Professional Documents
Culture Documents
Feedback
Send suggestions and comments about this document to mpgfeed@microsoft.com. Please include the management pack guide name with your feedback.
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. 2010 Microsoft Corporation. All rights reserved. Microsoft, and MS-DOS, Windows, Windows Server, and Active Directory are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners.
Revision History
Release Date Changes
Original release of this guide New topics in this release: Create a New Management Pack for Customizations
October 2007
New topics in this release: Monitors and Overrides for Management Packs
February 2008
Updated for release of Operations Manager 2007 Service Pack 1 (SP1). No changes to management pack or documentation. Updated for Operations Manager 2007 R2. Management pack guide updated to new format and new topics added. Added Changes in This Update. Added new Changes in This Update
May 2009
Release Date
Changes
and retitled the previous list as Changes in Version 6.1.7533.0. Added details to the The health of the Health Service for agents and servers scenario in the Key Monitoring Scenarios topic. Added item to Troubleshooting. New topics in this release: June, 2010 Appendix: Reports Appendix: Operational Data Reports Management Pack
Added new Changes in This Update and retitled the previous list as Changes in Version 6.1.7599.0. Added Monitoring routine database maintenance to Key Monitoring Scenarios. Added Monitoring duplicate relationships between agents and management servers to Key Monitoring Scenarios. Added Agent Counts By Date, Management Group and Version to Appendix: Reports.
July, 2010
Added new Changes in This Update and retitled the previous list as Changes in Version 6.1. 7672.0. Added new Changes in This Update and retitled the previous content as Changes in July 2010 Release. Added topic Enable Recoveries to the Optional Configuration section. Added topic Manual Reset Monitors to the Optional Configuration section.
November, 2010
Contents
Operations Manager 2007 R2 Management Pack Guide...............................................................5 Introduction to the Operations Manager Management Pack Guide.............................................5 Changes in This Update...........................................................................................................6 Supported Configurations.......................................................................................................12 Getting Started..........................................................................................................................12 How to Import and Configure the Operations Manager Management Pack...........................12 Files in This Management Pack.............................................................................................16 Recommended Additional Management Packs......................................................................17 Optional Configuration...............................................................................................................17 Disable Performance Data.....................................................................................................18 Configure a Connected Management Group..........................................................................19 Enable Monitors for the Local Health Service.........................................................................20 Enable Recoveries.................................................................................................................22 Manual Reset Monitors..........................................................................................................22 Security Considerations.............................................................................................................23 Low-Privilege Environments...................................................................................................23 Computer Groups...................................................................................................................24 Understanding Management Pack Operations..........................................................................24 Objects the Management Pack Discovers..............................................................................24 How Health Rolls Up..............................................................................................................24 Key Monitoring Scenarios......................................................................................................25 Placing Monitored Objects in Maintenance Mode..................................................................30 Troubleshooting.........................................................................................................................31 Appendix: Reports.....................................................................................................................35 Appendix: Operational Data Reporting Management Pack.......................................................36
In This Guide
Introduction to the Operations Manager Management Pack Guide Getting Started Optional Configuration Security Considerations Understanding Management Pack Operations Troubleshooting
Removed alerting from the Data Integrity aggregate monitor and added alerting to its unit monitors: Repeated Event Raised Spoofed Data Check Root Connector Data Validity Check
The Operational Data Reporting Management Pack has not changed in this release. The version number of the Operational Data Reporting Management Pack was updated to keep the versions the same across all of the management packs in this package.
Version 6.1.7676.0 of the Operational Data Reporting Management Pack was updated to fix an issue where the Management Packs ODR report would fail to submit data.
Collects data from the Processor\% Processor Time performance counter (Deprecated) Collects Operations Manager SDK Service\Client Connections Management Server State for Dashboard View is now Management Server State Management Server State for State View is now Management Server State Changed the following view names:
AD based Agent Assignment Module Events for Dashboard View is now AD based Agent Assignment Module Events AD based Agent Assignment Module Events for Event View is now AD based Agent Assignment Module Events Disabled the following rules: Collects data from the Processor\% Processor Time performance counter (Deprecated) Collect Management Configuration Service Configuration Updated Events Health Service Connector Bind Failure
Fixed an issue with the display of reports when the time format is set to other than ENUS. Fixed an issue with Critical Parameter Replacement Failure During Alert Creation failing to generate an alert. Disabled the Collect Performance Data Source Module Events event collection rule and hid the corresponding view, Performance Data Source Module Events. The rule collected a significant amount of data which can result in performance problems. The most important 7
events associated with this rule are monitored by the alert-generating rule, Performance Data Source Module could not find a performance counter. The criteria for the monitor Processing Backlogged Events Taking a Long Time has been updated to prevent the monitor from being reset when the agent is restarted. A series of rules which monitor failure of scripts, commands and WMI queries have been updated to make them less noisy and easier to understand. Each rule had its name updated to be more explanatory and the alert names generated by these rules were aligned to match the name of the rule so that lookups between alerts and the rules that raised them would be easier. The rules were renamed as follows:
Old name New name
Alert on Failure to Create Process for Batch Response Alert on Failed Batch Responses WMI Probe Module Runtime Failure WMI Probe Module Initialization Failure WMI Event Module Runtime Failure WMI Event Module Initialization Failure WMI Raw Performance Counter Module Runtime Failure WMI Raw Performance Counter Module Initialization Failure (new rule)
Workflow Initialization: Failed to start a process or script Workflow Runtime: Failed to run a process or script Workflow Runtime: Failed to run a WMI query Workflow Initialization: Failed to start a workflow that queries WMI Workflow Runtime: Failed to run a WMI query for WMI events Workflow Initialization: Failed to start a workflow that queries WMI for WMI events Workflow Runtime: Failed to run a WMI query for performance data Workflow Initialization: Failed to start a workflow that queries WMI for performance data Workflow Initialization: Failed to start a workflow that runs a process or script
Consolidation has been added to all rules with a name that begins with Workflow Runtime so that alerts will only be raised for multiple occurrences.
