Part 3 – Apple OSX MP – Querying OMI with Powershell

In part 2 (Part 2 – Apple OSX MP -The compiling and installing of the OMI agent on your Mac) we got the OMI agent running on our Apple Mac and were able to query it with the OMI client. No we will go one step further and do some cross-platform querying with Powershell.

First of all make sure you are running at lease Powershell version 3.0. Earlier versions of Powershell do not contain the  Get-CimInstance commandlet which we need to query OMI.

We also need to make sure we can resolve our Mac by FQDN. In my test lab I just added the my Mac to the hosts file so that I can resolve and ping demos-mac.local.

So lets try to connect to OMI by using the following Powershell script:

$username = “root”

$password = “*********”

$secstr = New-Object -TypeName System.Security.SecureString

$password.ToCharArray() | ForEach-Object {$secstr.AppendChar($_)}

$Cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $secstr

$Session = New-CimSession -ComputerName demos-Mac.local -Authentication Basic -Credential $Cred

Get-CimInstance -CimSession $Session -ClassName OMI_Identify -Namespace root/omi

Personally I like to use the Poweshell ISE that comes standard with Windows, so I plugged the code into the code Window and hit run.


… Oh dear, Powershell spat out lots of angry red errors at us. At this point we have a few options:

1. Allow encrypted traffic from the Windows Computer from which we are running the Powershell Script.

2. Import the certificates generated by the OMI Agent.

3. Generate your own certificates.

In this blog I will go for the second option, and import the Certificates generated by the OMI agent. To import the certificates from the OMI agents we need to convert and export them from the machine on which the OMI agent is installed.

First browse to the directory in which OIM is installed, in my case /opt/omi1.0.7/etc/ssl/certs

OpenSSL can combine a separate certificate (usercert.pem or usercert.cer) and private key file (userkey.pem) into PKCS12 format using the pkcs12 command:

sudo openssl pkcs12 -export -out omikey.p12 -in ./omi.pem -inkey ./omikey.pem


After executing the previous command you should have a new omikey.p12 file.

On the Windows machine open a certificate mmc snapin which displays the certificates for the computer account.


Import the omikey.p12 into the Trusted Root Certification Authoroties.


Before we run the Powershell script again we need to make a few changes. First add the line:

$options = New-CimSessionOption -UseSsl -SkipCACheck

and add -SessionOption $options  to the end of the following line:

$Session = New-CimSession -ComputerName demos-Mac.local -Authentication Basic -Credential $Cred

The script now looks like:

$username = “root”

$password = “*********”

$secstr = New-Object -TypeName System.Security.SecureString

$password.ToCharArray() | ForEach-Object {$secstr.AppendChar($_)}

$Cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $secstr

$options = New-CimSessionOption -UseSsl -SkipCACheck

$Session = New-CimSession -ComputerName demos-Mac.local -Authentication Basic -Credential $Cred -SessionOption $options

Get-CimInstance -CimSession $Session -ClassName OMI_Identify -Namespace root/omi

Lets see what the output is of this script:


Awsome! We just connected to our Mac using WinRM!

Advertisements

About Vincent de Vries

A proud (to be called) geek that is specialized in Microsoft products but is an equal opportunist for other platforms like Linux. Currently interested in Machine Learning and in particular Neural Networks.
This entry was posted in Apple Mac, Management Pack, MP, OpsMgr 2012. Bookmark the permalink.

6 Responses to Part 3 – Apple OSX MP – Querying OMI with Powershell

  1. Pingback: Monitoring OS X Mountain Lion (10.8) with OpsMgr 2012 R2 | MP Alchemy

  2. Bo Kreiberg says:

    Hi Vincent! Great work you have done! Thumbs up! 🙂 One question any news on the Part 4 – OSX MP – Creating an OSX Management Pack?

    Regards

    • mpalchemy says:

      Hi Bo, Glad to hear you enjoyed the posts 🙂 Unfortunately I have been swamped at work with other things, so my time has been very limited. I’m still going to try and get it out before the end of this year.
      Regards, Vincent

  3. Bo Kreiberg says:

    Hi Vincent! Looking forward to next post 🙂

  4. Bo says:

    Hi Vincent! Any news regarding the last part?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s