Controlled reboot sequence across multiple dependent servers?

Hello, I was wondering if there's any guidance/best practice for controlling a reboot sequence across multiple servers with dependencies?  IE, given Database A, App B C D, Apps must go down, then Database, then Database must come up, then apps.

I figuerd you could terminate the problmeatic services on the app servers, reboot the DB, and then trigger a reboot on the app servers based on ping response to the database?  But I'm not sure how you would set up that trigger in the SCCM console. 

Thoughts?

August 28th, 2015 5:27pm

There are much better tools to do this with then CM12. Why must you use CM12 to do this?
Free Windows Admin Tool Kit Click here and download it now
August 28th, 2015 7:25pm

Concur with Garth. ConfigMgr does not have this type of capability built in -- you could build something yourself that ConfigMgr leverages but it would be a fair amount of work. This is an orchestration task that is easily handled by Microsoft's System Center Orchestrator though. 
August 30th, 2015 9:53am

Okay, I've now set up an Orchestrator 2012 R2 server, and I'm totally lost.  How would you do this with SCORCH?
Free Windows Admin Tool Kit Click here and download it now
September 2nd, 2015 3:41pm

Okay, I've now set up an Orchestrator 2012 R2 server, and I'm totally lost.  How would you do this with SCORCH?

It would be better to post this question to the SCORCH forum.

https://social.technet.microsoft.com/Forums/en-us/home?category=systemcenterorchestrator

September 2nd, 2015 5:16pm

Okay, before I do that - why not say why you think this should be done in Orchestrator rather than with a Powershell script?  I've done some research on this, and I haven't found any examples of it, which given how common the activity is, makes me a little worried.  I've also done some research on how you would even launch a runbook from SCCM, and the best I can find is a third-party utility called SCOJobRunner, so I'm not exactly sure how I'm going to make this useful with a patch deployment.  

So before I spend a bunch of time learning a new tool, can you give me a bit more of a justification on why you would go this route?

Free Windows Admin Tool Kit Click here and download it now
September 2nd, 2015 5:27pm

I'm sure that with enough effort you could do it with PowerShell but SCORCH is designed for this type of thing.

I still don't understand why you want to run a SCORCH runbook for CM12 at all, Why wouldn't you start everything for SCORCH?

September 2nd, 2015 5:37pm

I'm wondering if there's been a miscommunication here.  I need to do a controlled, tiered reboot, post-install.  The assumption is that the install would come from SCCM, since that's what SCCM does.  Would you install from SCORCH instead?
Free Windows Admin Tool Kit Click here and download it now
September 2nd, 2015 6:10pm

No, ConfigMgr does *not* do this. ConfigMgr install updates, that's it. What you are asking for is orchestrating the installation of updates among multiple systems which ConfigMgr has no capabilities for whatsoever. System Center Orchestrator however can initiate the installation updates (via ConfigMgr) in a controlled, tiered, sequenced ... whatever you want to characterize it as ... fashion.

Orchestrator orchestrates activities, whatever those activities may be, across, among, or between different systems and applications.

September 2nd, 2015 6:57pm

You don't call the runbook from ConfigMgr, you initiate the client agent installation updates from the runbook. The runbook is master control and orchestrates the installation and other actions make sure they are all initiated and completed in the proper order.
Free Windows Admin Tool Kit Click here and download it now
September 2nd, 2015 7:00pm

I'm sure that with enough effort you could do it with PowerShell but SCORCH is designed for this type of thing.

I still don't understand why you want to run a SCORCH runbook for CM12 at all, Why wouldn't you start everything for SCO

September 2nd, 2015 7:53pm

I'm wondering if there's been a miscommunication here.  I need to do a controlled, tiered reboot, post-install.  The assumption is that the install would come from SCCM, since that's what SCCM does.  Would you install from SCORCH instead?

Kind of.

You'd initiate the SCORCH runbook which has a SCCM connector so it tells SCCM to do said install.

So SCCM is still performing the install, but it's merely executing actions given to it by SCORCH which accepts much more complex orchestration logic.

Free Windows Admin Tool Kit Click here and download it now
September 2nd, 2015 7:55pm

Okay, so I did some more research and posted a question in the SCORCH forums to continue this.  At the risk of beating a dead horse, I wanted to propose an idea:

Two different collections.  Collection 1 is primary servers.  Collection 2 is dependent servers.  Collection 1 has a maintenance window that preceeds Collection 2.  Collection 1's deployment fires a PS that shuts down services on Collection 2 with Stop-Service, then allows the reboot.  Servers should reboot in maintenance window, which means they are back up before Collection 2 needs to run?  Collection 2's deployment checks status of services on servers in Collection 1, then installs.  Collection 2 then triggers reboot in maintenance window.  Services could be set to automatic or started with Start-service, who cares.

Collection 1 and 2 should probably be managed by direct membership.  

Would that work?

September 4th, 2015 4:40pm

How and where would the PS script run on Collection 1?