Added monitoring of agent version and compatibility of agent and operating system. For details, see the Monitoring agent version and architecture mismatch scenario in Key Monitoring Scenarios. Added monitoring of CPU use by agents and related processes. For details, see the Monitoring CPU utilization scenario in Key Monitoring Scenarios. This release of the Operations Manager Management Pack also includes an updated version of the Operational Data Reports Management Pack, which is installed with Operations Manager. The Operational Data Reporting Management Pack gathers information and sends reports to Microsoft on a weekly basis (if you select to send reports). Microsoft uses these reports to improve the quality of its management packs and Operations Manager 2007. Participation in the program is strictly voluntary. For more information, see Appendix: Operational Data Reporting Management Pack. Added or updated product knowledge, descriptions, display names, and alert details. Changed the Critical Parameter Replacement Failure During Alert Creation rule to disabled by default because is not actionable; review the product knowledge before enabling this rule. Updated criteria to only show active alerts in the AD based Agent Assignment Module Alerts view, which is part of the AD-based Agent Assignment Module Events Dashboard view. Aligned monitor states with alert severity for following monitors: Run As Account/Password Expiration Check Alert Subscription Acknowledgement Running Slow Alert Subscription Query Performance Monitor Processing Backlogged Events Taking a Long Time Communication Certificate Expiration Check
All monitors have been made public so users can add custom diagnostics and recoveries. Updated the Collects Opsmgr SDK Service\Client Connections rule to sample data every 900 seconds (previously was 300 seconds). Changed the interval for Sql Broker Availability Monitor Type from 10 seconds to 3600 seconds. Renamed the "Health Service Configuration" view folder to "Run As Configuration" to more accurately reflect the folder's new (revised) purpose. Disabled the following event collection rules and removed the associated views because they caused a large amount of data collection that was of limited use to customers: Collect Health Service Configuration Updated Events Collect Management Configuration Service Configuration Updated Events Collect Run As Account Failure Events Collect IIS Discovery Probe Module Events Scheduler Condition Module Initialization Failure 9
Scheduler Data Source Module Initialization Failure Timer Condition Module Initialization Failure
Fixed bug with the Run As Account(s) Expiring Soon monitor that was preventing state changes and causing event 11903.
Changed the threshold values for the Health Service Handle Count Thresholds and Monitoring Host Handle Count Thresholds monitors to 10,000 on management servers and 6,000 on agents. Changed the threshold values for the Health Service Private Bytes Threshold and Monitoring Host Private Bytes Threshold monitors to 1500 MB on management servers and 300 MB on agents. Updated the layout and default filters and sort order for a number of views. Fixed an issue that was previously preventing all rules related to agentless exception monitoring from generating alerts. Added display names, descriptions, and product knowledge where missing. Added the rule Collects Opsmgr SDK Service\Client Connections to collect the number of connected clients for a given management group. This data is shown in the view Console and SDK Connection Count under the folder Operations Manager\Management Server Performance. Updated a number of monitors and rules to ensure that data is reported to the correct management group for multihomed agents. The following rules and monitors are now disabled by default as they are generally not actionable: A GroupPopulator module unloaded due to an unrecoverable error Health Service Cannot Find Management Group Data Validity Check Root Connector Data Validity Check
Added event collection rule for events 5400, 5401, 5402, 5404 5405, and 5500.
Updated the alert suppression criteria for the rule Alert on Dropped MultiInstance Performance Module in order to significantly reduce the alert volumes generated by this rule and make it easier to identify the root cause. The monitors listed below have been updated so that the value of the sample must exceed the threshold for a specific number of consecutive samples, as opposed to the 10
average of the samples over the consecutive samples. This will increase the accuracy of the monitors by handling periodic spikes in resource utilization better: Health Service Handle Count Threshold Health Service Private Bytes Threshold Monitoring Host Handle Count Threshold Monitoring Host Private Bytes Threshold
Updated the knowledge for the rule Data Access Service Spn Registration significantly.
Fixed the configuration of the rule IIS Discovery Probe Module Execution Failure to so that the parameter replacement will now work correctly for alert suppression and generating the details of the alerts description.
