You are on page 1of 80

Microsoft Operations Manager 2005 Operations Guide

Monitor
Author: Dan Wesley Program Manager: Tom Keane
Published: December 2004 Applies To: Microsoft Operations Manager 2005 Document Version: Release 1.0

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

© 2004 Microsoft Corporation. All rights reserved.
Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveSync, and Windows Mobile are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Acknowledgments Primary Reviewers: James R. Morey, Tom Keane, Doug Bradley, James Hedrick, Ian Jirka Managing Editor: Sandra Faucett

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Monitor

C H A P T E R

3

This chapter describes the monitoring functionality of Microsoft® Operations Manager (MOM) 2005, and provides detailed information about monitoring specific MOM components to ensure that MOM is operating correctly. The chapter also provides information about using the Operator console, which is a new feature in MOM 2005. Although the chapter’s scope is MOM 2005, many of the best practices, recommendations, and tips can be used to monitor various applications in an IT environment, such as domain controllers, Microsoft® SQL Server™, and Exchange Server.

In This Chapter
• • • • • • • • • Introduction Before You Begin Monitoring Overview The MOM Management Pack Configure the Monitoring Environment Work with Alerts Monitoring MOM Using Tracing and Log Files Additional Resources

Introduction
The following best practices are recommended to help you support MOM:
Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

6

Chapter 3

Monitor

Use the knowledge base. Encourage employees to enter their knowledge about resolving a problem into the knowledge base, so that this knowledge is available for everyone, and is not lost if the employee moves on. Enforce a policy that all resolved incidents in the ticketed system are transferred back to a resolved resolution state in MOM by either the subject matter expert or the help desk. Document all processing rule changes, including newly added rules, previous and modified threshold values, and modified or added scripts. Limit the number of MOM Administrator and MOM Author roles to a few individuals who are responsible for rule changes. Other MOM users, such as Exchange or Active Directory® Administrators, should only be members of the MOM Users group (unless these users need to edit rules or runtime tasks).

• • •

The information in this chapter is based on a MOM deployment, with distributed components, that is managing 20 computers. Although your organization’s IT group may support fewer or more computers, this chapter provides guidance that you can use in your environment.

Before You Begin
Before you start setting up your monitoring environment, you should verify that you have completed all of the tasks identified during deployment, and have implemented the recommended settings for the various MOM components. It is recommended that you review: • • The MOM 2005 release notes to identify any changes that could affect operations. The Microsoft Operations Manager 2005 Security Guide. This guide contains security best practices and information about the level of privileges required to work with MOM components. You have deployed and configured MOM using the best practices and recommendations documented in the Microsoft Operations Manager 2005 Deployment Guide. This guide also provides information about: • • • • Supported deployment scenarios. Deploying agents automatically or manually. Installing Management Packs and reports.

For monitoring your MOM deployment, ensure that: •

You have agents installed on distributed MOM components, such as the operational and reporting database servers.

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

7

You have installed all of the Management Packs that you want to use for monitoring MOM servers.

It is recommended that you download the Microsoft Operations Manager 2005 Resource Kit, which contains tools and best practices that you can use for monitoring, troubleshooting, and optimizing your MOM environment. Chapter 8 of this guide, “Tools”, provides information about the resource kit tools as well as the tools that ship on the product CD.

Monitoring Overview
Because operations management requires actionable data, monitoring is a critical component of MOM 2005.

The role of MOM
In a monitoring role, MOM: • • • • Gathers computer attribute information and applies specific rules to monitor these computers, based on their attributes. Obtains data from event logs and other providers, as defined by specific rules. Collects performance data based on performance counters. Generates alerts based on criteria specified in rules. Criteria are based on occurrence of specific events or thresholds, which are based on the number of events or performance counters (this includes combinations of performance counters).

The role of the IT Staff
Operations staff can use monitoring data to: • • • • Determine the state of a managed computer. Manage alerts. Run tasks on managed computers to diagnose or correct problem states. Generate reports to capture performance trends that can be used for capacity planning or performance tuning.

How monitoring is used
Monitoring data is used to quantify, evaluate, and sustain a level of IT service. The level of service is based on: • Availability: communication and access monitoring.

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

8

Chapter 3

Monitor

• • •

Performance: performance counters within acceptable parameters. Capacity: ensuring disk capacity is adequate, for example, and capacity analysis/planning. Identifying errors or conditions that affect the previous three aspects of service levels.

The role of Management Packs
Management Packs apply the discipline of monitoring to a specific technology. Each Management Pack includes the rules and rule criteria, tasks, views, and reports that are tailored to monitor the services provided by the technology. This chapter specifically addresses using the MOM 2005 Management Pack to monitor your MOM installation.

The MOM Management Pack
All of the Management Packs depend on the health and availability of the Microsoft® Operations Manager (MOM) server components and agents, as well as the successful forwarding and retention of monitoring data. The MOM Management Pack monitors problems with agent deployment and configuration, communications failures, security issues, and the MOM Connector framework. Automated tasks provide easy access to common network administration and diagnostic tools. Reports call attention to performance bottlenecks and provide data for capacity planning. Table 3.1 summarizes the monitoring scenarios for the MOM Management Pack. The MOM Management Pack has undergone extensive modeling and testing to ensure that minimal configuration is required for most deployments.

Best Practices
It is recommended that you review the following best practices for Management Packs. Changing Management Packs It is recommended that you do not change any MOM Management Pack settings until you have performed a thorough analysis to determine whether changes are required. If changes are required, ensure that these changes are adequately tested. • If you change company knowledge or enable a disabled setting, you can edit the original rule. This is possible because these settings are preserved when you import the Management Pack by using the update option. If you change an enabled rule, follow these guidelines: • Make a copy of the rule that you want to change.

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

9

• • •

Disable the original rule. Make changes to the copy of the rule, and commit these configuration changes. Conduct tests on the copy of the rule.

Important
• Before you change any of the MOM Management Pack settings, refer to The Microsoft Operations Manager 2005 Management Pack Guide, which is available from the MOM product Web site. Additional guidance for Management Pack authoring is provided in the Microsoft® Operations Manager (MOM) 2005 Management Pack Development Guide. Guides for other Management Packs, such as Active Directory and Exchange Server 2003 are also available at the MOM Web site, and you should review these documents before implementing any changes.

Additional Management Packs It is recommended that you install additional Management Packs for your MOM deployment. The following Management Packs will extend the depth and breadth of monitoring for all of the MOM components.

Note
Management Pack version numbers are provided to help you locate the most recent version of the Management Packs. The Management Packs listed are available from the Download Center of the MOM Web site.

• • •

Windows Base Operating System - Monitors the performance and availability of Microsoft Windows Base Operating System 4.0 and later versions (MP version: 05.0.2803.0000). SQL Server 2000 - Detects and sends alerts about critical events. Helps indicate, correct, and prevent service outages or configuration problems (MP version: 05.0.2803.0000). Internet Information Services (IIS) - Monitors IIS events in the Windows NT and IIS event logs. For IIS 5.0 and IIS 6.0, it includes a script that polls and tracks the responsiveness of your IIS server (MP version: 05.0.2803.0000). Microsoft Baseline Security Analyzer (MBSA) - Performs security vulnerability assessments and security update scans of computers running Microsoft Windows 2000 or later (MP version: 05.0.2803.0000).

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

10

Chapter 3

Monitor

Microsoft Windows Server Clusters - Highlights events that may indicate possible service outages or configuration problems, so that you can take action. The highlighted events provide information about many parts of a server cluster (MP version: 05.0.2803.0000)

Installing and Tuning Management Packs It is recommended that you install the Management Packs in batches, and then fine-tune and optimize each one. This approach is considerably easier than enabling and disabling large numbers of rules. Most Management Packs should not require you to make large-scale changes, in order to optimize for your environment. Generally, changing less than 5 rules in an MP is the most that is required. You can, typically, identify these rules by using the most common event and alert reports. If you want to disable multiple rules, either disable processing rule groups associated with computer groups, or just computer groups, rather than disabling all processing rule groups or all rules. Importing and Exporting Reports Note the following information related to importing and exporting reports: • • The report import/export component of the Import/Export Management Packs Wizard does not support either the import or export of linked reports. When exporting reports using the import/export utility, password information is not exported if the underlying data source uses Structured Query Language (SQL) authentication for security reasons. When these reports are imported on a different computer, the reports will be broken because they will not contain the password. In this scenario, the work-around is to edit the data source and enter the required password.

Importing Management Packs with Custom Tasks When you use MOM to import a Management Pack that contains a custom task, the custom task is not visible in the Administrator console navigation pane after the import is completed. Although the custom task is successfully imported and created, you may have to refresh the Tasks folder, in the MOM 2005 Administrator console, for the custom task to be displayed correctly. To do this, use the following procedure.

Refresh the Tasks list in the Administrator console
1. In the Navigation pane, expand the Management Packs node to show the Tasks folder. 2. Right-click Tasks, and then click Refresh. Management Pack Monitoring Scenarios The following tables provide summary information about the monitoring scenarios for each of the recommended Management Packs including the Management Pack for MOM 2005. This information is extracted from each of the guides that are available for each Management Pack.
Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

11

Table 3.1 MOM 2005 Management Pack
Scenario Agent deployment and upgrade Agent monitoring • • • • • • • • • • • • • • • • • • • Description Installation success and failure Upgrade success and failure Uninstall success and failure Heart beats Script failures Service discovery problems Managed code responses Task failures Provider problems Override issues Queues Agentless monitoring failures Permissions issues Response failures Computer discovery issues Service discovery issues Database communication issues Queues User Datagram Protocol (UDP) and Transmission Control Protocol (TCP) communication issues Database space issues Configuration issues Authentication issues Grooming issues Microsoft SQL Server™ Reporting Server service issues Data warehouse grooming issues Forwarding and inserting issues Data configuration issues Legacy Client connections refused

Agentless monitoring Management Server monitoring

Database monitoring

• • • • • •

Reporting monitoring

MOM Connector framework • monitoring • Security •

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

12

Chapter 3

Monitor

• • • • • Performance monitoring

Large number of legacy connections refused Agents failing authentication Port floods and unauthorized access attempts Connection negotiations failures Manual agent connections refused

Agent: • Processor time • Private bytes • Alert processing and incoming time • Network bytes sent and received Database: • Insertion time for alert • Performance • Service discovery and event data Management Server: • Channel errors • Fragmented packets • Total connections (agents) • Total legacy connections (MOM 2000 Service Pack 1 (SP1) agents) • Network bytes sent and received

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

13

Note
Previous versions of the Microsoft Management Packs, for MOM 2000 and MOM 2000 SP1, will work with MOM 2005. However, older Management Packs do not support new features such as state awareness and run-time tasks.