How much before will the MW be for Collection #1?

Are you sure that Server will Reboot during the MW, there is no Guarantee that will happen.

How will Collection 2 Check the status of servers in Collection 1?

It sound like you got a lot of testing ahead of yourself.

Free Windows Admin Tool Kit Click here and download it now
September 5th, 2015 12:03pm

Is this actually a solved issue in SCORCH?  
September 9th, 2015 3:50pm

Not sure what "issue" you are referring to here. System Center Orchestrator is a tool exactly as we have all described. Use of this tool can address your challenge. It's a open ended tool that can be used to address many different, actually an unbounded set of challenges around orchestrating activity across different systems and applications.

If you are looking for a one button solution, you are not going to find it -- IT is rarely that simple -- if it was, none of us would have jobs.

Free Windows Admin Tool Kit Click here and download it now
September 9th, 2015 3:56pm

Garth listed a bunch of issues with my solution, IE maintenance window timing, what to do if the window overruns, etc.  The implication is that there are obvious solutions to these problems using Orchestrator.  I'm trying to get more information along those lines.

I have at this point done hours and hours of Google research on doing this in Orchestrator and I haven't come up with much.  My Orchestrator post similarly hasn't gotten me much good information.  The questions in Orchestrator seem to be the same as SCCM - how do you schedule your maintenance windows?  How do you control them while you're in them?  What do you do if you overrun, can you terminate early?  - so I'm not seeing the obvious applicability of Orchestrator, and neither is Google.  I've found a couple of not-amazing blog posts on the issue, and not much else.  People refer again and again to those same two blog posts.

I'm not looking for a one-button solution, but I need something more than "just go use Orchestrator" with zero information on how it helps.  You would think that the Orchestrator forum would provide that information but, currently, that's not happening.  You would also think with this many people saying "just use Orchestrator!" in this thread, that at least one of them would show up in the second, but that's not happening either.  So, I'm trying to use the thread that actually IS getting attention and IS getting responses to get more information.

September 9th, 2015 4:37pm

If using Orchestrator, you be calling a script (most likely) to initiate the updates on a specific system, thus, maintenance windows are irrelevant as they do not affect manually initiated activity.

Ultimately, all Orchestrator does is initiate an activity. What that activity is and what it does is up to you. Thus, the first step to design the flow at a high level. Break it down into blocks and tackle each block.  Initiate the updates on a series of subset of systems would be one block. You would then wait until these updates finished and start the updates on a new subset of systems. You may throw reboots in there also. Start with a high level, English flowchart and then translate that into technical terms. This is very similar to a programming activity -- if you've never done any, get a programmer to help you start.

Free Windows Admin Tool Kit Click here and download it now
September 9th, 2015 4:48pm

Okay, but you need to create a scheduler in Orchestrator, right?  To actually fire the runbook.  Or else you're doing this by hand.
September 9th, 2015 5:00pm

Am I making sense?  Do you see what I'm asking?

I get the feeling that people think Orchestrator is great because it's easy to reboot server A then wait and reboot server B, but it's not actually that hard to do that in Powershell either, so it's not a huge gain there.  But no one seems to be interested in answering the "how do you get this to run on time" question.

Free Windows Admin Tool Kit Click here and download it now
September 9th, 2015 5:20pm

Ultimately, correct, this is something you can do in PowerShell also; however, you don't getting any detailed auditing in Orchestrator and there's no way to really delegate credentials in PowerShell either. There's also a lot to be said for a single tool where all of your tasks, jobs, etc are contained in.

You can create a scheduled to kick a runbook off although that's not necessarily Orchestrators strength per se. You can kick one off manually also or in response to something else the runbook is watching for in the environment. 

This is all very Orchestrator specific though.

The core of the answer here though is that ConfigMgr provides no coordination, sequencing, or orchestration capabilities so to get that functionality, you will have to turn to another tool for help. That's where Orchestrator can come in but if you prefer to do it with PowerShell, SMA, VBScript, or some other tool is your choice and will be specific to your implementation. I know of organizations that have built complete toolsets around this concept to fulfill their own requirements. It's an open ended answer because the problem is not bounded and will be unique to your organization and its requirements.

September 9th, 2015 6:53pm

Ultimately, correct, this is something you can do in PowerShell also; however, you don't getting any detailed auditing in Orchestrator and there's no way to really delegate credentials in PowerShell either. There's also a lot to be said for a single tool where all of your tasks, jobs, etc are contained in.

You can create a scheduled to kick a runbook off although that's not necessarily Orchestrators strength per se. You can kick one off manually also or in response to something else the runbook is watching for in the environment. 

This is all very Orchestrator specific though.