Fixed a problem with discovery of Windows computers that resulted in multiple IP addresses. Updated rules and monitors to ensure that, on multi-homed agents, data is sent only to the appropriate management group. Updated the Discover Windows Computer Properties discovery to support computers in workgroups. Added the /admin switch to tasks that use Remote Desktop, to enable compatibility with Windows Server 2008 and Windows Vista SP1. Reenabled rollup of state from computers to computer groups. For details, see the Knowledge Base article 967537 (http://go.microsoft.com/fwlink/?LinkId=146985). Provided additional error handling in the Discover Health Service Properties discovery. Changed the severity of the alert generated by Data Access Service SPN Registration rule to critical to better reflect the importance of the issue. Changed the RunAs Authorization Check to ensure it is not auto-resolved when the health service is restarted. Added a monitor targeting the Health Service class that provides a warning when the authentication certificate is within 2 weeks of expiration. Changed the Log Distributed Workflow Test Event rule time-out from 30 seconds to 300 seconds. Modified the information displayed in the agent updates list to improve readability. Fixed the Configuration Service monitor to generate alerts correctly on clustered root management servers. Fixed a problem in which the agent version was incorrectly discovered on the Operations Manager Reporting server. Fixed the Remote Desktop task for the Health Service Watcher so that it contacts the correct targeted computer. 11
Corrected the knowledge associated with the SDK Spn Registration rule so that it refers correctly to MSOMSdkSvc. Added collection rules to the baseline health model for events related to self-tuning thresholds and baselines. Fixed the Discover Windows Server Properties script to work on Windows 2000 Server. For details, see problem 2 in the Knowledge Base article 951979 (http://go.microsoft.com/fwlink/?LinkId=146986). Changed the behavior of the Operational Database Space Free (%) monitor to more accurately calculate free space. Changed the default sort behavior for Operations Manager -> Notifications -> All Events view. Expanded the scope of the Health Manager events view and added supporting collection rules. Improved the monitoring for Product Evaluation Has Expired by changing from rules to monitors with timer reset. Changed the name of the Monitoring Host Events view to Monitoring Host Crash Events to reflect the events collected more accurately. Added monitoring for WMI query failures by capturing WMI event 10457 from source Health Service modules. Fixed a problem with Health Service restart.
Supported Configurations
The Operations Manager Management Pack supports all configurations documented in the support configurations guide for Operations Manager. For more information, see Supported Configurations for Operations Manager 2007 R2. The Operations Manager Management Pack supports agentless monitoring. No configuration of the management pack is needed to enable agentless monitoring.
Getting Started
This section describes the actions you should take before you import the management pack, any steps you should take after you import the management pack, and information about customizations.
If your reporting server is running SQL Server 2008, before you run the reports in this management pack, you should install the cumulative update for SQL Server 2008 which you can request at http://go.microsoft.com/fwlink/?LinkID=167699.
Enable the Operational Database Watchers Group to Management Group Availability Health Rollup. Set the configuration service to automatically restart. Make sure that the action account on the root management server (RMS) is a member of the Operations Manager Administrators Group. The following sections explain how to make these changes. Create One or More Run As Accounts for Use with the Automatic Agent Management Account Run As Profiles If you did not create a Run As account with administrator access when you installed Operations Manager, you must do so before you can set the Automatic Agent Management Account Run As profile and the Validate Alert Subscription Account Run As profile. For instructions on creating a Run As account, see How to Create a Run As Account in Operations Manager 2007 (http://go.microsoft.com/fwlink/?LinkId=165410). Create the Necessary Associations in the Automatic Agent Management Account Run As Profile Before Operations Manager can automatically recover agents, you must add a Run As account to the Automatic Agent Management Account Run As profile. The Run As account must have administrator access on the target computers. To add a Run As account to the Run As profile for the Automatic Agent Management Account 1. In the Operations console, on the Go menu, click Administration. 2. In the navigation pane, expand Administration, expand Security, click Run As Configuration, and then click Profiles. 3. Double-click Automatic Agent Management Account, and then click the Run As Accounts tab. 13
4. Click Add, and then in the Run As Account drop-down menu, click an existing account that has administrator access to the agents or click New to create a new account to use. 5. For This Run As account will be used to manage the following objects, ensure All targeted objects is selected, and then click OK. 6. Click Save. Create a New Management Pack for Customizations Most vendor management packs are sealed so that you cannot change any of the original settings in the management pack file. However, you can create customizations, such as overrides or new monitoring objects, and save them to a different management pack. By default, Operations Manager saves all customizations to the Default Management Pack. As a best practice, you should instead create a separate management pack for each sealed management pack you want to customize. Creating a new management pack for storing overrides has the following advantages: It simplifies the process of exporting customizations that were created in your test and pre-production environments to your production environment. For example, instead of exporting a Default Management Pack that contains customizations from multiple management packs, you can export just the management pack that contains customizations of a single management pack. It allows you to delete the original management pack without first needing to delete the Default Management Pack. A management pack that contains customizations is dependent on the original management pack. This dependency requires you to delete the management pack with customizations before you can delete the original management pack. If all of your customizations are saved to the Default Management Pack, you must delete the Default Management Pack before you can delete an original management pack. It is easier to track and update customizations to individual management packs. For more information about sealed and unsealed management packs, see Management Pack Formats. For more information about management pack customizations and the Default Management Pack, see About Management Packs in Operations Manager 2007. To create a new management pack for customizations 1. Open the Operations console, and then click the Administration button. 2. Right-click Management Packs, and then click Create New Management Pack. 3. Enter a name (for example, ADMP Customizations), and then click Next. 4. Click Create. Enable Recovery for the Health Service Heartbeat Failure Monitor The Health Service Heartbeat Failure monitor can be configured to automatically enable or start the Health Service on agents where that is not already the case. To enable that recovery, take the following steps to create the necessary overrides.