Table 3.2 Windows Base Operating System Management Pack
Description Scenario Service and application management • • • • Reliability • • • Storage • • • • • Networking • • Core Windows service up/down status Unexpected service terminations Service configuration issues Service account and authentication issues Detection of reoccurring application terminations Gathers data on system shutdowns for shutdown reporting Reports system failures (for stop error reporting) Share availability issues Share configuration issues Local storage resource availability Local storage free space File system integrity and corruption issues IP address conflicts Disconnected network adapters Local storag e free space only Windo ws NT 4.0 Core Windo ws service up/dow n status only Windo ws 2000 Server ● Windo ws Sever  2003 ●

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

14

Chapter 3

Monitor

• Performance measuring Performance threshold monitoring • • • • • • • • • State monitoring and service discovery • • • • • • • • • •

Duplicate network names For most commonly used performance data Physical Disk — Avg. Disk sec. Physical Disk — Avg. Disk sec./Read Memory — Pages/sec. Processor — % Processor Processor — % DPC Processor — % Interrupt Time Memory — % Committed bytes in use Memory — Available megabytes Base OS services Storage Messenger service Computer browser Logical Disk Manager service Dynamic Host Configuration Protocol (DHCP) client Domain Name Service (DNS) client Remote Procedure Call (RPC) health Server service Transmission Control Protocol/Internet Protocol (TCP/IP) NetBIOS Helper service Hardware discovery Event log Workstation service ● ● ● ● ●

• • •

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

15

Table 3.3 SQL Server Management Pack
Scenario Enterprise configuration support • • • Service and database availability and health • • • • • • • • • • • • • • Description Multiple instance-aware 100% cluster-aware ( Active/Passive and Active/Active) Monitors SQL Server 64- bit edition Availability of SQL Server SQL Agent services Full Text Search service Alerts on databases in suspect and emergency states Local connectivity Database connectivity issues Port bind errors Configuration errors Protocol problems Corrupt system databases Connects to SQL Server remotely to simulate the client experience Tests database response time with custom Transaction Structured Query Language ( TSQL) query Evaluates intermediate network connectivity User-defined criteria: • Query to execute • Database to query • Response time • Client computers Intelligent free space monitoring monitors the remaining space in all databases and transaction logs Files and file groups aware Enterprise adjustable warning and error

Database connectivity

Remote connectivity

Database space

• • •

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

16

Chapter 3

Monitor

thresholds Separate threshold for: • Logs and databases • System databases • TempDb • User databases Check computers running SQL Server for compliance with a minimum (user-defined) service pack or hotfix level Generate success and failure alerts for auditing Service pack and compliance reports display version, build, and service pack levels

Service pack compliance

• • •

Configuration monitoring

Alert on configuration inconsistencies in your enterprise for each database, including: • Auto Close • Auto Create Stats • Auto Shrink • Auto Update Stats • Cross Database Chaining • Torn Page Detection • Monitors blocking system process IDs (SPIDs) based on a blocking duration threshold time. Alert details include: • Blocked SPID • Blocked by SPID • Program Name • Block duration • Login Name • Database Name • Resource • Topped blocked report allows further details on data, including top blocking users, application, and average blocking time

Blocked processes

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

17

Replication monitoring

Monitors the health of SQL Server replication and alerts on replication failures. Job run time measured in real time, and compared against a predetermined threshold. Monitors SQL Server security and audit events: Denied administrative functions Single-user mode startup License compliance Shutdowns Configuration problems Collection of audit data Successful and failed Logins Trusted and untrusted connections Failed SQL Agent Jobs Job corruption Failed notifications SQL e-mail problems Failed backups Full backups Incremental/differential backups Restore errors Poor disk responses Excessive SQL process CPU use Deadlocks Excessive user connections Schema-specific performance problems

Long running agent jobs

Security monitoring

• • • • • • • • •

Backups and jobs

• • • • • • • • • • • • •

Server performance

Table 3.4 IIS Management Pack
Scenario Service availability • • Description Monitors the availability and health of the following services: World Wide Web Publishing IIS 5.0 ● IIS 6.0 ●

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

18

Chapter 3

Monitor

• • • • • Application availability and integrity • • Security • • • Site Integrity • • • World Wide Web Publishing Service specific • • • • • • Related services • • • • •

Service File Transfer Protocol (FTP) Network News Transport Protocol (NNTP) Simple Mail Transfer Protocol (SMTP) HTTP Filter IIS Admin Alerts and reports on client detected errors, including Server Too Busy Detects configuration problems with Web sites and applications ● ●

Performs basic detection of ● unauthorized access attempts Detects brute force attacks and denial of service attacks Automatically blocks attackers by IP address Detects missing links from Web logs Detects invalid URLs Detects de-activated Web sites Worker process failures Service configuration problems with Web site stopped states Configuration issues Web site binding issues Misconfigured bindings Logging issues Unexpected failures Configuration related failures Inability to create application pools Identity issues Service startup and shutdown ●

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

19

timeouts Worker process recycle requests and events

Table 3.5 MBSA Management Pack
Description Scenario Set up of Microsoft Baseline Security Analyzer (MBSA) • • Places the MBSA binaries on all agent computers Automatically downloads updated copies of the Mssecure.cab file Reports missing security patches Reports missing service packs Detects other security vulnerabilities known to Microsoft MBSA setup issues on agent computers Permissions issues on agents that prevent MBSA from scanning MBSA scanning issues on agent computers Issues with reading the MBSA output file on agents IE zones not configured for security IE enhanced security configuration not enabled for administrators IE enhanced security configuration not enabled for non-administrators MSADC and Scripts virtual Windo ws 200 0 Server ● Windo ws Server 2003 ●

Security Reporting

• • •

MBSA Issues

• • • •

Internet Explorer (IE) vulnerabilities

• • •

Internet Information

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

20

Chapter 3

Monitor

Services vulnerabilities • • • • • • Windows operating system vulnerabilities • • • • • • • • • • Microsoft SQL Server ™ vulnerabilities • • • •

directories are installed IIS parent paths are enabled IISADMPWD virtual directory is installed IIS sample applications found IIS Lockdown Tool not run on specific servers IIS logging is disabled IIS is installed on a domain controller Local account password is blank or weak Windows Firewall is disabled Too many users in the local administrators group Auto logon is enabled “Password never expires” is set on local account Current RestrictAnonymous registry setting presents a high security risk Automatic updates are not enabled Local guest account is enabled Logon and logoff event auditing is disabled File system is not NTFS Everyone group has more than Read permissions to SQL Server registry keys SQL Server or MSDE password is exposed in clear text log SQL Server or MSDE local password is weak BUILTIN\Administrators is a member of SQL Server SysAdmin role ● ●

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

21

• • • • • • •

SQL Server or MSDE service accounts are running as LocalSystem Mixed-mode authentication SQL Server or MSDE directory access is not secure Guest account has access to one or more databases SQL Server or MSDE is installed on a domain controller Non-SysAdmin user has CmdExec privileges Too many users are in the SQL Server SysAdmin role

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

22

Chapter 3

Monitor

Table 3.6 Windows Server Clusters Management Pack
Description Scenario Service monitoring • • Resource groups and resource health • • • Cluster service stopping or stopped Cluster service failed to start Availability of resource groups Resource group failover Availability of disk, name, network and IP Address resources Quorum dependency errors Quorum unavailable Corrupt quorums Read-only quorums Quorum space alerts Node failures to join cluster Initialization failures Cluster node evictions and eviction errors Network configuration errors Network communication failures DNS issues Kerberos authentication problems Active Directory® communication errors IP address issues Account or password issues Disk corruption errors Failure to bring resources online Windo ws200 0 Server ● Windo ws Server 2003 ●

Quorum resource monitoring

• • • • • • • • • • • • • •

Cluster node monitoring

Cluster network issues

General resource issues • • •

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

23

• •

Failed resources Disk mount errors

Rule Overrides
Rule overrides is a valuable tool, provided by MOM, to enable you to override a rule for a computer or computer group. Overrides can be used and shared by rules, scripts, and the MOM APIs. For example, in a scenario where there is a server with performance capabilities that are lower than other servers in the group, it can trigger a performance alert before the other servers in the same group. Rather than lower the performance threshold in the rule for all of the servers, you can create an override that identifies the server and the rule. You must be a member of, at a minimum, the MOM Authors group to create an override in the Administrator console. Use the following procedure to create an override for an event rule. You can use the same procedure to create an override for alert rules and performance rules.

Create an override for an event rule
1. In the Navigation pane, locate the rule group for the rule. 2. In the Details pane, right-click the rule name and click Properties. 3. On the General tab, select the check-box for Enable rule-disable overrides for this rule.

Note
If the rule is disabled, the prompt for the check-box is Enable rule-enable overrides for this rule.

4. Click the Set Criteria button to open the Set Override Criteria property page, and then click Add. 5. Click the right-arrow button beside the Target: input area, and then pick Computer Group or Computer to specify the target. 6. In the Add Computer property page, select a computer to add, and then click OK. Repeat steps 5 and 6 if you want to add more computers. 7. By default, the Value: is Disable (0) if the rule is already enabled. Click OK. 8. Click OK to close the Set Override Criteria property page, and then click OK to close the property page for the rule.

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

24

Chapter 3

Monitor

Configure the Monitoring Environment
The extent to which you configure your monitoring environment depends on several factors, such as business requirements, the complexity and size of your organization’s MOM deployment and the level of MOM expertise in your IT support group. Things to consider when configuring your monitoring environment: • • • • • • What user accounts do you need to implement for monitoring your computers? What individuals or groups of individuals in IT support do you need to notify? What computer groups and associated rules do you need for monitoring specific computers or groups of computers? What information does your support staff need in order to do their job successfully? Are there any requirements or opportunities for using built-in or custom tasks to support problem resolution? Do existing rules need to be customized to provide the best fit for the hardware and software that you want to monitor?

Figure 3.1 illustrates the sequence of tasks that are used to configure a MOM monitoring environment. You can implement the configuration that is described, as appropriate for your MOM deployment. Figure 3.1 Configure the monitoring environment

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

25

The following tasks are labeled according to the process shown in Figure 3.1, and each task heading identifies the minimum MOM local group membership that is required to undertake the task.

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

26

Chapter 3

Monitor

Task 1 - Add users to MOM local groups (MOM Administrator)
IT support staff have to be added to one of the MOM local groups described in Chapter 2, “MOM 2005 Feature Overview”. For more information about MOM security, see The Microsoft Operations Manager 2005 Security Guide, which is available at the MOM product Web site.

Note
All members of the Local Administrators group are automatically added to the MOM Administrators group.

Use the following procedure to add users or domain groups to the MOM Users group.

Add a user to the MOM Users group
1. Log on to the MOM Management Server with an account that has sufficient privileges to add users to a local group. 2. On the Start menu, point to Programs, point to Administrative Tools, and then click Computer Management. 3. Expand Local Users and Groups, and then click Groups. 4. Right-click MOM Users and pick Add to Group to open the MOM Users Properties page.

Note
In Windows Server 2000, the dialog is named Select Users or Groups, and the format for adding a user is: domain\user.

