共用方式為


Enable Agent Proxy for a Class (ClassProxyEnabler)

Agent Proxy needs to be enabled for several different management packs features to work properly.  Active Directory, Cluster and Exchange are just a few common management packs requiring Agent Proxy to be enabled.

Enabling the Agent Proxy security setting allows an agent to submit data on behalf of another source.  By default, this setting is not enabled for any agents.  So when we import a management pack which expects an agent to submit data not originating from that agent (other sources), we need to enable this security feature in order for some workflows to function.

There are several scripts available in various posts which help accomplish this task, as it can be quite tedious selecting individual agents and configuring this manually.  There are even a couple tools published that have helped many administrators accomplish this task, both GUI and command line.

Since it’s usually a particular type or role which an agent hosts that requires Agent Proxy to be enabled, I thought it would be nice if we could run a script that would enumerate all agents that host a particular type or role and enable Agent Proxy in one pass.

By the way, I hear that there will be increasingly more MP’s which will require Agent Proxy, so the future of Agent Proxy is very strong and we’ll need a way to enable this setting for the masses.

 

Exclamation Test this script thoroughly in your lab environment before attempting to use in production to avoid mistakenly enabling or disabling agent proxy on unintended targets.  If you choose to run it against Windows Computer class, it will enable or disable it for all agents in the management group.

 

Note This script works its way up the parent class path, until it finds a Windows Computer object.  It then resolves the Agent Base Managed Entity Id and sets the Agent Proxy property.  If the class you choose does not resolve to a Windows Computer object, the script will fail. Keep in mind, this is a fairly raw script without error handling and many bells and whistles.

 

GreenCircle Here are a few classes I tested the script against, enabling Agent Proxy on agents which commonly need it enabled.
  * Microsoft.Windows.Server.DC.Computer – all domain controllers
  * Microsoft.Windows.Cluster.Node – all cluster nodes
  * Microsoft.Exchange.ServerRole.2003 – all exchange 2003 server roles
  * Microsoft.Exchange2007.ServerRole – all exchange 2007 server roles
  If you want to return a list of all classes, run the following command:
  Get-MonitoringClass | Select DisplayName,Same | Sort DisplayName

 

Question Usage: Copy the entire script below, everything between ##--Begin and ##--End, and paste into a text file in some location.  Name the file ClassProxyEnabler.ps1. Open Operations Manager Command Shell and type in the path to the script and the required parameters, and hit enter. Parameters Class Name: This is the class system name, not the friendly name. $True/$False: $true to enable, $false to disable Output directory: The script logs all actions to this directory, with file name “class_date_time.txt”.  This directory must exist.  If there are spaces in the path, the path must be enclosed in quotes. Example: c:\ClassProxyEnabler.ps1 Microsoft.Windows.Server.DC.Computer $true c:\out\  image

 

##--Begin ClassProxyEnabler.ps1

Param($className,$bTF,$fileDir)
##--Get the class in which you want to set Agent Proxing
$class = Get-MonitoringClass | Where {$_.Name -eq $className}
##--Get all objects in that class
$objects = Get-MonitoringObject -monitoringClass:$class
##--Create an array of BME's
$arrBME = @()
Foreach ($object in $objects)
{
Do
{
$parent = $object.getParentPartialMonitoringObjects()
Foreach ($oParent in $parent) {If ($oParent.FullName -match "Microsoft.Windows.Computer:") {$object = $oParent}}
}
Until ($object.FullName -match "Microsoft.Windows.Computer")
$arrBME += $object.Id.ToString()
}
##--Create an array of agents to help script performance.
$agentArray = @()
Foreach ($agent in Get-Agent)
{
$agentArray += $agent
}
##--Create output file
$localTime = (get-date).ToLocalTime()
$year = $localTime.year.ToString()
$month = $localTime.month.ToString()
$day = $localTime.day.ToString()
$hour = $localTime.hour.ToString()
$min = $localTime.minute.ToString()
$fileName = $class.name + "_" + $year + "-" + $month + "-" + $day + "_" + $hour + "-" + $min + ".txt"
$filePath = $fileDir + $fileName
##--Walk through the array and set Agent Proxying for each agent
Foreach ($BME in $arrBME)
{
$i=0
While ($i -ne $agentArray.count)
{
If ($BME -eq $agentArray[$i].Id.ToString())
{
##--Screen formatting
##--If already set to preference, skip with message.
If ($agentArray[$i].ProxyingEnabled.Value -eq $bTF)
{
$agentArray[$i].ComputerName + "`tNo action taken"
$agentArray[$i].ComputerName + "`tNo action taken" | out-file $filePath -append
$i = $agentArray.count
##--Allow operator to track screen output
Start-Sleep -m 200
}
##--If not set to preference, modify with message.
Else
{
$agentArray[$i].ComputerName + "`tModifying..."
$agentArray[$i].ComputerName + "`tModifying..." | out-file $filePath -append
$agentArray[$i].set_proxyingEnabled($bTF)
$agentArray[$i].applyChanges()
$i = $agentArray.count
##--Allow operator to track screen output
Start-Sleep -m 200
}
}
Else
{
$i+=1
}
}
}
Write-Host "`n`n`n`nResults saved to $filePath`n`n`n"

##--End ClassProxyEnabler.ps1

 

tip Schedule this script to run on a regular basis for the domain controller or cluster classes.  Whenever new domain controllers or cluster nodes come online, Agent Proxy will be enabled automatically. This script ONLY makes modifications if required.  In other words, there is no harm in running this multiple times.  Agent Proxy will only be modified if it does not match the $true or $false parameter supplied.

Comments

  • Anonymous
    January 01, 2003
    Mathew - There is no problem with enabling agent proxy on all agents.  I do this all the time with customers, since most MP's require it anyway.  We actually use the same script you posted there, but enable for all agents.

  • Anonymous
    January 01, 2003
    Thanks for the suggestion, Sam.  I'll look into adding some validation logic to the script.

  • Anonymous
    January 01, 2003
    Hi Layne, Thanks for letting me know about an issue with this script.  I had a similar issue in another envrionment, but wasn't sure if it was a one-off.  Seems to be a difference in Powershell environments and doing the math function for the output formatting section.  Maybe someone with more of a programming background can comment.  For now, I took the math out and updated the script here.  Let me know if this works for you. -Jonathan

  • Anonymous
    November 20, 2009
    Hello Jonathan, great blog and scripts.  I ran this one in my test environment against the Microsoft.Windows.Cluster.Node class without any issues.  When run in production however, I get many errors, ClassProxyEnabler.ps1:58 char:56

  •                 $agentArray[$i].PrincipalName + $space*$ <<<< spaceCount + "No action taken" Bad argument to operator '*': Specified argument was out of the range of valid values. Parameter name: rval. I'm a PowerShell novice, any ideas?  Thanks!
  • Anonymous
    November 23, 2009
    Hi Jonathan.  The updated script now executes without errors in my production environment.  As it turns out, all my cluster nodes were already setup for proxy. :)  Thank you for the quick reply and resolution.  Keep up the good work! -Layne

  • Anonymous
    March 31, 2010
    Hi Jonathan! Great script, saved us quite a lot of time when deploying our new Opsmgr environment with a couple of hundred cluster nodes. One thing though. Perhaps a $null check would be great in the Foreach-loop to avoid a never ending error loop if you type the class incorrectly. :)

  • Anonymous
    October 28, 2010
    Thanks for this!  I followed the documentation for the SharePoint 2010 management pack discovery instead of doing what made sense and consequently enabled proxying on all my agents. I only have a couple systems I want proxying enabled on, so I just disabled it on all agents and went back and manually enabled here and there. foreach ($agent in (get-agent)) {$agent.set_proxyingEnabled($false); $agent.applyChanges()}