14
To enable automatic recovery 1. Open the Operations console, and then in the navigation pane, click the Authoring button. 2. Under Authoring, expand Management Pack Objects, and then click Monitors. 3. Under Monitors, expand Health Service Watcher (Agent), expand Entity Health, and then expand Availability. 4. Right-click Health Service Heartbeat Failure, click Properties, and then click the Overrides tab. 5. In the list, under Recovery, click Enable and Restart Health Service, click Override, and then click For all objects of class: Health Service Watcher (Agent). 6. Under Override-controlled parameters, in the Override column, select the check box next to the Enabled value that appears in the Parameter Name column. 7. In the Override Value column, in the drop-down box, click True. 8. In the Select destination management pack section, select the management pack that you created for storing customizations for this Operations Manager Management Pack, and then click OK. 9. Repeat steps 5 through 8 for Restart Health Service and Reinstall Health Service (triggered from Diagnostic). Add a Run As Account to the Run As Profile for the Validate Alert Subscription Account The Validate Alert Subscription Account Run As profile provides credentials for the rule Validate Alert Subscription. Each account used in this Run As profile must be a member of the Operations Manager Administrators user role and have administrator access to the root management server. Note To find out whether a Run As account is a member of the Operations Manager Administrators users role, in the navigation pane, under Administration, expand Security, click User Roles, and then double-click Operations Manager Administrators. For instructions on adding a Run As account to a Run As profile, see How to Modify an Existing Run As Profile (http://go.microsoft.com/fwlink/?LinkId=165412). Enable the Operational Database Watchers Group to Management Group Availability Health Rollup It is recommended that you enable the Operational Database Watchers Group to Management Group Availability Health Rollup monitor so that the state of the Operational Database Watchers Group rolls up to the management group. To enable the monitor 1. Open the Operations console, and then in the navigation pane, click the Authoring button. 2. Under Authoring, expand Management Pack Objects, and then click Monitors. 15
3. Under Monitors, expand Operations Manager Management Group, expand Entity Health, and then expand Availability. 4. Right-click Operational Database Watchers Group to Management Group Availability Health Rollup, point to Overrides, point to Override the Monitor, and then click For all objects of class: Operations Manager Management Group. 5. Under Override-controlled parameters, find the Enabled value that appears in the Parameter Name column, and then select the check box next to it in the Override column. 6. In the Override Setting column for the Enabled parameter, in the drop-down box, click True, and then click OK. Set the Configuration Service to Restart Automatically The override that automatically restarts the configuration service for the Windows service state is disabled by default. To automatically start the configuration service when it stops, you must enable an override. To set the monitor to automatically restart the configuration service 1. Open the Operations console, and then in the navigation pane, click the Authoring button. 2. Under Authoring, expand Management Pack Objects, and then click Monitors. 3. Under Monitors, expand Root Management Server, expand Availability, and then expand Configuration Service Availability. 4. Right-click Configuration Service - Windows Service State, click Properties, and then click the Overrides tab. 5. In the list, under Recovery, click Start Management Configuration Service, click Override, and then click For all objects of type: Root Management Server. 6. Under Override-controlled parameters, in the Override column, select the check box next to the Enabled value that appears in the Parameter Name column. 7. In the Override Setting column, in the drop-down box, click True, and then click OK. Make Sure That the Action Account on the Root Management Server Is a Member of the Operations Manager Administrators Group The Operations Manager Management Pack includes the Check for Updated Management Packs rule, which checks whether an updated version of an installed management pack is available. The rule runs a script, Powershell.exe, which requires the action account on the RMS to be a member of the Operations Manager Administrators Group. If you configured the action account by using Local System or a user that is not part of the Operations Manager Administrators Group, the script will not work.
upgrade to the latest version of the management pack by downloading it from http://go.microsoft.com/fwlink/?LinkId=82105. The following management packs are included as a part of the Operations Manager 2007 R2 Management Pack: System Center Core Monitoring (Microsoft.SystemCenter.2007.mp): This management pack defines all of the monitoring components and tasks for this package. System Center Core Monitoring Views (Microsoft.SystemCenter.OperationsManager.2007.mp): This management pack defines all of the views for this package. System Center Core Monitoring Agent Management (Microsoft.SystemCenter.OperationsManager.AM.DR.2007.mp): This management pack contains the definitions for various diagnostics and recoveries that can be used for automation of agent management and remediation. Refer to the Getting Started and Key Monitoring Scenarios sections of this guide for more details on this functionality. System Center Core Monitoring Reports (Microsoft.SystemCenter.OperationsManager.Reports.2007.mp): This management pack contains reports for this package. Operational Data Reporting Management Pack (ODR.mp): The Operational Data Reporting Management Pack gathers information and sends reports to Microsoft on a weekly basis (if you select to send reports). Microsoft uses these reports to improve the quality of its management packs and Operations Manager 2007. Participation in the program is strictly voluntary. For more information, see Appendix: Operational Data Reporting Management Pack..
Optional Configuration
You can configure the Operations Manager Management Pack for your environment. For instance, to reduce network traffic, you can override the rules that collect performance data. The following table lists optional configurations for the Operations Manager Management Pack and specifies where you can find additional information about each option.
Configuration Option Additional Information
Configuration Option
Additional Information
Disable performance data, warnings, and See the section in this guide titled Disable events that you do not want to receive. To Performance Data. reduce network traffic, you can disable the rules that collect warnings, data, and noncritical events in environments such as the following: Deployments in a wide area network with slow links Deployments across satellite links Deployments involving large branch offices Deployments in which alerts are forwarded to a global network operations center Configure monitoring of connected management groups. Enable health rollup from the Local Health Service to the Health Service Watcher for monitoring performance, configuration, and security. Enable recovery tasks See the section in this guide titled Configure a Connected Management Group. See the section in this guide titled Enable Monitors for the Local Health Service.