5. Click Add to open the Select Users, Computers, or Groups dialog. 6. At the Enter the object names to select prompt, type in name of the user that you want to add, and then click OK to close the dialog. 7. Click OK to close the MOM Users Properties page. You can use the preceding procedure to add users to the other MOM groups, based on the tasks that the users need to perform. For example, any user who needs to edit rules or create a new rule has to be added to the MOM Authors group.

Task 2 - Add Operators (MOM Author)
You need identify the operators that you want to notify, how they should be contacted, and when they should be contacted. To do this, run the Create Operator dialog from the Administrator console. Use the following procedure to create an Operator.
Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

27

To create an Operator
1. In the Navigation pane, expand Management Packs. 2. In the Navigation pane, right-click Operators. 3. Pick Create Operator to open the dialog for creating an operator. 4. Follow the instructions in the dialog.

Note
Any changes that you make to a Management Pack are not immediately deployed to managed computers. By default, the MOM Management Server scans for rule changes every five minutes. Refer to Chapter 7, “Administrator Console Reference” for more information about Global Settings. See Also: “Commit Configuration Changes”.

Commit Configuration Changes (MOM Author)
If you want to commit Management Pack configuration changes immediately after they are made, use the following procedure in the Administrator console.

Commit configuration changes.
1. In the navigation pane, right-click Management Packs. 2. Pick Commit Configuration Change.

Task 3 - Create Notification Groups (MOM Author)
Notification Groups support sending notifications to a group of operators, rather than individual operations.

Note
MAPI notifications are not supported in MOM 2005. Use SMTP or Exchange solutions for sending notifications.

After you have finished creating operators for your MOM environment, you can add them to one of the existing Notification Groups provided by the MOM Management Pack, or you can create a new notification group. You use the Administrator console to create a notification group.

Note

Predefined notification groups are determined by the Management Packs that you install. The MOM Management Pack creates the Operations Manager Administrators group Did you and the Operations Manager Please send Testing group. A and comments about find this information useful? Notification your suggestions newly created notification group needs to be referenced by a the documentation to momdocs@microsoft.com. rule response before notifications are sent to the group. Looking for more MOM information? Experience the power of customer communities! MOM Community

28

Chapter 3

Monitor

Create a notification group
1. In the Navigation pane, expand Management Packs, and then expand Notification. 2. Expand Notification Groups to view the groups that are available. 3. Right-click Notification Groups and pick Create Notification Group to open the Notification Group dialog. 4. Follow the instructions in the dialog to create the group and identify the operators that you want to be members of the group.

Task 4 - Create new computer group (MOM Author)
By using custom computer groups, it is possible to further organize the monitoring and management of computers in your organization. For example, you can create a computer group that consists only of Web servers, and use a computer group as a container for the servers that you specify. Use the Administrator console to create a new computer group. After you create the computer group, it is necessary to associate the computer group with a rule group.

Create a new computer group
1. In the Navigation pane, expand Management Packs. 2. Right-click Computer Groups and pick Create Computer Group to start the Create Computer Group Wizard. 3. Follow the wizard steps to create a new computer group.

Task 5 - Associate rule group with computer group (MOM Author)
Use the Administrator console to associate a computer group with a rule group.

Associate rule group with new computer group
1. In the Navigation pane, expand Management Packs. 2. Expand Rule Groups and locate the rule group that you want to associate with a computer group. 3. Right-click the rule group that you want to configure, and then pick Associate with Computer Group to open the properties page for the rule group. 4. On the Computer Groups tab, click Add to view a list of available computer groups. 5. In the Select Item page, click the computer group that you want, and then click OK. 6. Click OK to save your changes and close the properties page.

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

29

Task 6 - Create/modify console scope (MOM Administrator)
Console scopes provide a way to partition operational responsibility within a Management Group by filtering information for your operations support staff. This partitioning makes it easier for your support staff to monitor the specific computer groups that they are responsible for. Use console scopes to associate a set of computer groups with a list of users. The console scope contains the assigned set of computer groups that the user can access through either the Operator console or the Web console. These computer groups are used to populate the list of computers displayed in the Computer Groups list in the console tree. This limits the users to seeing only those computers that are in the computer groups associated with their console scope. However, console scopes are not a security mechanism that you can use to limit user access to computer groups. When a user opens the Operator console, the console program establishes a connection with the last MOM Management Server that it was connected to, and accesses the MOM database to retrieve the console scope that is associated with the user. MOM provides three console scopes that can be used immediately; the default settings for these scopes are: • • • MOM Administrator Scope - associated with all computer groups. MOM Author Scope - associated with all computer groups. MOM User Scope - not associated with any computer group.

Best practices The following best practices are based on customer feedback. • • Map Operator roles and responsibilities to the Computer Group structure; this enables you to integrate MOM with your existing processes. Create console scopes for each section of your IT Operations group that needs to view, and work with operational data, such as alerts.

You use the Administrator console to create or modify a console scope.

Create a new console scope
1. In the Navigation pane, expand the Administration node. 2. Right-click Console Scopes and pick Create Console Scope to start the Create Console Scope Wizard. Click Next to begin creating a console scope. 3. Follow the wizard steps to create a console scope.

Modify a console scope
1. In the Navigation pane, expand the Administration node.
Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

30

Chapter 3

Monitor

2. Click Console Scopes to display the existing console scope in the Details pane. 3. In the Details pane, right-click the name of the scope that you want to modify, and then pick Properties. 4. Use the General and Users tabs to make the changes that you want, and then click OK to close the properties dialog box.

Task 7 - Create a new task (MOM Author)
You use the Administrator console to create a new task.

Create a task
1. In the Navigation pane, expand Management Packs.Right-click Tasks, and then pick Create Task to start the Create Task Wizard.

Note
The task that you create will be saved at the location where you started the wizard. For example, starting the wizard from the Microsoft Operations Manager folder (below the Tasks folder) results in the new task getting stored at that location in the folder hierarchy.

Tip
When you right-click Tasks you also have the option to create a folder that you can use for organizing any new tasks that you create.

2. Follow the wizard steps to create a task. After you create the task, it will appear in the Operator console Tasks pane, but will only be active for the View type (Alerts, Events, Computers) that you configured.

Note
If the Operator console was open when the task was created, you have to refresh the console to see the new task.

Task 8 - Add or modify rule groups and rules (MOM Author)
In addition to modifying any of the existing rules in MOM, you can create new rule groups and rules. As noted in the “MOM Management Pack” section, consult the Microsoft Operations Manager 2005 Management Pack Guide before modifying existing rules.

CreateNote group a rule
Before you can modify existing rules you have to enable Did you find this information useful? Please send your suggestions and comments about Authoring mode. Authoring mode activates user interface the documentation MOM that enable you to create and edit vendor features in to momdocs@microsoft.com. specific knowledge. Enabling Authoring mode also enables Looking advancedMOM information? Experience the power of customer communities! for more properties on rules, groups and other items that are read-only or disabled by default. The Microsoft Operations MOM Community Manager 2005 Management Pack Guide provides detailed information about Authoring mode.

Work with Alerts

31

Create a rule group
1. In the navigation pane, expand Management Packs and click Rule Groups. 2. Expand Rule Groups and navigate to the location where you want to create a rule group. 3. Right-click the folder where you want to create a rule group and pick Create Rule Group to open the Rule Group properties page. 4. Provide a name and description, and company knowledge, if you want. 5. Click Finish to save the Rule Group. You will be asked if you want to deploy the rules in the rule group to a group of computers. It is recommended that you do not do this until you have finished adding rules to the rule group.

Create a rule
1. In the Navigation pane, expand Management Packs and click Rule Groups. 2. Expand Rule Groups and navigate to the rule group where you want to create a rule. 3. Expand the rule group that you have selected and right-click the type of rule that you want to create (Event Rules, Alert Rules, or Performance Rules). 4. Click Create Event|Alert|Performance Rule to open a rule dialog. 5. Follow the steps in the dialog to create and configure the rule that you want.

Note
If the Operator console was open when the rule was created, you have to refresh the console to see the new rule.

Task 9 - Customize the Operator Console (MOM User)
Chapter 2, “MOM 2005 Feature Overview”, provided information about the different views, and the various levels of filtering that an Operator console user can apply. This section builds on this information to describe how you can customize the console.

Note
The supported number of Operator consoles per management group is 15.

The default appearance of the Operator console is shown in Figure 3.2. The primary work areas are labeled. Figure 3.2 Primary work areas of the Operator console

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

32

Chapter 3

Monitor

In Figure 3.2, note that all of the panes are displayed, and a single pane is provided for results. Also, by default, all of the available toolbars are visible. You can show or hide panes, configure the display of information in the Results pane, save data in the results pane, and show or hide toolbars. Use the following procedures to work with panes and toolbars.

Show or hide panes
• On the Menu and toolbar, click View and then select or deselect the check-box of the item that you want to change. If you hide the Tasks pane, you can use the Tasks button to show/hide this pane whenever you want.

Use the following procedure to configure the display of information in the Results pane for all of the views except the Diagram view.

Configure the display of information in the Results pane
1. Right-click within the Results pane,and pick Personalize View to open the Personalize View dialog box. This dialog displays Available columns: and Displayed columns:, areas that list the information fields that are available for the view and that are currently displayed in the view.
Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

33

2. To change the order of a field that is displayed, click the field name and click either the Move Up or Move Down button to move the item. 3. To remove a field that is displayed, click the field name and then click the Remove button. 4. To add a field to the displayed fields, click the field name shown in the Available columns: list, and then click the Add button. 5. When you have finished customizing the view, click OK to save the results. When you are working with items in the Results pane, you can copy all of the information that is displayed for an item and save it as a text file.

To copy and save information displayed in the results pane
1. In the Results pane, click the name of the view item that you want to save. 2. Right-click the item and then click Copy Formatted Data. 3. Create a new file using any text editor and paste the data that you copied into the file.

Note
You can bulk-select items in the Results pane and copy everything that you selected.

Show or hide toolbars
1. On the Menu and toolbar, click View and then pick Toolbars. Select or deselect the checkbox for the toolbar that you want to show or hide.

Note
Referring to Figure 3.2: • The State Indicators toolbar consists of buttons A, B, and C, which are health indicators. (A = Critical, B = Warning, and C = Successful) The View toolbar consists of buttons D, E, and F. (D = Alert View Properties, E = Personalize View, and F = Edit view time filter)

2. An option that IT staff may want to use is the multi-pane capability of the Operator console. This option is illustrated in Figure 3.3. Figure 3.3 Customized Operator console

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

34

Chapter 3

Monitor

Using Figure 3.2 as a reference, follow these steps to create the three-pane view illustrated in Figure 3.3.

Enable multiple Results panes
1. In the Menu and Command bar, click File and then pick Console Settings to open the Console Settings dialog box. 2. At the View pane configuration: prompt, use the list box and select three panes. 3. Click OK to save the configuration. There are now three results panes shown in the console, with the top one pre-selected for the Alerts view.

Associate a view with a Results pane
1. Click the pane below the Alerts results pane and click the Computers and Groups navigation button to associate that view with the second pane.

