databases WHERE name='OperationsManager'

Where ‘OperationsManager’ is the default database name, replace this name as appropriate.

If the query result is ‘0’, then the Sql Broker is disabled and you must re-enable it using the following procedure.

To set ENABLE_BROKER

  1. Open SQL Server Management Studio.

  2. In the Connect to Server dialog box, select the appropriate values in the Server type list, in the Server name list, in the Authentication list, and then click Connect.

  3. Click New Query.

  4. In the query window, enter the following query:

    ALTER DATABASE OperationsManager SET SINGLE_USER WITH ROLLBACK IMMEDIATE

  5. Click Execute.

  6. Enter the following query:

    ALTER DATABASE OperationsManager SET ENABLE_BROKER

  7. Click Execute.

  8. Close SQL Server Management Studio.

    Note

    Closing SQL Server Management Studio closes the connection to the database in single user mode. Depending on your configuration, you may have to manually kill any process that is connected to the database before completing the ALTER query below.

  9. Open SQL Server Management Studio.

  10. In the Connect to Server dialog box, select the appropriate values in the Server type list, in the Server name list, in the Authentication list, and then click Connect.

  11. Click New Query.

  12. In the query window, enter the following query:

    ALTER DATABASE OperationsManager SET MULTI_USER

  13. Click Execute.

You can verify the setting for ENABLE_BROKER is set to 1 by using this SQL query: SELECT is_broker_enabled FROM sys.databases WHERE name='OperationsManager'.

Note

Before you can use discovery, you must restart the following services: OpsMgr SDK Service, OpsMgr Config Service, and OpsMgr Health Service. You may also need to restart the following services: SQL Server and SQL Server Agent.