5. In the Override Properties dialog box, select the Override check box that corresponds to the Enabled parameter. 6. In the Override Setting column, click False. 7. In the Select destination management pack list, click the appropriate management pack in which to store the override, or create a new unsealed management pack by clicking New. Note By default, when you create a management pack object, disable a rule or monitor, or create an override, Operations Manager saves the setting to the Default Management Pack. As a best practice, you should create a separate management pack for each sealed management pack you want to customize, rather than saving your customized settings to the Default Management Pack. For more information, see Customizing Management Packs (http://go.microsoft.com/fwlink/?LinkId=140601). 8. When you complete your changes, click OK.
19
To enable the Tiered Management Group Synthetic Transaction monitor 1. Open the Operations console, and then in the navigation pane, click the Authoring button. 2. Under Authoring, expand Management Pack Objects, and then click Monitors. 3. In the list of monitors, expand Connected Management Group, expand Entity Health, expand Availability, and then click Tiered Management Group Synthetic Transaction. 4. On the toolbar, click Overrides, point to Override the Monitor, and then click For all objects of type: Connected Management Group. 5. Under Override-controlled parameters, find the Enabled value that appears in the Parameter Name column, and then select the check box next to it in the Override column. 6. In the Override Setting column for the Enabled parameter, in the drop-down box, click True. 7. In the Select destination management pack list, click the appropriate management pack in which to store the override or create a new unsealed management pack by clicking New. Note By default, when you create a management pack object, disable a rule or monitor, or create an override, Operations Manager saves the setting to the Default Management Pack. As a best practice, you should create a separate management pack for each sealed management pack you want to customize, rather than saving your customized settings to the Default Management Pack. For more information, see Customizing Management Packs (http://go.microsoft.com/fwlink/?LinkId=140601). 8. When you complete your changes, click OK.
By default, only the Local Health Service Availability dependency monitor is enabled. The local health service dependency monitors for configuration, performance, and security are disabled
20
because, if enabled in an environment with more than 500 agents, they can degrade the processing performance of the RMS. If your environment has fewer than 500 agents, you might want to enable one or more of these dependency monitors for specific agents or groups of agents. Note If you have a large configuration or a high number of management packs installed, please refer to the Knowledge Base article The Entity Health monitor for an Operations Manager 2007 management server displays "Critical" together with a Health Service threshold setting. To enable the dependency monitors 1. Open the Operations console, and then in the navigation pane, click the Authoring button. 2. Under Authoring, expand Management Pack Objects, and then click Monitors. 3. In the list of monitors, expand Health Service Watcher (Agent), expand Configuration, and then click Local Health Service Configuration, Local Health Service Performance, or Local Health Service Security. 4. On the toolbar, click Overrides, point to Override the Monitor, and then click For all objects of type: Health Service Watcher (Agent). 5. Under Override-controlled parameters, find the Enabled value that appears in the Parameter Name column, and then select the check box next to it in the Override column. 6. In the Override Setting column for the Enabled parameter, in the drop-down box, click True. 7. In the Select destination management pack list, click the appropriate management pack in which to store the override or create a new unsealed management pack by clicking New. Note By default, when you create a management pack object, disable a rule or monitor, or create an override, Operations Manager saves the setting to the Default Management Pack. As a best practice, you should create a separate management pack for each sealed management pack you want to customize, rather than saving your customized settings to the Default Management Pack. For more information, see Customizing Management Packs (http://go.microsoft.com/fwlink/?LinkId=140601). 8. When you complete your changes, click OK. Note If the Operations Manager agent is unable to restart the Health service after its monitored thresholds are exceeded, please refer to the Knowledge Base article The System Center 21
Operations Manager 2007 agent is unable to restart the health service after its monitored thresholds are exceeded
Enable Recoveries
The following monitors have recovery tasks that are disabled by default: The Windows Management Instrumentation Service monitor sets state as unhealthy when the Windows Management Instrumentation (WMI) service is not running Recovery: If enabled, the recovery task for this monitor will attempt to automatically restart the WMI service when the monitor state is unhealthy. The Relationships between Agents and Management Servers Monitor monitor sets state as unhealthy when an agent is detected to have more than one relationship to a management server, which can cause data corruption and prevent the configuration service from generating configuration for the full management group. Recovery: If enabled, the recovery task for this monitor remove unnecessary relationships between agents and management servers. Use the following procedure to enable a recovery. To enable a recovery 1. In the Operations console, click the Authoring button. 2. In the navigation pane, expand Management Pack Objects and then click Monitors. 3. In the Look for box, type the name of the monitor. 4. Right-click the monitor and then click Properties. 5. On the Diagnostic and Recovery tab, in the Configure recovery tasks section, ensure the desired task is selected and then click Edit. 6. On the Overrides tab, click Override. You can choose to override this monitor for objects of a specific type or for all objects within a group. After you choose which group or object type to override, the Override Properties dialog box opens 7. In the Override-controlled parameters section, click Enabled, and then click OK. 8. Close the task and monitor properties windows.
Alert Subscription Configuration Warning Notification Rule, which generates a warning alert on the same warning conditions as the monitor. You can disable the Alert Subscription Available monitor, and in its place, enable Alert Subscription Availability Critical Notification Rule, which generates a critical alert on the same critical conditions as the monitor. For information about disabling a monitor, see How to Disable a Monitor or Rule Using Overrides (http://go.microsoft.com/fwlink/?LinkID=125661). Use the same procedure to enable the rules, but set the Enabled parameter to True.
Security Considerations
This section describes the security considerations for the Operations Manager Management Pack, including the actions that require a high-privilege account to run, a reserved internal account that you should not modify, and computer groups that you can use to scope user roles.
Low-Privilege Environments
The following table describes monitors and rules that require a high-privilege account to run. When these monitors or rules run, they do not use the agent action account or the low-privilege account that you specified. Instead, they use the Privileged Monitoring Account Run As profile, which defaults to Local System and does not require association with a Run As account and target computer. No user intervention is required.
Monitor or Rule Comments
Discovers the Active Directory integration relationship. Discovers the following properties of the Windows computer type: NetBIOS Computer Name NetBIOS domain name IP address DNS domain name Organizational unit DNS forest name Active Directory site
Monitor or Rule
Comments
Computer Groups
The Operations Manager management packs provide the following groups: Agent Managed Computer Group Agentless Managed Computer Group Collection Management Server Computer Group Gateway Management Server Computer Group Management Server Computer Group Root Management Server Computer Group
These groups can be used for scoping in numerous ways, including overrides, views, notifications, and the operator level of privileges for user roles. For more information about user roles, see About User Roles in Operations Manager 2007.
An aggregate rollup monitor reflects the state of a collection of unit monitors, dependency rollup monitors, or other aggregate rollup monitors. For example, the unit monitors for the configuration health service roll up to the configuration health service aggregate monitor. The aggregate rollup monitor can then specify the health state and generate an alert. A dependency rollup monitor rolls up health states from targets linked by either a hosting or a membership relationship that is defined in the management pack. The dependency rollup monitor can be used to group other monitors to set the health state and generate alerts. For example, you can use a dependency monitor to check the availability of multiple management servers and then roll up their health into a management server group.
Core System: secure storagepassword expiration The health of the Health Service for agents and servers The health of the Operations Manager database Data volume by management pack Agent version and architecture mismatch CPU utilization by agents and related processes Routine database maintenance Duplicate relationships between agents and management servers
This scenario monitors the LDAP module for Active Directory integration agent assignment. This scenario checks agents for out-of-date configurations from the perspective of the agent. When the configuration is at the warning or critical level, the monitor logs the event. The Health Service rolls up the health of the agents and alerts you when the configured threshold of agents is out of date. The Health Service Watcher checks the heartbeat of agents and warns you when they fail. You can disable the monitor for managed clients or for a management server. By using the management pack, you can perform the following actions: Repair the agent by automatically reinstalling it Repair the agent by manually reinstalling it Check the Health Service Windows Service State Query the service state and the configuration Ping the computer by using Internet Control Message Protocol Recover and diagnose the agent by using the Automatic Agent Management Account Run As profile Remotely enable and restart the health service 26
Scenario
Description
This scenario checks the secure storage's public key and configuration. The monitor alerts you about password expirations and configuration errors of Run As accounts. This scenario includes the following monitors for the Health Service: Monitoring Host Handle Count Threshold. When consecutive samples for the Handle Count counter for the MonitoringHost.exe process exceed the configured threshold, the monitor changes state. The default threshold for this monitor is 6000 for agents and 10,000 for management servers. Monitoring Host Private Bytes Threshold. When consecutive samples of the Private Bytes counter for MonitoringHost.exe exceed the configured threshold, the monitor changes state. The default threshold for this monitor is 300 MB for agents and 1500 MB for management servers. Health Service Handle Count Threshold. When this monitor detects that consecutive samples of the Handle Count counter for the HealthService.exe process exceed the configured threshold, the monitor changes state. The default threshold for this monitor is 6000 for agents and 10,000 for management servers. Health Service Private Bytes Threshold. When this monitor detects that consecutive samples of the Private Bytes counter for HealthService.exe exceed the configured threshold, the monitor changes state. The default threshold for this monitor is 300 MB for agents and 1500 MB for management servers. Notes The monitors above roll up the worst of their combined states to an 27
Scenario
Description
aggregate monitor named Health Service State, which in turn has a recovery associated with its error state. The recovery, which is enabled for agents by default and disabled for management servers, will restart the Health service on the system where excessive memory utilization has been detected. To determine whether the threshold for these monitors should be increased, disable the recovery for the Health Service State aggregate monitor so that the service will not be restarted while you are establishing a baseline. Use Perfmon to observe or collect the performance counters for the agents over a 24-hour time period or regular activity. Review the data collected and determine the typical maximum value. If necessary, apply overrides to the applicable monitors with values appropriate for your environment. Remove the override that disabled recovery for the Health Service State aggregate monitor. To change the thresholds, apply overrides for specific groups to the monitors, targeting the Agent class. Action Account Configuration State. This monitor checks the configuration state of the action account and alerts you to errors. System Rules Loaded State. This monitor checks that the rules are loaded. If an aggregation of the rules is not loaded, the monitor alerts you. The health of the Operations Manager database This scenario monitors the free space threshold of the Operations Manager database and alerts you if the monitor is in a warning or critical state. 28
Scenario
Description
If the Operations Manager database runs out of space, the monitoring of other components and services can be interrupted. Analyzing data volume This scenario provides you with data that you can use to tune management packs more effectively. This management pack provides reports which enable you to analyze the amount of data produced by the management packs in your environment. When you run the Data Volume by Management Pack report, you can view the data volume for each management pack. You can then click any of the count cells to open the Data Volume by Workflow and Instance report, which provides a more detailed look at the volume of data. The information you obtain from these two reports can help you identify the management packs and workflows producing the largest amount of data, which you can then evaluate to determine whether tuning would be useful. This scenario checks the installed agents and sends an alert when a 32-bit agent is installed on a 64-bit operating system. Running a 32-bit agent on a 64-bit operating system will produce unreliable results and is not a supported configuration. This management pack enables you to check whether all installed agents are a specific version or newer. You can configure the agent version by using overrides for the Agent Version Monitor monitor. By default, the monitor checks for version 6.0.7221.0, which is the agent provided with Operations Manager 2007 R2, and generates an alert for any agent that is an earlier version. For best performance, stability, and functionality, agents should be upgraded to the most recent version. Monitoring Operations Manager agent CPU utilization This scenario monitors CPU utilization by agents and related processes, and generates an alert when CPU utilization exceeds a specified threshold for a specified number of 29
Scenario
Description
consecutive samples. Excessive CPU utilization by the agent over a period of time is a symptom that something is not operating properly. This scenario adds the Agent Performance view. Monitoring routine database maintenance This scenario monitors whether routine database maintenance, such as partitioning and grooming, are completed in a timely manner. Incomplete or failed maintenance can result in performance problems and database free space alerts. The Partitioning and grooming has completed recently monitor runs a script that compares successful completion of partitioning and grooming workflows to a specified time period. By default, this monitor sets a warning state when database maintenance has not succeeded in the past 48 hours. This scenario monitors for duplicate relationships between agents and management servers. When duplicate relationships between agents and management servers exist, data becomes corrupted and the configuration service will stop generating configuration for the entire management group. The Relationships between Agents and Management Servers Monitor monitor detects potential problems with the Operations database by checking for corrupted records of relationships between agents and management servers and generates an alert. You can run a task in the alerts product knowledge that will repair the database. You can also configure automatic recovery on the Relationships between Agents and Management Servers Monitor monitor.
For general instructions on putting a monitored object into maintenance mode, see How to Put a Monitored Object into Maintenance Mode in Operations Manager 2007 (http://go.microsoft.com/fwlink/?LinkId=108358).
Troubleshooting
The following table describes issues that can occur with the Operations Manager Management Pack and presents possible solutions. For more information about resolving a problem with the Operations Manager Management Pack, see the product release notes. You can also search for the term "Operations Manager Management Pack" on Microsoft Help and Support.
Problem Solution
When you run the Data Volume by Management Pack or Data Volume by Workflow and Instance reports and drill down into any of the values, an error message states The 'StartDate_BaseType' parameter is missing a value.
On the reporting server, install the cumulative update for SQL Server 2008 (http://go.microsoft.com/fwlink/? LinkID=167699).
An alert is generated indicating that the script Use the following steps to determine SCOMpercentageCPUTimeCounter.vbs failed with an which class or classes are not present error message that states Invalid class. Following is on the system: an example of the error message that would be shown in 1. Log on to the server via the event description: terminal services. The process started at 8:11:41 PM failed to create System.PropertyBagData. Errors found in output: C:\Program Files\System Center Operations Manager 2007\Health Service State\Monitoring Host Temporary Files 1\2767\SCOMpercentageCPUTimeCounter.vbs(125, 5) SWbemRefresher: Invalid class One or more workflows were affected by this. Workflow name: Microsoft.SystemCenter.HealthService.SCOMpercentag eCPUTimeMonitor Cause: One or more of the WMI classes that the script queries is not loaded properly on the system. The script requires that the following WMI classes be available in the root\cimv2 namespace: Win32_Processor Win32_Process Win32_PerfFormattedData_PerfProc_Process 2. Run the program WBEMTEST.exe. 3. Click Connect and connect to the root\cimv2 namespace. 4. Under IwbemServices, click Enum Classes. 5. In the Superclass Info dialog box, leave the superclass name empty, select Recursive, and click OK. 6. When Query Results displays the results, scroll through the list and ensure that the three WMI classes are available. If you do not see one of more of the classes in the query result, follow the steps below. 1. Run the following command from a command prompt with administrator level permissions: 31
Problem
Solution
WMIADAP /F 2. Re-check to see if the class or classes are still missing. If they are still missing, run the following commands from a command prompt with administrator level permissions cd %windir%\system32 lodctr /R 3. Re-check to see if the class or classes are still missing. If one or more are still missing, use the Extensible Counter List Tool (Exctrlst.exe) and check if the PerfProc or PerfOS are disabled, and enable them if they are. You can download the Extensible Counter List Tool from Windows 2000 Resource Kit Tool : Extensible Performance Counter List (http://go.microsoft.com/fwlink/? LinkId=183182). 4. Re-check to see if the class or classes are still missing. If one or more are still missing, run the following as a batch file. This will re-register all WMI Modules: @echo off sc config winmgmt start= disabled net stop winmgmt /y %systemdrive% cd %windir %\system32\wbem for /f %%s in ('dir /b *.dll') do regsvr32 /s %%s regsvr32 %windir %\system32\tscfgwmi.d 32
Problem
Solution
ll wmiprvse /regserver winmgmt /regserver net start winmgmt 5. Re-check to see if the class or classes are still missing. If one or more are still missing, contact Microsoft Customer Service and Support. In Operations Manager 2007, a large number of computer groups and a high volume of state changes occurring on computer objects can result in one or both of the following conditions: High CPU and disk utilization on the root management server coming from the <<ProcessName(s)>> process. This is the Health Service process. Queues back up (<<Provide counter name>>) on the gateway, management server, and root management server system(s). This is the counter \Health Service Management Groups(Management Group Name)\Send Queue % Used. Every time the state changes on one of the top-level monitors for a computer (for example: Availability, Performance, Security, and Configuration), that state change is rolled up to every computer group of which the computer is a member. This can result in a cascading series of state changes and in environments where the volume of state changes are significant and the number of computer groups rolling up the changes are high. For instructions on resolving this issue, see Knowledge Base article 967537 (http://go.microsoft.com/fwlink/? LinkId=146985).
The Failed Accessing Windows Event Log monitor is in a None. It is recommended that you do warning state even though it has access to the event not enable the monitor. log. If you have enabled it, you can disable This monitor is disabled by default. If you enable the it. monitor and it does not have access to the event log, it changes to a warning state (yellow). After you fix the issue by giving the monitor access to the event log, the monitor remains in a warning state even though it should change to a healthy state (green). The connected management group is not forwarding alerts and other monitoring data to the local management group. Enable the Tiered Management Group Synthetic Transaction monitor for the connected management group. For instructions, see "Configure a Connected Management Group" in Optional Configuration. 33
Problem
Solution
When the Health Service Heartbeat Failure monitor for agents attempts to recover an agent automatically, access is denied.
Add a Run As account to the Automatic Agent Management Account Run As profile. The Run As account must have administrator access on the target computers. For instructions, see "Enable recovery for the Health Service Heartbeat Failure Monitor" in Getting Started.
Add a Run As account to the Validate Alert Subscription Account Run As profile. The Run As profile requires a Run As account that is a member of the Operations Manager Administrators user role and has administrator access to the root management server. For instructions, see "Add a Run As Account to the Run As Profile for the Validate Alert Subscription Account" in Getting Started.
The configuration service for the Windows service state does not restart automatically.
To automatically start the configuration service when it stops, you must enable an override. For instructions, see "Set the Configuration Service to Restart Automatically" in Getting Started.
The availability health of the Operational Database Watchers Group does not roll up to the management group.
Enable the Operational Database Watchers Group to Management Group Availability Health Rollup. For instructions, see "Enable the Operational Database Watchers Group to Management Group Availability Health Rollup" in Getting Started.
Computers running Windows Vista or Windows Server 2008 fail to respond to ping.
The default firewall settings for computers running Windows Vista or Windows Server 2008 prevent the computers from providing a ping response. The Ping task in Operations Manager and any diagnostic or recovery tasks that use ping will fail 34
Problem
Solution
when run against a computer running Windows Vista or Windows Server 2008 unless the firewall settings on the computer are configured to allow incoming ICMP traffic. The Ping Status monitor and the Heartbeat Failure monitor use ping. You can disable these monitors for computers running Windows Vista or Windows Server 2008, or you can configure the computers to allow incoming ICMP traffic. For instructions on changing the firewall configuration, see Create an Inbound ICMP Rule on Windows Vista or Windows Server 2008 (http://go.microsoft.com/fwlink/? LinkId=161045).
Appendix: Reports
The Operations Manager Management Pack includes the following reports. The Data Volume by Management Pack report compiles information on the volume of data generated by management packs. The report lists the number of occurrences per management pack for the following data types: Discoveries Alerts
Performance (number of instances submitted for performance counters collected by management pack) Events State changes
The purpose of this report is to provide insight into which management packs are driving the data volumes in your environment so that you can establish baselines and identify opportunities for tuning. From this report, you can obtain more specific details per management pack, using the Data Volumes by Workflow and Instance report. The Data Volume by Workflow and Instance report compiles information on the volume of data generated, broken down by workflows (discoveries, rules, monitors, etc.) as well as by instances. There are two ways to access this report:
35
In the Data Volume by Management Pack report, click one of the counts cells in the table at the top of the report to open the Data Volume by Workflow and Instance report for the management packs. Run the report directly from the Reporting section in the Operations console. If you run the Data Volume by Workflow and Instance report directly, you should set the parameters of the report to customize the results; this report is designed to provide details for information in the Data Volume by Management Pack report and so the default parameter settings may not provide the information you are looking for. The Agent Counts By Date, Management Group and Version report compiles information on the Operations Manager agents deployed in your environment. You can use this report to track the progress of agent deployments and the current distribution of agent versions. You can filter the information in the report by adjusting the parameters for date and time, aggregation, and management group. Note By default, the report will contain data for all management groups that have data in the data warehouse database. The Agents by Health State report displays a list of all health services on agents, management servers, gateway servers, and the root management server. Health service states that you can select to include in the report are the healthy state (green), warning state (yellow), critical state (red), and unavailable state (gray). You can select to include or exclude computers that are in maintenance mode in this report. The report includes the length of time that each unhealthy health service has been in that state.
37
This report shows the operating system version used in the Operations Manager infrastructure (management servers). By default, this report needs no parameters, but it is possible to modify the start and end dates. Management Packs Report This report shows the versions of each management pack that is installed in your environment. It also summarizes all the overrides you have defined in your environment, as well as custom rules and monitors you have authored. By default, this report needs no parameters, but it is possible to modify the start and end dates. Most Common Alerts Report This report shows the most common alerts generated within the report period (by default one week). It also shows this data by management pack. By default, this report needs no parameters, but it is possible to modify the start and end dates. Alerts Per Day Report This report shows the number of alerts generated per day from each rule or monitor that alerted within the report period (by default one week). By default, this report needs no parameters, but it is possible to modify the start and end dates.
39