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

35

2. Click the pane below the Alerts results pane and click the Computers and Groups navigation button to associate that view with the second pane. 3. Click the pane below the Computers results pane and click the State navigation button to associate the State view with this active pane. 4. Click View on the Menu and Command bar; clear the check-box beside the Navigation pane and the Tasks pane to hide these views. 5. Click File on the Menu and Command bar and then click Save As to save the current Operator console configuration. The console is saved as an .omc file using the name that you provide. Operators can create and save multiple custom consoles that they can either use individually, or share. In addition to the views that are provided, an Operator console user can create private or public views. All of the predefined views provided with MOM are public, and are created and populated by the Management Packs that are installed. If a view is created in the Public Views folder, it is visible to anyone who uses the Operator console. Private views must be created in the My Views folder, and are only seen by the Operator who created the view. The following procedure for creating a view can be used for creating a view for either the Public Views or My Views folders.

Create a view
1. Click the My Views navigation button to show the contents of the folder in the Navigation pane. 2. In the Navigation pane, click All My Views and pick New. You have the option of creating a new folder or picking the type of view that you want to create. If you plan to have many views, it is recommended that you use folders to organize the views that you create. 3. Pick the type of view that you want to create to open a Create New - [View Type] dialog. 4. Use the dialog to create the new view.

Note
The MOM online Help provides detailed information about criteria that are available for defining the different types of views.

Work with Alerts
The Operator console is the primary interface for working with managed computers. Anyone using this console can obtain different types of information about the computers that they
Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

36

Chapter 3

Monitor

manage, resolve alerts, perform diagnostics, and run tasks against selected computers — within the boundaries of the console scope that they are using.

Web Console Notes
As noted in Chapter 2 of this guide, the Web console provides the following subset of Operator console views: Alerts, Computers, and Events. It does not provide the capability of running predefined tasks against a managed computer. Another important difference between the consoles is view filtering. A Web console user can filter any of the views, but this information is not retained after the user navigates away from the view. You can configure the Web console to be Read-only by using the following procedure.

Configure Web console as Read-only
1. On the server where the console is installed, open the %INSTALLDRIVE%\Program Files\Microsoft Operations Manager 2005\WebConsole\Web.config file in a text editor. 2. Locate this tag: <appSettings> 3. Remove the comment markers to enable addkey=”Readonly” value=”true”. 4. Save and close the file. 5. Stop and restart the Microsoft Operations Manager 2005 Web console application in the Internet Information Services snap-in.

Operational data processing cycle
Managed computers are continuously sending data to the Management Server. Event, performance, alert and discovery data originates on the managed computer. Although the internal processing of each type of data is different, the data flow is the same. Figure 3.4 illustrates how an alert is handled and processed by an operator. In this example, a WMI event indicating high queue length on an Exchange server provides the starting point in the process. Figure 3.4 Alert processing cycle

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

37

Referring to Figure 3.4: • The process described occurs, regardless of how MOM is deployed. For example, communications between the DAS and the database is the same when the MOM Database and MOM Management Server are installed on the same computer, or on different computers. Given the steps in process, the display of new information in the Operator console is almost real time, rather than actual real time. The refresh rate, especially for events, is directly related to the size of the operational database and the refresh rate that is configured for the Operator console.

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

38

Chapter 3

Monitor

There are several points where latency can occur and where data transfer can be interrupted; namely: between the agent and the Management Server, and between the Management Server and the operational database. See also: Monitor MOM Components.

Important
Latency and potential disruption in the data flow are important considerations for configuring high-service availability and performance tuning.

The Alerts View
This section covers the following aspects of working with an alert: • • • • • Obtaining information about an alert. Setting the alert resolution state. Adding comments to the Alert Details. Using maintenance mode. Running diagnostic tasks.

Service Level Exceptions This is a subset of the Alerts view that is used to flag alerts that have exceeded a predefined service level for the computer that is being monitored. You can change these settings by opening the properties page for an alert view, and editing the settings. In order to change the default settings you have to create a custom service level exception.

To create a custom service level exception
1. In the Alert View, click Service Level Exceptions. 2. In the Results pane, right-click the alert displayed as a service level exception to open the alert property page. 3. Click the Criteria tab to display the View description. 4. The phrase that begins with “and that violated” will contain the phrase “default company” as an active link. Click the link to open the Service Level Exception property page. 5. Click the radio button beside Custom service level agreement to display a list of service level options. 6. Each of the service level options in the list contains minute, hour, or day settings displayed as an active link. To change a setting, click the appropriate link to open the Service Level Agreement property page. 7. Change the setting and click OK to return to the Service Level Exception property page.
Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

39

8. When you finish configuring the custom service level exception, click OK.

View Alert summary
If the Alerts view is not active in the Results pane, click the Alerts navigation button. The columns in Table 3.7 are displayed by default for each alert. Table 3.7 Columns displayed for an alert
Column name Severity Description Indicates the severity of the alert, such as Service Unavailable or Success. Indicates whether the alert is in maintenance mode. Specifies the domain to which the computer belongs. Specifies the computer on which an agent generated the alert. Specifies the date and time that the alert was last changed. Indicates the status of the resolution process of the alert, such as New or Resolved. The resolution state indicates whether the resolution process has begun. Specifies the amount of time that the alert has been in the current resolution state. Indicates what problem state the alert is in. Specifies the number of identical duplicate alerts that this instance represents. Specifies the name of the rule that generated the alert. Indicates where the alert was generated, for example, from MOM, or a specific server.

Maintenance Mode Domain Computer Time Last Modified Resolution State

Time in State

Problem State Repeat Count

Name Source

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

40

Chapter 3

Monitor

Ticket Id Owner

Specifies the ticket ID assigned to the alert. Specifies the person responsible for tracking and resolving the alert

Note
The enabled columns only display data that is available. For example, if an Owner is not assigned to the alert, no information is displayed.

View Alert details
To view the details for an alert, click the alert in the Results pane. After a specific alert is selected, the tabbed view, illustrated in Figure 3.3, is dynamically generated for the alert. The following tabs are provided. See also: Alert View Sample. Properties Describes the alert and provides additional details, such as the Alert Id and the rule that generated the alert. From this tab you can: • • • Copy all or some of the information and paste it into a text file. Print the information. Disable the rule that generated the alert.

To undertake any of the preceding tasks, right-click anywhere in the display area and pick the action that you want to perform. Custom Properties Enables the user to provide additional information about the alert, including: • • The alert owner The ticket ID

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

41

Note
This information can be generated programmatically by integrating a ticketing system with MOM 2005. For guidance on ticketing solutions, refer to the “Autoticketing Solution” described in Chapter 8 of this guide.

Custom Fields (5) for adding information that can be used by other users in the IT support group.

Events Provides the following summary information about the event that generated the alert: Type (Information, Error or Warning), Time, Source Computer, Provider Type, Provider Name, and Source. To view more information about the event, right-click anywhere in the display area and pick View Events. Product Knowledge Displays the appropriate Management Pack knowledge for the alert. To view the knowledge in the browser window, click the View button. Company Knowledge Depending on the console scope, enables the user to view, copy, print, or add to the company knowledge base. If the user is a member of the MOM Authors or MOM Administrators groups, they can click Edit to open a text editor and create knowledge for the alert.

Note
When changes are made to the company knowledge, these changes are not tracked in the alert history.

History Displays summary information about the history of the alert, such as the management group it was created in and the notification group. A user can add comments to the alert history by clicking the Append button to open the Alert History dialog box.

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

42

Chapter 3

Monitor

Alert view sample
The following sample is typical, and represents the type of information that you can obtain in the Details pane of an Alert. Properties Tab
Error Alert Description: The host process host process for script responses (3036) will be restarted because it is using 20480 more bytes than its limit of 104857600. To adjust this limit, edit the Software\Mission Critical Software\OnePoint\MaxScriptHostPrivateBytes registry key. Management Group: MG2749 Name: The MOM Host process was consuming too much memory and will be terminated Severity: Error Resolution State: New Domain: SMX Computer: WOW406D Time of First Event: 11/23/2004 5:52:00 PM Time of Last Event: 11/23/2004 5:52:00 PM Alert latency: 0 sec Problem State: Investigate Repeat Count: 0 Age: Source: Microsoft Operations Manager Alert Id: 618b8e08-7e14-4778-87f6-d4ed5eeea89e Rule (enabled): Microsoft Operations Manager\Operations Manager 2005\Agents on all MOM roles\The MOM Host process was consuming too much memory and will be terminated

Product Knowledge Tab
Related Knowledge MOM OnlineManagement Pack Summary The Action Account (MOMHost.exe) process was consuming too much RAM (physical) memory and was restarted by MOM. The MOMHost.exe process is run under the agent Action Account and is used to gather information about, and perform actions on, the managed computer. This restart might signify a problem with the managed computer, especially if the host process is restarted often, this might indicate a problem with the managed computer. Causes This could be caused by any of the following: The amount of memory allotted to the process is too small and needs to be increased.

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

43

The host process is running too many tasks or is gathering data form too many providers at one time. The host process is running scripts that are not freeing resources. Resolutions To troubleshoot and fix this problem: 1. Make sure that the managed computer is not low on resources. 2. If the managed computer rarely uses more than 70% of its RAM memory, you can increase the amount of memory allotted to the MOMHost.exe process. To increase or decrease the amount of memory allotted to the MOMHost.exe process: In Regedit.exe (or some similar Registry editor), change the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Mission Critical Software\OnePoint MaxDefaultHostPrivateBytes REG_DWORD <bytes> NOTE - the default setting for this key value is 0x6400000 (100MB). 3. Continue to monitor the process by looking for this alert. If you see this alert for the host process on a specific computer and you have already increased the memory allocation, consider enabling tracing for the computer. To enable or disable tracing for a specific agent: In Regedit.exe (or some similar Registry editor), change the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Mission Critical Software TraceLevel REG_DWORD = 1 - 6 -1 = disabled (default) 0-2 = error level tracing only 3-5 = error and warning level tracing only 6 = error, warning and information level tracing NOTE - Setting the registry key value to 4 or higher will affect the performance of the MOM Service on the managed computer.

Set Alert Resolution State
When an alert is first received, its Resolution State is automatically set to New. Support staff can change this state, as appropriate.

Set alert resolution state
1. In the Results pane, click the alert that you want to set a resolution state for.

Tip
If there are multiple alerts that originate from a single computer, you can bulk-select the alerts and set a resolution state for all of them.

2. Right-click and then pick Set Alert Resolution State.
Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

44

Chapter 3

Monitor

3. Click the state that you want, on the list that is provided, to set the state for the alert.

Note
Some alerts will automatically be resolved when the alert state changes, or might get removed from the operational database during database grooming.

Use Maintenance Mode
Maintenance mode provides a means of stopping the insertion of alerts in the operational database. This mode does not take the computer that is generating alerts offline; maintenance mode only instructs the Management Server to set all new, incoming alerts from the computer to Resolved. As a result, the new alerts are not included in health calculations, and responses are not run on the Management Server.

Put a computer in maintenance mode
1. In the Results pane, click the alert for the computer that you want to put in maintenance mode. 2. Right-click the alert that you select and pick Put Computer in Maintenance Mode to open the Maintenance Mode property page. 3. You can provide a reason for putting the computer in maintenance mode, adjust the time the computer is in maintenance mode (the default is 20 minutes), or you can specify an ending date and time for maintenance mode.

Note
It is recommended that you do not use a time interval of less than 5 minutes for maintenance mode. Due to timing cycles, the Management Server can keep a computer in maintenance mode for a minimum of 5 minutes.

4. Click OK to close the property page and put the computer in maintenance mode.

Tip
The Microsoft Operations Manager 2005 SDK contains a sample that shows how to put a computer in maintenance mode, programmatically.

Run tasks
The tasks that are provided in the Operator console enable an operator, depending on their console scope, to run preliminary diagnostics to determine the cause of a problem. Table 3.8 summarizes all of the tasks that are provided with MOM 2005.
Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

45

The availability of a task to an Operator console user is determined by: • • • The console scope that they are using. The computer group filter that they are using. In the Tasks pane, click the task name or right-click the task name and pick Run.
Name Computer Management Event Viewer IP Configuration Ping Remote Desktop Start MOM 2005 Service Stop MOM 2005 Service Test end-to-end monitoring Description Opens the Computer Management snap-in on a specified computer. Opens the Event Viewer for a specified computer. Runs the ipconfig command against a specified computer. Runs the ping command against a specified computer. Opens a Remote Desktop session to a specified computer. Starts the local MOM service Stops the local MOM service Creates an event on a managed computer to test the end-to-end monitoring of the MOM system.

Run a task
Table 3.8 Available tasks in Operator console

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

46

Chapter 3

Monitor

Note
Tasks that are not available to the current scope will either have the Run option grayed out, or else nothing happens when you click the task name. Tasks that require a higher level of privilege will display an “Access is denied” error message when you run them. In some cases, you may have to look at the Task Status view to obtain this information.

Notes on other Views
The Alerts view may be the primary view used by IT support staff, but the other views provide a means for isolating a problem, as well as meeting the information requirements of different users. The following table adds to the information already provided in Chapter 2 of this guide. Table 3.9 Summary of Operator console views
Personalize View State Y Link to other views Enable/disabl e maintenance mode Y Comments

Y

Aggregates information about alerts and associated entities to display the state (health) of a computer group. See: State Icons, State Alert, State Rollup See: Time Filtering. See: Performance data view

Events Performance

Y Y

Y N

Y N

Computers and Groups Diagram

Y N

Y Y - Computer

Y N See: Diagram

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

47

groups

View

State Icons When an agent heartbeat has a Service Unavailable error for a computer, every state icon for the other roles (for example, Exchange Server and Active Directory) associated the other are suspect, and are visually depicted as gray line icons that are identical representations of the full color ones. For example, the gray circle-x is interpreted as follows: the last known state for this role is critical error, but since the agent is either not heart-beating, or the agent is flagged as service unavailable, the data for the other role is suspect. Until the MOM agent is up again, and heart-beating normally, the gray versions of the state icons will remain. When the agent is OK again, the icons will return to the colored versions. The logic is that, since the agent performs the communication, if it is down, information that it communicates is also suspect. State Alert MOM 2005 provides an alert named the state alert. This alert has two problem state values: Active and Inactive. Each of this states handle rule response processing differently. For example: When % Processor time crosses a specified threshold, an alert is created with a problem state of Active, and any specified responses are run. If the counter drops below the threshold, another alert with a problem state of Inactive is created; however, none of the responses specified for the rule are run. State Rollup The state of a computer group is based on a roll-up policy, which can be configured by MOM authors using the State Roll-up Policy tab of the Computer Group property sheet. Authors have three possible roll-up polices that they can define for their computer groups. These include: • Most Severe of any Server This policy indicates that the state of the computer group will be equal to the most severe state of any one of the members of the computer group. • Most Severe of the Healthiest X % of Servers This policy indicates that the state of the computer group will be equal to the most severe state of some % of the healthiest servers. Example: A computer group with 10 members has a policy set to 50%. If 5 have Warning states, and 5 have Service Unavailable states, then the state of the computer group would be Warning.
Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

48

Chapter 3

Monitor

Least Severe of any Server This policy indicates that the state of the computer group will be equal to the least severe state of any one of the members of the computer group.

Important
At times, the state view in the Operator console gets out of synchronization with the database. Some of the reasons for this are: • Queues get full (because a block of data from an agent will get inserted to server queue at same time, and likely get processed at same time). The MOM server goes down, causing the agents to failover. (One server might have the red alerts for an agent; another might get the green alerts. Because the server was rebooted, alerts get inserted out of order). The operational database is unavailable.

The best work-around is to resolve the alert.

Time Filtering Time filtering is a mechanism for determining how many days worth of information you want to see in the Results pane for the Alerts and Events views. The default setting is seven days, but you may want to consider changing this because: • • In the case of alerts, the actual number of active alerts may appear to be higher than it actually is. In the case of events, which generate more data than alerts, viewing response time is affected by the number of days of data that has to be retrieved from the database and displayed in the console.

To change the time filter
1. On the Menu and toolbar, click the Edit view time filter button to open the View Date and Time Filter property page. (This button is labeled “F” in Figure 3.3). 2. By default, Alert and Event data is set to be displayed for within the last seven days. • • You can change the number of days by typing in a lower value. You can also use the list box to select hours, minutes or seconds. Another option is to specify a time range. To do so, click the radio button beside Within the time range, and set the After or Before date and time.

3. When you finish configuring the time filter, click OK.
Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

49

Performance data view Rather than selecting a computer, picking counters, and then drawing a graph, you can use the Performance Data view to identify specific counters for a computer. Use the following procedure to create this view. When you are finished, save it in All My Views or Public Views.

Create performance data view
1. Click the My Views navigation button. 2. In the Navigation pane, right-click My Views, click New and then select Performance Data View. 3. In the Create View - Performance Data View dialog, identify the type of performance data view that you want to create. 4. When you select an item (step 3), the corresponding View description: area displays the description with hyperlinks that you will use later. Click Next to continue. 5. Click the box beside each type of performance data that you want to include (for example, for specified counter, measured on specified computer.) When you select an item, a hyperlink is displayed in the corresponding View description (click the underlined value to edit): input area. 6. Click each hyperlink to open a dialog box and provide the required information. Click Next to continue. 7. Type a View name and Description for the view, and then click Finish.

Tip
Expand the Performance Views navigation tree to include Agent Performance. You can use the Performance Data views that are already constructed as a model for creating your own views.

Diagram View The diagram view provides an ideal visual representation, complete with state indicators, of a MOM computer group. You can use the Group: list in the Menu and toolbar to diagram specific computer groups that are provided for the console scope that you are using. If more than one object is shown on the screen, you can arrange the layout by clicking an object and dragging it to a new location. If you want to reset the diagram layout to the default layout, click the Relayout diagram button in the Menu and toolbar area of the console. Exporting the View
Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

50

Chapter 3

Monitor

You can export the diagram view and save it as a Visio drawing (.vdx) file.

Export the current diagram
1. With Diagram as the active view, click the Export to Microsoft Visio button in the Menu and toolbar area of the console. This opens the Save diagram as a Visio .VDX file property page. 2. Navigate to the location where you want to save the file, provide a filename, and then click Save. Background Images Background images are not provided for the diagram view. In order to add a background image, you must be a member of MOM Administrators, and must provide the image. The recommended image size is 640 x 480 pixels. Image quality and distortion will vary depending on how much you zoom in or out.

Note
A management group can only have one image displayed for it.

Add background image
1. Open the Operator console as a member of the MOM Administrators group. 2. Click the Diagram navigation button. 3. Right-click anywhere on the diagram and click Diagram View Properties to open the properties page for the view. 4. In Diagram View Properties, click the Diagram Settings tab. 5. Click the Background Images button to open the Diagram Background Images property page. 6. Click Add to locate and specify the image that you want to add. 7. After you finish adding images, you can use any of the selected images as a background image for the diagram view.

Monitoring MOM
The section provides guidance for: • Monitoring the various MOM components and MOM processing activities.
Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

51

• • • • •

Monitoring Windows service availability. Monitoring communications and access. Safeguarding operational data. Monitoring performance. Job failures and other error conditions.

The monitoring topics in this chapter are based on the MOM deployment scenario referred to, at the beginning of this chapter, and illustrated in Figure 3.5. Figure 3.5 MOM deployment scenario

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

52

Chapter 3

Monitor

Referring to the callouts in Figure 3.5: • • • At the agent level (Agent 1, Agent n), the monitoring focus is on the remote agent. At the Management Server level (MS01, MS02), the monitoring focus is on the DAS, the local agent, and IIS-- if the Web console is installed on the Management Server. For the operational database (DB01), the monitoring focus is on the remote agent and SQL Server.

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

53

• •

For MOM Reporting (DB02), the monitoring focus is on the remote agent, the reporting server, the reporting database, SQL Server, SQL Reporting Services, and IIS. In some cases, denoted by an asterisk (*), it is recommended that additional Management Packs are installed to enable more in depth monitoring of a server.

The MOM deployment in your organization may not be as distributed as the one in Figure 3.5, but as indicated in the “Operational data processing cycle” section, every MOM deployment has to collect data from a managed computer, send the data that is collected to a Management Server, and store data in the operational database. At a minimum, a MOM deployment will have: • • • Agent-managed or agentless managed computers A Management Server An operational database

In the topics that follow, use the information and guidance that is applicable to your MOM deployment.

The Agents
The process of managing computers may require the installation and, in some instances, the removal of agents after the initial deployment. The frequency and extent of this activity depends on the size, distribution, and dynamics of the IT infrastructure.

Agent deployment
Agents are installed when: • • An existing computer discovery rule is run and new computers are discovered. The administrator creates and runs a discovery rule or uses the Install/Uninstall Agents Wizard. An agent-managed computer no longer matches a computer discovery rule.

Agents are uninstalled when: •

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

54

Chapter 3

Monitor

Note
By default, the Management Server will wait 48 hours before automatically uninstalling an agent.

An administrator uses the Uninstall Agents option for an agent-managed computer to immediately uninstall an agent, or the administrator can use the Install/Uninstall Agents Wizard to remove agents.

Tip
Use bulk-select on managed computers to uninstall agents, update agent settings, or run attribute discovery.

Because a healthy MOM system depends on successfully installed agents, it is important to verify that agents are being successfully discovered, installed, and configured. Monitoring for successful installation includes verifying that: • • • Computer discovery completed successfully. The computers identified by computer discovery rules have been discovered and agents are installed. Agents are sending a heartbeat.

Tip
At times, agent configuration data gets corrupted or the agent simply disappears from a computer. Use the Agent Helper tool in the MOM 2005 Resource Kit to troubleshoot and correct this situation.

• •

Agents belong to the appropriate computer groups. Agents have received processing rules, and are sending event, alert, and performance data.

Note
The items identified for verifying successful agent installations should also be monitored daily, on an ongoing basis, to ensure that your agents are healthy.

You can use the Administrator console to verify discovery and deployment. First, if you use the wizard to install agents, use the following procedure.

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

55

Verify computer discovery in the Administrator console - Wizard task progress
1. Use the Install/Uninstall Agents Wizard to identify computers and install agents. 2. Monitor the progress, and final status, of the deployment in the Microsoft Operations Manager Task Progress page. 3. When the deployment is finished, click the Details button to view more information about the deployment. In scenarios where a large number of agents are deployed, monitoring the wizard task progress indicator may not be practical. Use the following procedure to perform a visual check on the results of your deployment.

Verify computer discovery in the Administrator console - Computers node
1. After deployment is finished, navigate to the Computers node in the Navigation pane. 2. Click the management type that you selected for the deployment (for example, Agentmanaged) and perform a visual check of the computers listed in the details pane.

Note
When agents are uninstalled from a computer, the computer’s management state is automatically changed to Unmanaged.

You can also use the views in the Operator console to verify computer discovery and agent deployment. First, use the Alerts view to see if any Errors or Critical Errors were generated by discovery and agent deployment. If there were no errors, and you want to get more information about agent deployment, use the following procedure to obtain a task status view.

Use the Task Status view to verify discovery and installation
1. Click the Events navigation button. 2. In the navigation pane, expand All: Event Views and click Task Status. All task related events are displayed in the Results pane and detailed information for each task is shown in the Details pane. When agents are not being installed or uninstalled you have to monitor agent configuration and connectivity on an ongoing basis.

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

56

Chapter 3

Monitor

Agent communication and connectivity
Table 3.10 lists the agent configuration and connectivity rules.

Note
There are disabled rules in the MOM Management Pack that collect these events. These rules can be enabled for troubleshooting purposes. See also: Enabling Agent Communication Failure Troubleshooting.

Table 3.10 Agent configuration and connectivity events
Rule/cause of failure Agent communication failure troubleshooting events 26008, 26022, 21237, 22087, 22085 21219, 22087, 22088, 21371, 21372, 21375, 21216, 21218, 21219, 21268, 21269, 22061, 21373, 21374 21240, 22152, 21218 26005 26009, 26023, 21248, 26010, Event Id 26011, 26025, 21249, 22088, 26020, 26021, 21217, 21236, 21250, 21292, 26024

Agent communication failures Agent queue and cache events

Agent received new rules and configuration Refused MOM 2000 agent connections

Tip
The Microsoft Operations Manager 2005 Resource Kit contains a Microsoft Excel spreadsheet named “MOMEventMessages.xls” that lists all the MOM 2005 Event Ids and their descriptions.

The alerts described in Table 3.11 may be generated when there is a configuration or connectivity issue. Table 3.11 Agent configuration and connectivity events
Alerts Description

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

57

Agent heartbeat failures Agentless heartbeat failures Agentless management problems Agents without WMI running

Indicates a heartbeat failure on an agent-managed computer. Indicates a heartbeat failure on an agentless managed computer. Indicates a communication problem on an agentless managed computer. Lists all active alerts indicating the WMI service is not running on the MOM Agent.

Enabling Agent Communication Failure Troubleshooting You can enable an event rule to assist in troubleshooting agent communication failures. To do so, use the Administrator console, and follow these steps:

Enable Agent communication failure troubleshooting events
1. In the Navigation pane, expand the Management Packs node to include the Agents on All MOM Roles folder. 2. In the Navigation pane, click Event Rules. 3. In the Details pane, locate Agent communication failure troubleshooting events. 4. Right-click Agent communication failure troubleshooting events, and then click Properties. 5. On the General tab, click the check-box beside This rule is enabled to enable the rule, and then click OK to close the properties page for the rule. 6. Right-click Management Packs and then click Commit Configuration Change.

The Management Server
The MOM Administrator console is the central configuration point for management groups. There are many ways that you can view and modify settings to assist you in monitoring this server. The DAS component on the Management Server relies on proper access to the MOM Database to store monitoring data from the agents. In scenarios where the MOM Database is installed on a dedicated server, it is important to watch for the following access issues between the Management Server and the operational database. You should monitor for availability first, then performance.
Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

58

Chapter 3

Monitor

• • • •

The MOM service on the Management Server The incoming MOM server queue is full. This alert is associated with event 21268. The outgoing MOM server queue is full. This alert is associated with events 220061, 220062, and 21269. The MOM server loses its connection with the operational database.

Note
In a scenario where the Management Server cannot connect to the operational database, alert delivery is guaranteed. However, event and performance data may be lost if the DAS cannot bulk-insert event and performance data until the database connection is re-established.

Other valuable events that you can monitor are listed in Table 3.12.
Rule/cause of failure Event Id 25101 25102

Table 3.12 Management server events
Failed to insert events into the database. Unrecoverable database error; the system will continue processing events and alerts. The MOM Server was unable to retrieve data or prepare data for insertion in the database. The MOM Server failed to locate any DAS servers

25103, 25106, 25107

25105

The MOM Database
MOM can monitor your database servers, and many monitoring tools are available.

Best Practices
In addition to monitoring for access issues, availability, and performance, it is important to identify job failures and other error conditions. The following guidelines are recommended: • Install the SQL Server Management Pack.

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

59

Know your most common events and their pattern, because deviations from this pattern can provide a key indicator of a potential issue. Use MOM Reporting to obtain this information on a daily basis. If MOM Reporting is not available, your database support team can query the database to obtain this information.

Important
As a best practice, do not run reporting queries directly against the operational database if MOM Reporting is available. This has a negative impact on MOM Database performance; which in turn will affect performance on the Administrator and Operator consoles.

Know your top event-generating servers, because an anomaly on this list can help isolate problem servers. If MOM Reporting is not available, your database support team can query the database to obtain this information Ensure that job owners have sufficient rights to run their jobs. Set a low threshold for database free space for early notification so you can make adjustments before you reach the 40 percent mark. This is required to ensure that re-index jobs finish successfully. Groom your database aggressively. Use the SQL Server Maintenance Plan Wizard in SQL Server Enterprise Manager to reorganize data and index of the OnePoint database, and to check for database integrity. For more information about these tasks, see Chapter 4, “Maintain”, in this operations guide.

• •

MOM Reporting (MOM Reporting Server and the Reporting Database)
You can easily monitor the performance of your reporting server by installing a MOM agent on the server, and then monitoring basic performance metrics, including disk I/O, CPU, and memory use during peak usage, which requires the installation of the Windows Base Operating System Management Pack. Implement the best practices identified for the MOM Database and ensure that the SQL Server Management Pack is installed.

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

60

Chapter 3

Monitor

Note
The Reporting Server DTS job only transfers operational database records that have been modified more then five minutes before the DTS job starts. This means that if an alert is constantly being modified (for example, in a scenario where the agent keeps sending alerts and the consolidation number is increasing). If the alert is updated less than five minutes before the DTS job runs, this information will not appear in MOM reports.

Monitor SQL Server Reporting Services Activity
In addition to monitoring SQL Server, it is important to monitor reporting activity. You can do this by extracting data from the execution log for the reporting server and viewing the custom reports that are provided. There are two sets of tasks required to enable reports for SQL Server Reporting Services activity: • • • • • • • • • • Create a SQL Server data base to hold execution log data. Publish the custom reports that are provided to the MOM Reporting Server. Longest running reports Report parameters Reports by Month Reports by User Reports Executed by Day Report Size Report Success Rate Today’s Reports

After these tasks are finished, the following reports will be available on the reporting server:

Create and populate a database for execution log data
To get execution log data, you must run a DTS package that Reporting Services provides, to extract the data from the execution log and put it into a table structure that you can query. The internal table in the report server database does not present the data in a format that is accessible to users. The DTS package resolves this problem by collecting all of the data you need and putting it into a table structure.

Create the database (RSExecutionLog
Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

61

1. On the SQL Reporting Services CD, navigate to this folder: SQL Server 2000 Reporting Services\Standard|Developer|Enterprise\extras\Execution Log Sample Reports. 2. On the reporting server, create a folder to contain the package and other files. Use the default path and create a folder named Reporting Services and a subfolder named ExecutionLog in the \80\Tools folder. The folder name and path must be exactly as shown: C:\%Program Files%\Microsoft SQL Server\80\Tools\Reporting Services\ExecutionLog.

Note
If you are using a non-English version of reporting services, or if you want to use a non-default location, you can specify a different folder path. If you specify a different path, you must perform step 2 in the next section, "Extracting Execution Log Data".

3. Copy the following files from the extras folder on the product CD to the ExecutionLog folder: • • • • cleanup.sql createtables.sql rsexecutionlog_update.dts rsexecutionlog_update.ini

4. In Enterprise Manager, create a new database that the DTS package can use as the destination data source. Use the default name, RSExecutionLog. 5. In Query Analyzer, run createtables.sql to add tables to the database. Be sure to select the database you created in step 2 before you run the script. 6. Use a text editor to edit rsexecutionlog_update.ini to specify the report server database (target) and the execution log database (destination).

Populate the RSExecutionLog database
1. In Enterprise Manager, right-click Data Transformation Packages, click Open Package, navigate to the folder that contains the files, and RSExecutionLog_Update, and then click OK. 2. (Optional) If you specified a non-default folder in step 1 of the previous section, "Setting Up", edit the DTS package global variable sConfigINI. • • On the Package menu, click Properties. Click Global Variables.

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

62

Chapter 3

Monitor

In sConfigINI, type the full path and file name of the .ini file (for example, "c:\logfolder\rsexecutionlog_update.ini"), and then click OK.

3. On the Package menu, click Execute to run the DTS package.

Install the custom reports on MOM Reporting
After the database environment is configured you must install the reports that are provided on the MOM Reporting server. This requires a computer that: • • Has Microsoft Visual Studio, with Report Designer installed. Has Write access to the reporting computer.

Publish reports to the reporting server
1. On the SQL Server Reporting Services CD, navigate to \Execution Log Sample Reports. 2. Double-click executionlog.rptproj to open the reporting project in Visual Studio. 3. Use Visual Studio to ensure that the shared datasource, RSExecutionLog.rds references the SQL reporting server database. 4. After you verify that the database reference is correct, use Visual Studio to deploy the execution log reports to the reporting server.

Refreshing Execution Log Data
You can run the DTS package, periodically, to get updated information from the execution log. New log entries are appended to the existing entries. The DTS package does not remove old entries or historical data. Examples of historical data might include users who no longer run reports on a report server, computer names that are no longer in service, or reports that no longer exist. If you do not want to retain historical data, you can run cleanup.sql to clear out the execution log database. The DTS package follows these steps to ensure that entries are not duplicated: • • • • Determine the end date of the last entry added to the execution log database. Open the execution log tables in the report server database, and then find all entries added after the end date. Get the new entries, and get related data from other report server database tables. Copy all the data to the execution log database.

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

63

Monitoring Windows Service Availability
By default, MOM monitors the availability of Windows services. This option is configured in Agent Properties on the Service Monitoring tab.

Note
Most of the Management Packs for MOM 2005 have rules that alert on the availability of key application services.

By default, agents check service availability every 20 seconds, and send a report on service availability every 120 seconds. You can configure how often the agent checks and reports changes in the status of Windows services. MOM uses the availability data to produce Service Availability reports. For more information about the impact of changing these settings, refer to Chapter 7, “Administrator Console Reference”.

Monitoring Communications and Access
MOM depends on reliable, well-performing communication links between each of the MOM components to ensure access from one component to another. For example, the DAS needs to be able to access the operational database in order to insert data or retrieve data. An access failure could be caused by network communications, or by an authentication failure.

Note
Authentication issues, typically caused by account and password changes, are covered in Chapter 4 of this guide.

It is important to look for communications issues on an ongoing basis — throughout the day, each day. Network communications can be the root cause for many other issues, such as agent installation, and computer discovery.

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

64

Chapter 3

Monitor

Tip
There are several cases in which you might decide not to collect warnings, performance data, and miscellaneous noncritical events. These include: • • • • • Deployments across satellite links. Large branch office deployments. Deployments with very slow WAN links. Deployments where alerts are forwarded to a global network operations center. Warnings and informational messages are not needed.

You can create custom computer groups and rule overrides to reduce operational data volumes. You can filter events that you do not want to be notified about. First, you must create a folder to hold the new filter rules, and then you must add the filter rules. In addition, you might decide to disable certain performance data to decrease traffic. After making changes, you need to commit changes to the system. Exercise extreme caution in disabling performance counters. For example, several Active Directory reports do not work if performance monitoring is disabled.

You can verify access by monitoring the agent heartbeat at regular intervals. Because servers that host the MOM Database, MOM Management Server have the MOM service installed, these servers can also be monitored by checking for a regular heartbeat. However, there are additional access issues that apply to communications between the MOM Database, SQL Server, and MOM Reporting components.

Heartbeats between managed computers and the Management Server
Agent-managed and agentless managed computers rely on heartbeat messages between a managed computer and the Management Server. Agent -managed computers By default, agents send a heartbeat to their Management Server every 10 seconds. The default, heartbeat settings for the Management Server are as follows: • • Scan for agent heartbeats every 30 seconds, the heartbeat check interval. If no heartbeat is received from an agent:

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

65

• •

Attempt to ping the agent 4 times (ping timeout is 500 ms). Perform the scan 3 times before generating a Service Unavailable alert.

Agentless managed computers In the agentless managed scenario, the managed computers cannot send heartbeats to the Management Server. Instead, the Management Servers ping all of the agentless managed computers at a regular interval. Heartbeat Issues It is possible that one or more heartbeat intervals might be missed because of transient communication issues. When monitoring for access issues, look for agent computers that have missed several consecutive heartbeats. The number of consecutive heartbeats that might indicate that there is an access issue that requires your attention will depend on the variables that affect your environment, including the following: • • The geographic location of the agent. The speed and reliability of network connections.

Variable or slow network speed
Depending on the networks that you are using for communications between Management Servers and agents, there may be global settings that you need to adjust, in order to ensure that false communications alerts are not generated. For example: • • Agent configuration requests and agent heartbeat intervals. Ping intervals and ping timeouts.

Refer to Chapter 7, “Administrator Console Reference”, for more information about adjusting the following settings: • • • • • Packet size Bandwidth throttling Buffering Configuration Requests Heartbeat intervals

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

66

Chapter 3

Monitor

Caution
Do not shorten the heartbeat interval as a method of monitoring for access or availability issues, because the increased traffic and data that is generated can adversely affect the performance of your MOM system.

Calculating Network Line Usage Time
You can calculate network line usage time by using the following values in the formula that is provided. Values: Current BandwidthBytes = Current Bandwidth / 8 Formula: LineUsage Time = Total Bytes / Current Bandwidth Bytes Event and alert latency Event and alert latency is the interval between when an event or alert is generated on an agent computer, and when the event or alert is logged in the MOM database and appears in the Operator console. If latency remains within two minutes for 90 percent of events and alerts, this is within healthy limits. Event and alert latency that exceeds these limits can be caused by the following: • Communication between components is slow or unreliable.

Note
Sometimes event latency for the Web server or the FTP server can be as high as 10 minutes before an event or alert is seen in the Operator console. This is caused by the way that the Web and FTP servers cache their log entries. For performance reasons, these servers do not immediately write out their log entries, but retain them until a specified number of entries are accumulated. The only work-around is to stop and restart these services.

• •

The MOM database is too large to record events and alerts efficiently. The clock on an agent computer or a Management Server is set to a different time than the clock on the operational database server.

There are thee ways that you can monitor for latency:

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

67

• •

Analyze individual events or alerts. Compare the time that the event or alert was raised on the agent computer with the time that it was received in the Operator console. Use MOM reporting to generate the Alert Logging Latency report and the Event Logging Latency report. These reports list average, maximum, and minimum time intervals for event and alert latencies on an individual computer basis. In the Operator console, run the Test End-to-End Monitoring Task against selected agents. This task generates the output shown in Figure 3.6. Referring to this figure, note that the Details pane displays the Alert latency (-6 seconds) for this particular test.

Figure 3.6 Results from End-to-End Monitoring Task

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

68

Chapter 3

Monitor

Safeguarding Operational Data
Preserving the data that is collected is one of the first things that you need address in a MOM environment. Assuming that all of the agents are functioning correctly, you need to configure MOM to handle two potential failure scenarios. The first scenario is when there is a Management Server failure and the agents cannot send data to the Management Server.
Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

69

Note
The risk of this scenario is mitigated by using two Management Servers configured for failover, as illustrated in Figure 3.5. It is recommended that you use this configuration, if possible.

The second scenario is a situation where the Management Server cannot insert data in the operation database. In both scenarios, MOM provides storage buffers, but the buffers on the agents and Management Server must be correctly configured to handle outages. For more information about configuring storage buffer sizes, see Chapter 7, “Administrator Console Reference”.

Important
It is recommended that you do not increase the storage buffer size for Management Servers or agents to above 100 MB.

Storage Buffer Example In this scenario, there is a single Management Server and 20 agent-managed computers. The estimated data volume from the agents is 1,150,125 bytes/day from each agent (23,002,500 bytes/day from all agents). Using the default setting of 30 MB on the Management Server means that the server’s temporary storage buffer can hold the data from all of the agents for at least one day. After the server’s buffer is filled, the Management Server will stop accepting data from the agents, and each agent will start storing data locally. Based on the agent’s default storage setting of 3 MB, each agent will be able to temporarily hold data locally for 27 days. The following tables summarize the temporary storage requirements for the Management Server and an agent. Table 3.13 Management Server temporary storage requirements
Days of storage 1 2 4 6 23 MB 46 MB 92 MB 138 MB Data volume

Table 3.14 Agent temporary storage requirements
Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

70

Chapter 3

Monitor

Days of storage 1 2 4 6 8 10 12 20 25 30 1.1 MB 2.2 MB 4.4 MB 6.6 MB 8.8 MB 11 MB 13.2 MB 22 MB 27.5 MB 33 MB

Data volume

Calculating Temporary Storage Requirements
You can use two formulas for calculating storage buffer sizes for your Management Servers and agents. Calculating temporary storage requirements for a Management Server To calculate temporary storage for incoming data, use the following values in the formula that is provided. Values: • • • AlertsBytes/Hour = Alerts/Hour * 6000 EventsBytes/Hour = Events/Hour * 2700 SNDBytes = SND/Hour * 195

Formula: Buffer size = ((∑ AlertsBytes/Hour, EventsBytes/Hour, SNDBytes/Hour) * number of managed computers) Calculating temporary storage requirements for an agent To calculate temporary storage for data collected by the agent, use the following values in the formula that is provided. Values: • AlertsBytes/Hour = Alerts/Day * 6000

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

71

• •

EventsBytes/Hour = Events/Day * 2700 SNDBytes = SND/Day * 195

Formula: Buffer size = ((∑ AlertsBytes/Hour, EventsBytes/Hour, SNDBytes/Hour) * number of managed computers)

Monitoring Performance
This section provides an overview of performance monitoring. Chapter 6, “Optimize”, provides detailed information and best practices for optimizing and troubleshooting performance issues in a MOM environment.

Performance Rules
Performance rules are the foundation of monitoring in MOM. It is important to monitor the effect that performance rules have on your environment. Tune the rules so that the data that is generated is meaningful, and to ensure that MOM continues to run efficiently. Performance rules that generate too much data can slow the performance of your network, the Management Server, and the operational database.

Note
If the operational database grows too quickly, then the grooming and indexing jobs might not be able to finish when anticipated. This can result in an unusable database.

When you are monitoring processing rules, the following guidelines are recommended: • Use MOM reports to review common events and alerts and to review the most common alerts. Use the information that you capture from these reports to tune processing rules for your environment. Customize the monitoring view of the MOM Operator console to include the Repeat Counts column. Use this column to watch for alerts with a high repeat count that might be suppressed by rules. Watch for alerts that might indicate a poorly formulated rule. For example, if a processing rule is generating a disproportionate number of alerts, it probably needs to be tuned. Monitoring the top alerts can help you identify rules that need to be tuned. Watch for indicators that too many events are being generated from one processing rule.

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

72

Chapter 3

Monitor

In addition to monitoring the impact of performance rules, it is important to control the deployment of new Management Packs and rules to keep MOM performance within optimal limits.

Agent Performance
MOM colllects the following performance counters for agents. Table 3.15 Agent counters collected per management group
Counter Comm Alert Proc Avg Time Description Specifies the average time (in milliseconds) that an alert spends in the communicator connector on a MOM agent. Specifies the number of alerts that have arrived at the communicator connector on a MOM agent between time T1 and time T2. Specifies the total number of alerts in the communication connector on a MOM agent at a particular time. Specifies the percent of the alert communication connector queue in use. This setting is configurable by the user. The alert communication connector queue comprises 1/3 of the overall agent queue file. Specifies the average time (in milliseconds) data spends in the communicator connector on a MOM agent. Data refers to performance, events or discovery events. Specifies the incoming rate of data coming into the communicator connector on a MOM agent between Time T1 and Time T2. Specifies the total number of alerts in the communication connector on a MOM agent at a particular time. Specifies the percent of the data

Comm Alert Proc Inc Rate

Comm Alert Proc Simple Count

Comm Alert space percent used

Comm Data Proc Avg Time

Comm Data Proc Inc Rate

Comm Data Proc Simple Count

Comm Data Proc percent used

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

73

communication connector queue use. This setting is configurable by the user. The data communication connector queue comprises 1/3 of the overall agent queue. Queue Process Avg Time Specifies the average time (in milliseconds) items (data and alerts) spend in the workflow queue on a MOM agent. Specifies the incoming rate of items (data and alerts) into the workflow queue on a MOM agent between Time T1 and Time T2. Specifies the total number of items (data and alerts) in the workflow queue on a MOM agent at a particular time. Specifies the percent of the workflow queue in use (by data and alerts). This setting is configurable by the user. The workflow queue comprises 1/3 of the overall agent queue size. Specifies the average time (in milliseconds) a response spends on a MOM agent. Responses are launched through rules, and include scripts and command-line responses. Specifies the incoming rate of responses on a MOM agent between Time T1 and Time T2. Responses are launched through rules, and include scripts and command-line responses. Specifies the total number of responses being processed on a MOM agent at a particular time. Responses are launched through rules, and include scripts and command-line responses. Specifies the average time (in milli-

Queue Process Inc Rate

Queue Process Simple Count

Queue space percent used

Resp Exec Avg Time

Resp Exec Inc Rate

Resp Exec Simple Count

Task Exec Avg Time

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

74

Chapter 3

Monitor

seconds) a task requires on a MOM agent. Tasks are launched by users in the Operator console. Task Exec Inc Rate Specifies the incoming rate of tasks on a MOM agent between Time T1 and Time T2. Tasks are launched by users in the Operator console. Specifies the total number of tasks being processed on a MOM agent at a particular time. Tasks are launched by users using the Operator Console. Specifies the average amount of time (in milli-seconds) items (data and alerts) spend in the workflow on a MOM agent. Specifies the incoming rate of items (data and alerts) into the workflow on a MOM agent between Time T1 and Time T2. Specifies the total number of items (data and alerts) in the workflow on a MOM agent at a particular time.

Task Exec Simple Count

Workflow avg time

Workflow inc rate

Workflow simple counter

Note
The performance counters in the MOM Management Pack are designed to give users a quick snapshot of performance on the various MOM components. For detailed performance gathering and analysis, it is expected that you would install additional Management Packs, such as the Windows Base Operating System and SQL Server. In some instances, it may be necessary to create and use custom counters for tuning and optimization.

MOM Management Server and MOM Database server performance
The performance of the MOM Management Server and the MOM Database server are critical to monitoring your environment. A good monitoring strategy for the Management and database servers includes monitoring for thresholds and creating custom views to monitor other performance counters.
Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

75

MOM Management Server performance
The performance of the Management Server is affected by: • • The number of agents that the Management Server is responsible for. The volume of data that is collected from the agents.

MOM provides the following performance counters for Management Servers. Table 3.16 Management Server counters per management group
Counter DB Alert Insert Avg Time Description Specifies the average time (in milliseconds) that alerts take to be inserted into the MOM Database. Specifies the incoming rate of alerts that are to be inserted into the MOM Database between Time T1 and Time T2. Specifies the total number of alerts that are being inserted into the MOM Database at a particular time. Specifies the average time (in milliseconds) that discovery data takes to be inserted into the MOM Database. Specifies the incoming rate of discovery data items that are to be inserted into the MOM Database between Time T1 and Time T2. Specifies the total number of discovery data items that are being inserted into the MOM Database at a particular time. Specifies the average time (in milliseconds) that events take to be inserted into the MOM Database. Specifies the incoming rate of events that are to be inserted into the MOM Database between Time T1 and Time T2.

DB Alert Insert Inc Rate

DB Alert Insert simple count

DB disc insert avg time

DB disc insert inc rate

DB disc insert simple count

DB event Insert Avg Time

DB event Insert Inc Rate

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

76

Chapter 3

Monitor

DB event Insert simple count

Specifies the total number of events that are being inserted into the MOM Database at a particular time. Specifies the average time (in milliseconds) that performance items take to be inserted into the MOM Database. Specifies the incoming rate of performance items that are to be inserted into the MOM Database between Time T1 and Time T2. Specifies the total number of performance items that are being inserted into the MOM Database at a particular time. Specifies the average time (in milliseconds) items (data and alerts) spend in the workflow queue on a MOM Management Server. Specifies the incoming rate of items (data and alerts) into the workflow queue on a MOM Management Server between Time T1 and Time T2. Specifies the total number of items (data and alerts) in the workflow queue on a MOM Management Server at a particular instance in time. Specifies the percent of the workflow queue in use (by data and alerts). This setting is configurable by the user, and comprises 100% of the overall server queue. Specifies the average time (in milliseconds) a response requires on a MOM Management Server. Responses are launched through rules and include scripts and

DB perf insert avg time

DB perf insert inc rate

DB perf insert simple count

Queue Process Avg Time

Queue Process Inc Rate

Queue Process Simple Count

Queue Space Percent used

Resp Exec Avg Time

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

77

command-line responses. Resp Exec Inc Rate Specifies the incoming rate of responses on a MOM Management Server between Time T1 and Time T2. Responses are launched through rules and include scripts and command-line responses. Specifies the total number of responses being processed on a MOM Management Server at a particular time. Responses are launched through rules and include scripts and command-line responses. Specifies the average time (in milliseconds) a task requires on a MOM server. Tasks are launched by users using the Operator console. Specifies the incoming rate of tasks on a MOM Management Server between Time T1 and Time T2. Tasks are launched by users in the Operator console. Specifies the total number of tasks being processed on a MOM Management Server at a particular time. Tasks are launched by users in the Operator console. Specifies the average time (in milliseconds) items (data and alerts) spend in the workflow on a MOM Management Server. Specifies the incoming rate of items (data and alerts) into the workflow on a MOM Management Server between Time T1 and Time T2. Specifies the total number of items (data and alerts) in the workflow on a MOM Management Server at a particular time.

Resp Exec Simple Count

Task Exec Avg Time

Task Exec Inc Rate

Task Exec Simple Count

Workflow avg time

Workflow inc rate

Workflow simple counter

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

78

Chapter 3

Monitor

It is important to monitor CPU and memory utilization on the Management Server to ensure efficient MOM operations, and also to determine when the agent load needs to be redistributed among other Management Servers. The MOM Management Pack provides numerous performance counters for tracking Management Server performance, such as Raw Bytes Received/Transmitted, and Total Connections. You should also use other performance counters that the MOM Management Pack provides, such as Server Queue Spaced Used and Server Total Connections, It is recommended that you leverage the performance counters provided by the Windows Base Operating System Management Pack, which was summarized earlier in this chapter. It is recommended that you do not exceed the maximum supported levels for the number of agents per Management Server or management group, as noted in the following table. Table 3.17 Support limits for MOM components
Item Agent-managed computers/Management Group Managed computers/Management Server Management Servers/Management Group Agentless Managed Computers/Management Group Agentless Managed Computers/Management Server MOM Database MOM Reporting Database
1

Limit 4000 2000 10 60 10 30 GB 1 Terabyte

1 In mixed-mode environments, where you have agent -managed and agentless managed computers, support limits are variable.

MOM Database performance The performance of the MOM database server is affected by: • • • • • The size of the database. The efficiency of the grooming and indexing jobs. The amount of free disk space that is available. The volume and rate of the data that is being added to the database. The rate of communication between the database server and other MOM components.

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

79

Other databases installed on the same server.

In addition to watching the size of the database, you need to monitor the efficiency of the grooming and indexing jobs. If the time that is required for these jobs to complete increases, then the performance and integrity of the database will eventually be compromised. Evaluate the need for more aggressive grooming. It is also important to monitor the amount of free space in the database. If the amount of free space falls below 40 percent, the database can become unstable and will eventually be unusable. It is important to watch the data traffic to and from the database server. Ensure that the rate and volume of data that is communicated does not present a performance problem. It might be necessary to optimize processing rules to keep the database server performance within healthy limits. MOM provides the following performance counters for graphing operational database performance: • • • • • • • • • Database Alert Insertion Incoming Rate Database Average Alert Insertion Time Database Average Discovery Data Insertion Time Database Average Event Insertion Time Database Average Performance Data Insertion Time Database Discovery Data Insertion Incoming Rate Database Event Insertion Incoming Rate Database Performance Data Insertion Incoming Rate Operational Database Free Space

Establishing and monitoring thresholds The key to monitoring these components is to establish appropriate thresholds for the variables on these servers that affect their performance, and then to monitor for these thresholds. Identify thresholds for: • • • • • Processor use. Memory use. Page fault rate. Network adapter use. Disk I/O queue length.

On the MOM database server, monitor thresholds for:

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

80

Chapter 3

Monitor

• • • • •

SQL Server performance metrics. Database size and free space. Time required for grooming and indexing the database. Server queue space percent used Server total connections

On the MOM Management server, monitor thresholds for:

After you have established normal thresholds for these elements, configure processing rules to alert you when these thresholds are exceeded.

Job Failures and Other Error Conditions
It is important to identify job failures and other error conditions. It is recommended that you monitor: • • • Database grooming. Database indexing on the operational database and the reporting database. The DTS job used to copy data from the operational database to the reporting database.

Important
If you are running the Reporting DTS job, and you have timeouts with this Event text: "System.Data.SqlClient.SqlException: Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding." You need to get and install this hotfix: http://support.microsoft.com/default.aspx?scid=kb;enus;821415

Using Tracing and Log Files
For debugging purposes, you can enable tracing and generate log files. The following trace levels can be set in the registry: • 0 - Error

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

Work with Alerts

81

• • •

3 - Warning 6 - Info 9 - Debug

Caution
Trace levels 6 and 9 will impact performance. Make sure that you disable these trace levels after you’ve generated the log files.

Enable trace levels
1. Click Start, and then click Run. 2. Type regedit. 3. In the registry, navigate to HKEY_LOCAL_MACHINE\Software\Mission Critical Software. 4. In the Details pane right-click TraceLevel and pick Modify. 5. Enter the trace level that you want to use, save your changes, and then close the registry editor.

Log file locations
Trace files and log files are found in several locations: • On the agent and server computer, in the "%temp%\Microsoft Operations Manager" folder, you may find such trace files as MsiExec.mc8, mmc.mc8, MOMService*.mc8 and MOMHost*.mc8 files. On server computers, in "%ProgramFiles%\Microsoft Operations Manager 2004\AgentLogs" and “%temp%\Microsoft Operations Manager” as mentioned above and in “%Windir%\Temp\Microsoft Operations Manager”. Some *.mc8 trace logs, like MOMAgentPerformanceHost*.mc8, MOMAgentScriptHost*.mc8, MOMHost*.mc8 and MOMService*.mc8 files, are in the “%Windir%\Temp\Microsoft Operations Manager” directory. MomService*.log is in the “%Windir%\Temp\Microsoft Operations Manager”. Administrator console log files are located in %temp%\Microsoft Operations Manager”.

• •

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community

82

Chapter 3

Monitor

Tip
It is recommended that you use the MOM Trace Log Viewer provided in the MOM 2005 Resource Kit to view the contents of trace log files.

Additional Resources
For the latest information about MOM, see the MOM Web site at http://go.microsoft.com/fwlink/?linkid=6727. To access the MOM core product documentation on the Web, see to the Technical Resources section of the MOM Web site at http://go.microsoft.com/fwlink/?LinkId=8943.

Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com. Looking for more MOM information? Experience the power of customer communities! MOM Community