The core of the answer here though is that ConfigMgr provides no coordination, sequencing, or orchestration capabilities so to get that functionality, you will have to turn to another tool for help. That's where Orchestrator can come in but if you prefer to do it with PowerShell, SMA, VBScript, or some other tool is your choice and will be specific to your implementation. I know of organizations that have built complete toolsets around this concept to fulfill their own requirements. It's an open ended answer because the problem is not bounded and will be unique to your organization and its require

Free Windows Admin Tool Kit Click here and download it now
September 9th, 2015 7:23pm

So, just to verify:  When people were responding "use Orchestrator", it was not out of any kind of knowledge or proficiency?  For all they knew, this actually isn't even something you can do in Orchestrator?  They were simply voicing that SCCM doesn't do this out of the box?  Am I understanding you correctly?  Because that seems... pretty irresponsible.

I know it can be done and what my clients do (and what I recommend) is to hire a SCORCH expert. My client don't want to pay me to learn on their dime.

When I talk to them after the fact, they are happy with the results.

September 9th, 2015 11:18pm

OK, my final post in this thread -- mainly because you don't want to go do any research and learn anything on your own and just want to whine that no one will do your job for you -- sorry, that's harsh but based on your comments, its accurate.

Yes, it can be done. I've seen some amazing runbooks created with Orchestrator that do all sorts of things including controlling patch management from ConfigMgr -- look at anything that Pete Zerger has done including his many, many sessions various user groups and conferences. It absolutely can be done if you actually roll up your sleeves, learn the tools, and try. Orchestrator is not the only way, it is *a* way. If you want to use PowerShell, please go for it. If you want to use SMA, great. If you want to use maintenance windows, great, that can work too. Only you know your exact requirements and only you can match those of the various capabilities present in the various toolsets. With some creativity, research, and yes, actual work, this is not a difficult task.

Free Windows Admin Tool Kit Click here and download it now
September 10th, 2015 1:47pm

OK, my final post in this thread -- mainly because you don't want to go do any research and learn anything on your own and just want to whine that no one will do your job for you -- sorry, that's harsh but based on your comments, its accurate.

Yes, it can be done. I've seen some amazing runbooks created with Orchestrator that do all sorts of things including controlling patch management from ConfigMgr -- look at anything that Pete Zerger has done including his many, many sessions various user groups and conferences. It absolutely can be done if you actually roll up your sleeves, learn the tools, and try. Orchestrator is not the only way, it is *a* way. If you want to use PowerShell, please go for it. If you want to use SMA, great. If you want to use maintenance windows, great, that can work too. Only you know your exact requirements and only you can match those of the various capabilities present in the various toolsets. With some creativity, research, and yes, actual work, this is not a difficult

September 11th, 2015 11:44am

A huge and fundamental problem is that SCORCH is absolutely garbage at scheduling.  I've seen articles where you can get around this by kicking of SCORCH with a scheduled task, but that relies on a third-party tool with absolutely no support and even then would be a huge management headache for a complicated set of maintenance windows.  

Most articles just ignore this and instead use something like SCSM to manually kick off the window, but that's a non-starter.  We have five people managing 280 Windows servers, if this is not automated it will not get done (as we have seen in the past).

One top of this, a number of elements in SCCM itself are tantalizingly close to being able to do this with the help of some custom Powershell scripting.  Perhaps an "expert" would have some advice on customizing those elements to make them more applicable?

Any of this would be more useful than simply becoming the beast that shouted "SCORCH!" at the heart of the world.  For instance - do you know of a Pete Zerger article that would apply to this?  That's great, you know something Google doesn't!  Why not link to that article?  It's not too hard to do - you can highlight text and click the little chain-link icon in the icon bar.  This will open a window that allows you to insert a URL.  You can type it by hand, or you can simply copy and paste it out of another browser tab.  If you've never used a URL, get a programmer to help you start.
Free Windows Admin Tool Kit Click here and download it now
September 11th, 2015 11:51am

A huge and fundamental problem is that SCORCH is absolutely garbage at scheduling.  I've seen articles where you can get around this by kicking of SCORCH with a scheduled task, but that relies on a third-party tool with absolutely no support and even then would be a huge management headache for a complicated set of maintenance windows.  

Most articles just ignore this and instead use something like SCSM to manually kick off the window, but that's a non-starter.  We have five people managing 280 Windows servers, if this is not automated it will not get done (as we have seen in the past).

One top of this, a number of elements in SCCM itself are tantalizingly close to being able to do this with the help of some custom Powershell scripting.  Perhaps an "expert" would have some advice on customizing those elements to make them more applicable?

Any of this would be more useful than simply becoming the beast that shouted "SCORCH!" at the heart of the world.  For instance - do you know of a Pete Zerger article that would apply to this?  That's great, you know something Google doesn't!  Why not link to that article?  It's not too hard to do - you can highlight text and click the little chain-link icon in the icon bar.  This will open a window that allows you to insert a URL.  You can type it by hand, or you can simply copy and paste it out of another browser tab.  If you've never used a URL, get a programmer to help you start.
  • Edited by Square721bt Friday, September 11, 2015 4:27 PM
September 11th, 2015 3:49pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics