This blog entry is the next in a series of Operations Manager-related items that review the steps performed to install, configure and tune management packs in real-world environments. Historically we have only discussed management packs from Microsoft, but beginning with this blog posting we digress a bit and look at the Secure Vantage Management Pack.

What is SecureVantage and why would people want to deploy it with Operations Manager 2007? SecureVantage has a variety of products that enhance the capabilities of Operations Manager focused around the areas of Security and Audit Collection Services (ACS). These products include solutions for archiving information from the ACS database, and management packs focusing on security information that can provide reports for regulations such as HIPAA and SOX (among others).

General information about SecureVantage and its product line is available at http://www.securevantage.com/. SecureVantage also provides a free management pack for download that provides alerting for the top Windows security audit scenarios. You can download this management pack at http://www.securevantage.com/ProductsSTAMP.html.

For the purposes of this article, we are using the IT Auditors Express for reports and the following SecureVantage management packs:

• Security Base Library
• Security Top Alerts
• Group Policy Auditor
• Windows Security Auditor

Installation:

• Identify the Auditing requirements for your organization (understood, this is a really big high-level bullet, but you want to have a good idea of the particular items you want to audit in your environment).
• Install and configure Operations Manager 2007, including the reporting components.
• Deploy the OpsMgr agent to the systems that plan to you monitor with ACS and SecureVantage.
• Install and configure Audit Collection Services for Operations Manager 2007.
• Enable Auditing on the servers that you will be auditing.
• Validate the functionality of ACS by opening the Performance Monitor (perfmon) and monitoring the ACS Collector object/Connected Clients Counter. If ACS is installed correctly and clients are reporting in to the server, this counter should be greater than 0.
• Install the SecureVantage management packs on the Root Management Server (RMS).
• Install IT Auditors Express on the Operations Database Server (not on the RMS).
• The SecureVantage Management pack information is available at http://www.securevantage.com/ComplianceSecuritySuite.html. High-level information on the management packs and the download links are available at http://www.microsoft.com/technet/prodtechnol/mom/catalog/catalog.aspx?kw=&vs=2007&ca=&co=Secure%20Vantage%20Technologies.
• Read the guides on the SecureVantage products, available at http://www.securevantage.com/ProductsDocuments2007.html

We ran into a few interesting tidbits and caveats to be aware of with the SecureVantage functionality:

• The SecureVantage product uses both the Operations Manager functionality (event log gathering, etc) and the ACS functionality to provide the alerts and reports that are provided with the product.
• Currently the group membership rule actually provides all changes made to group memberships, not just the changed in high security groups (such as domain administrators). The Admin Group Membership view (Operations Console -> Monitoring -> Security Operations -> Windows Security Operations -> Server Security -> Account Management -> Admin Group Membership) also currently displays all group changes. This is scheduled to be resolved shortly.
• The SecureVantage management pack creates its alerts in an informational state. The number of alerts will vary depending upon a variety of factors that include the number of servers you are auditing, what is being audited, and how active the servers are which you are monitoring. For our particular environment with approximately 30 domain controllers, approximately 1000 informational alerts were listed.
• When using the SecureVantage reports, if you choose the Expose Details option prior to running the report the system will pause for a several seconds before you can run the report.

In a previous blog article, "Moving the Operations Database"  at http://ops-mgr.spaces.live.com/blog/cns!3D3B8489FCAA9B51!177.entry, we outlined the steps to move the Operations database from one database server to another. Matt Goedtel has noticed that there is some specific configuration information stored in the master database. These are error messages specific to Operations Manager that are stored in the master database during OMSetup.

Matt 's post is available at http://blogs.technet.com/mgoedtel/archive/2007/08/06/update-to-moving-operationsmanager-database-steps.aspx. You can download the script that updates the master database at http://blogs.technet.com/mgoedtel/attachment/1713936.ashx!

This blog entry is another in a series of Operations Manager related items that review the steps that we performed to install, configure and tune management packs in real-world environments. With this entry we focus on the IIS MP.

Installation:

1. Download the IIS management pack (http://www.microsoft.com/downloads/details.aspx?FamilyId=D351BCA8-182B-4223-8C9E-627E184BA02B&displaylang=en), and the IIS Management Pack Guide (http://download.microsoft.com/download/7/4/d/74deff5e-449f-4a6b-91dd-ffbc117869a2/OM2007_MP_IIS.doc).
2. Read the Management Pack guide from cover to cover. There are important pieces to know that the document spells out in detail.
3. Import the IIS management pack. This consists of the Windows Server Internet Information Services Library, and individual management packs for IIS 5 (Internet Information Services 2000 with Windows 2000) and IIS 6 (Internet Information Services 2003 with Windows Server 2003). Import the Library (which is a prerequisite), plus the appropriate management pack for the version of IIS that you will be monitoring.
4. We recommend you also import the appropriate version of the Windows Server management pack (Windows 2000 or 2003). Some of the views provided with the IIS MP require the MPs for the appropriate level of operating systems to have data to display.
5. Even if you do not have any custom web applications using IIS, remember that Exchange, SQL Server Reporting Services, and Operations Manager itself have components that use IIS; you will want to implement the IIS MP as part of rolling out and monitoring those applications.
6. The IIS management pack does not support agentless monitoring. Verify that the OpsMgr agent is installed on your IIS servers.
7. The IIS MP collects data from the IIS logs. If logging is not enabled, the MP will only collect and analyze service data. The IIS logs must be set to the W3C Extended Log File format. Enable logging for each type of site and virtual server that you want to collect monitoring data for. This can include FTP sites, Web sites, SMTP virtual servers, and NNTP virtual servers. (Enable logging for a virtual server in the IIS Services Manager by double-clicking the local computer, right-click the SMTP or NNTP Virtual Server folder you want to enable logging for, select Properties, then on the General tab, select Enable logging. Be sure to select W3C Extended Log File format on the Active log format drop-down list.)

 Rolling up Health

 If you have used the IIS MP in MOM 2005, the Health rollup is a new feature. Use the Health Explorer to examine Health: 

• The IIS MP for OpsMgr 2007 has the abiilty to tell you whether a specific Web site is health, in addition to being able to know if the Web server is healthy.
• The health of the IIS Sever is dependent on the health of the objects at the next lower level - the IIS Web, FTP, NNTP, and SMTP Servers. If any of these servers is in a critical health state, the IIS Server will display in a critical health state.
• By default, the health of the IIS FTP, NNTP, SMTP, and Web Servers are not dependent on the health of the objects at the next lower level. If one or more Web Sites is in a critical state, the Web Server object will not change state.

Tuning/Alerts to Look for: The following are alerts found and resolved while tuning the IIS management pack.

Alert: An unknown token name (s-event) was encountered.

Issue: IIS logging is configured by default on Windows Server 2000 to include Process Accounting extensions for Web sites. 

Resolution: Disable logging Process Accounting Extensions. (In IIS Service Manager, select the Default Web Site, Properties, select Enable logging on the Web Site tab, from the Active log format drop-down list, select W3C Extended Log File Format, select properties, choose Extended Properties, and clear Process Accounting from the Extended Logging Options list box.)

Issue: IISReset causes a ton of alerts. 

Resolution: Put the IIS object in maintenance mode before doing the IISReset.  You could use PowerShell (use the command New-MaintenanceWindow to put the server into maintenance mode and then start the IISReset cmd operation) to automate this.

Issue: IIS MP does not work well with clusters. This can be a real issue when monitoring Exchange.

Resolution: None currently available. This may be addressed in Service Pack 1 / the next release of the IIS MP.

Issue: If you are using the Exchange management pack, you will encounter a number of IIS-related issues with Exchange.

Resolution: Check our "OpsMgr by Example: the Exchange Management Pack" entry (http://ops-mgr.spaces.live.com/blog/cns!3D3B8489FCAA9B51!220.entry) for a detailed list.

Microsoft System Center Virtual Machine Manager (VMM) beta 2 is now available. This is a new product, and offers opportunities for integration with OpsMgr.

What's new:

• VMM is a “master” VM host manager that looks at all the VM hosts and VM guests in the enterprise.
• You use VMM to add new VM hosts and provision new VM guests across the enterprise.
• It can manage computers in the same domain, a trusted domain, and in a perimeter domain.
• It has a new Convert physical server wizard. Also a Clone Server task.
• VMM introduces the disk library concept, to create server disk image templates.
• There is also a new Microsoft Virtualization management pack for Operations Manager 2007. This brings VMM management into the OM console.
• See the OM 07 Operations Console in the screen shot below with the integrated VMM status and inline tasks.

Comment: With the OM 07 VMM web console views available to partners/customers using Microsoft Virtual Server, this can be a really nice MSP (Managed Service Provider) solution for managed Microsoft VM’s.

Thanks to our co-author John Joyner for researching and providing this screen shot!

This blog entry is another in a series of Operations Manager related items that review the steps that we performed to install, configure and tune management packs in real-world environments. This entry focuses on the SQL MP.

Installation:

1. Download the SQL Management Pack (http://www.microsoft.com/downloads/details.aspx?FamilyID=8c0f970e-c653-4c15-9e51-6a6cadfca363&DisplayLang=en), and the SQL Server Management Pack Guide (http://download.microsoft.com/download/7/4/d/74deff5e-449f-4a6b-91dd-ffbc117869a2/OM2007_MP_SQLSrvr.doc).
2. Read the Management Pack guide – cover to cover. There are important pieces to know that the document spells out in detail.
3. Import the SQL Server Management Pack. The management pack for each monitored version of SQL Server (2000 and 2005) consists of two .mp files. These files provide logic for discovery and monitoring, meaning you can use a smaller management pack to discover the existence of SQL Server; deploying the monitoring MP to the agent after OpsMgr has discovered SQL Server there. There is also a SQL Server Library MP, which is a prerequisite for the other management packs.
4. We recommend you also import the appropriate version of the Windows Server management pack (Windows 2000 or 2003). The Windows Server management packs monitor various aspects of the OS that can influence the performance of those computers running SQL Server! This includes disk capacity, disk performance, memory utilization, network adapter utilization, and processor performance.
5. Running the SQL Server Studio and SQL Profiler tasks from the OpsMgr console requires that you have installed that software on all OpsMgr computers where these tasks will execute, or you will receive an error message “the system cannot find the file specified.” Installing the Management Studio and Profiler are not required unless you want to run those tasks.
6. The SQL Server MP supports agentless monitoring with the exception of tasks that start and stop SQL Server services and SQL Server mail.
7. The management pack installs two Run As Profiles: the SQL Server Discovery account and the SQL Server Monitoring account. By default, the management pack uses the Default Action account.

Optional Configuration:

The SQL Server MP does not automatically discover all object types. Go to the Authoring Pane of the Operations console to enable discovering additional components. Components not discovered include:

• SQL Server 2005 Publisher
• SQL Server 2005 Subscriber
• SQL Server 2005 Subscription
• SQL Server 2005 Agent Job
• SQL Server 2000 Agent Job
• SQL Server 2005 DB File Group
• SQL Server 2005 DB File

What this means - you will not receive alerts for these objects failing since they are not even discovered objects! For example, if you have scheduled SQL backups using the SQL Agent and the job fails, OpsMgr won't tell you about it.  If an agent job failed in MOM 2005, the SQL MP generated an alert. So these behaviors are not necessarily the same between MOM 2005 and OpsMgr 2007.

You can use overrides to change the settings for automatic discovery to enable these object types. Be sure to change your settings in an unsealed MP other than the Default management pack.

Tuning/Alerts to Look for: The following are alerts found and resolved while tuning the SQL Server management pack.

Alert: The SQL Server Service Broker or Database Mirroring transport is disabled or not configured. (EventID 9666)

Issue: This alert may occur even if the broker IS enabled.

Resolution: Verify the broker is enabled by running the following query in Management Studio, connected to the Master database:

SELECT is_broker_enabled FROM sys.databases WHERE name = 'OperationsManager'

If the result=1, the broker is enabled. If result=0 enable the broker as follows:

1. Stop the SDK, Config, and Health Services on the RMS, and the Health Service on any secondary management servers
2. Execute the following statement from SQL Management Studio
   ALTER DATABASE OperationsManager SET ENABLE_BROKER
3. Restart the services

If the alert continues to reoccur, disable the rule using an override.

Issue: Clustered virtual servers are discovered and display as agentless managed, but the SQL Server database engine on the cluster does not appear to be monitored.

Resolution: Only the virtual SQL Servers are discovered (the cluster and not the individual cluster nodes). In the Monitoring tab under Windows Server, check that each Virtual Server shows up as a Windows Server with the property "Is Virtual Server" set to True. Restart the Health Service on the RMS and any other management servers after adding the cluster. You may need to restart the Health Service on the cluster as well, which will rerun the discovery.

It is also possible that you are having RPC issues. See KB article 306985 (http://support.microsoft.com/kb/306985) for additional information.

Alert: 8957 Monitor Name: DBCC executed found and repaired errors – but found 0 errors and repaired 0.

Issue: When DBCC runs it generates this event log message with the same event ID if any problems were found or not.

Resolution: Disable the rule and create your own. For the new rule, copy all of the settings the same from the original but set the description to not contain "found 0 errors." For all other events with this ID, it will generate an alert to indicate a problem was found.

Alert: Health Monitor Description: Service Pack Compliance - MSSQLSERVER (SQL 2005 DB Engine) Warning (against ACS database)

Issue: SQL Server 2005 Service Pack 2 is installed, which is acceptable for the ACS database server. SP2 has been approved for all OpsMgr database components.

Resolution: Created an override (for specific object of type SQL Engine DB) to allow this configuration for this server/set the enabled parameter to False for this server. Reset the health for this health monitor on this server, and refreshed and the state updated to green from yellow.

Issue: The Management Server Action account is used as the Default Data Warehouse Action Account, rather than the DW Action account you specified during setup.

Resolution: This will be fixed in SP1. In the interim, create a RunAs account, type Simple, and set the username and password to a single space. In the same-name profile associate this account to all management servers, including the RMS. Also, be sure that the Data Warehouse Action account profile is correctly associated with an account for all management servers to be used as the Window authentication account. This information was obtained from the newsgroups (nntp://msnews.microsoft.com/microsoft.public.opsmgr.setup/7363632A-A650-4367-9DCE-27CC2887B786@microsoft.com).

Issue: SQL Server 2000 database engine health is not monitored. This is an aggregate monitor that includes the SQL Service State terminated unexpected monitor and the SQL Service terminated unexpectedly monitor.

Resolution: The SQL DB Engine Service Health Rollup monitor is not enabled by default. Use the Authoring pane of the OpsMgr console to enable the aggregate rollup monitor (Under Management Pack objects, select Monitors, change the scope to SQL 2000 DB Engine, search, then expand the SQL 2000 DB Engine, expand Entity Health, expand Availability, select SQL DB Engine Serve Health Rollup, and create an override to Override the monitor for all objects of type SQL 2000 DB Engine. See KB article 938991 (http://support.microsoft.com/kb/938991) for additional information.

The following issues are related to specific applications you may have installed:

Issue: Alert Rule or Alert Monitor: Auto Shrink Flag Alert Description: The auto shrink flag for database SUSDB in SQL instance MSSQL SERVER on computer 123.abc.com is not set according to best practice.

Resolution: This is a standard Microsoft application (WSUS) and a default configuration. Created an override to exclude this database.

Issue: Alert Rule or Alert Monitor: Auto Shrink Flag Alert Description: The auto shrink flag for database BEDB in SQL instance MSSQL SERVER on computer 123.abc.com is not set according to best practice.

Resolution: This is the standard configuration for Backup Exec's database.

Issue: Alert Rule or Alert Monitor: Auto Shrink Flag Alert Description: The auto shrink flag for database MSCUPTDB in SQL instance MSSQL SERVER on computer 123.abc.com is not set according to best practice.

Resolution: This is a standard Microsoft application (patch Management for SMS and Configuration Manager) and a default configuration. Created an override to exclude this database.

Issue: Alert Rule or Alert Monitor: Auto Close Flag Alert Description: The auto close flag for database MSCUPTDB in SQL instance MSSQL SERVER on computer 123.abc.com is not set according to best practice.

Resolution: This is a standard Microsoft application (patch Management for SMS and Configuration Manager) and a default configuration. Created an override to exclude this database.

This blog entry is the next in a series of Operations Manager-related items that review the steps performed to install, configure and tune management packs in real-world environments.

Installation:

• Download the Exchange 2003 Management Pack (http://www.microsoft.com/downloads/details.aspx?FamilyId=9FF454F4-6D34-4FB9-9E0B-F5B68C6EDC4F&displaylang=en), and the Exchange Management Pack Guide (http://download.microsoft.com/download/7/4/d/74deff5e-449f-4a6b-91dd-ffbc117869a2/om2007_mp_exsrvr2003.doc).
• Read the Management Pack guide – cover to cover. There are important pieces you need to know that this document spells out in detail.
• Import the Exchange Management Pack (either using the Operations console or PowerShell).
• Deploy the OpsMgr agent to all Exchange Servers. The agent must be deployed to all Exchange Servers. Agentless configurations will NOT work for the Exchange Management Pack.
• Get a list of all Exchange Servers from the Operations console. In the Authoring node, navigate to Authoring -> Groups -> Microsoft Exchange 2003 Server Group. Right-click on the group(s) and select View Group Members.
• Enable Agent Proxy configuration on all Exchange Servers identified from the groups. This is in the Administration node under Administration -> Device Management -> Agent Managed. Right-click on each Exchange server, select Properties, then the Security tab, and check the box to “Allow this agent to act as a proxy and discover managed objects on other computers.” This has to be done for EVERY EXCHANGE SERVER, even if the server is added after your initial configuration of OpsMgr.
• Download and run the Exchange 2003 MP Wizard (http://go.microsoft.com/fwlink/?LinkId=82103) on one of the Exchange servers in the environment. Run the wizard using an Exchange Full Administrator and take the default configurations.
• Enable the Exchange Topology View in the Operations console -> Authoring -> Management Pack Objects -> Object Discoveries. Find the Exchange 2003 Topology Discovery and override it for a specific object choosing the Exchange server that you want to perform this role (set it to True).
• Enable the mailbox and mailflow rules. To enable these rules, go to Authoring / Rules and search on “message tracking”. Sort the results by the “Enabled by Default” field, and find the following two rules: (There are 8 reports based on these two rules. Because the rules are not enabled by default, the reports are not visible until you set up an override. Thanks to Bernie Chouinard for pointing this out! There is also an error in the collect message tracking statistic vbscript which generates an error in the OpsMgr event log.)
  • Performance Collection Rule to Collect Message Tracking Log Statistics – Top Destinations by Message Count
  • Performance Collection Rule to Collect Message Tracking Log Statistics – Top Destinations by Size
• Configure overrides to Enable these rules for all objects of Type: Exchange Database Storage.
• Check to make sure that Exchange shows up under Monitoring -> Distributed Applications as a distributed application which is in the Healthy, Warning or Critical state. If it is in the “Not Monitored” state, check for Exchange servers which are not installed or are in a “gray” state. This may take some time to populate after all of the above tasks have been completed.
• Several of the "Top" 100" reports return blank data. This is because the Rule IDs associated with the reports are misconfigured and must be manually edited. Perform the following steps:
  • On the Report Server, open a browser and navigate to http://localhost/reports. Select Microsoft.Exchange.Server.2003.Monitoring
  • Find and select the "Report.Exchange.Top100MailboxesbySize" report (it does not have a rpdl extension)
  • Select the Properties tab, then select the Parameters link on left-hand margin
  • Scroll down and find the RuleID String parameter, and replace the value with 2EE6F2C1-4C8B-AFA9-D615-238F6AA73E8C
  • Click Apply, then run the Top100 mailboxes report to verify that data is now being returned.
  • Repeat these actions for the following Rule IDs:
    • Performance Collection Rule to Collect Mailbox Statistics -  Top 100 Mailboxes by Message Count
      New RuleID = 55BBEDA5-C09C-7C06-602F-20C85723EACE
    • Performance Collection Rule to Collect Mailbox Statistics - Top 100 Mailboxes by Size
      New RuleID = 2EE6F2C1-4C8B-AFA9-D615-238F6AA73E8C
    • Performance Collection Rule to Collect Public Folder Statistics - Top 100 Public Folders by Size
      New RuleID = 5D3DAEDA-56E6-909A-FAB8-AF021AA1A61E
    • Performance Collection Rule to Collect Public Folder Statistics - Top 100 Public Folders by Message Count
      New RuleID = B2032940-E1E0-975F-42F0-302C7B5F21DB

This is also documented at http://support.microsoft.com/kb/948096.

Tuning/Alerts to Look for: The following are alerts we encountered and resolved while tuning the Exchange Management pack.

Alert: Multiple/any alert with “Baseline” in the title

Issue: Default sensitivity levels within the Exchange management pack.

Resolution: See blog articles: http://ops-mgr.spaces.live.com/blog/cns!3D3B8489FCAA9B51!183.entry and http://ops-mgr.spaces.live.com/blog/cns!3D3B8489FCAA9B51!189.entry for details on tuning baseline counters.

Alert: The Internet Information Service NNTP Virtual Server named NNTPSVC/1 is unavailable as the virtual server has been stopped.

Issue: On Exchange servers this service is required to install but it is not required after it is installed.

Resolution: If this service is disabled/not in use you can remove it. To remove the service, log into the server and use “sc delete NNTPSvc”. Or you can create an override to ignore this on Microsoft Exchange 2003 Server Group, as NNTP was required for the installation but can be disabled after the installation has been completed.

Alert: Verify Test Mailboxes: This Exchange Server does not have any MOM test mailboxes.

Issue: Test mailboxes are created by the Exchange Configuration Wizard.

Resolution: Run the Configuration Wizard to create the mailboxes.

Alert: No MOM test mailbox account for some mailbox databases

Issue: Test mailboxes are created by the Exchange Configuration Wizard.

Resolution: Run the configuration Wizard creating test mailboxes on each database or disable the rule.

Alert: Replication is not occurring – All replication partners have failed to synchronize

Issue: The Alert Description is the key on this alert.

Resolution: Alert description of “AD Replication Monitoring : All replication partners are now replicating successfully” is a success condition and does not require any intervention other than closing the alert.

Alert: Some replication partners have failed to synchronize

Issue: A domain controller was offline and unable to be synchronized with.

Resolution: Bring the domain controller back online.

Alert: Outlook Web Access logon failure: Unexpected error during synthetic Outlook Web Access logon

Issue: OWA Logon failure: OWA can only be configured to be monitored if the site runs on HTTPS.

Resolution: Disabling the rule (For all objects of type: Exchange OWA), as this environment only runs with HTTP on the OWA configuration.

Alert: Exchange ActiveSync logon failure: Unexpected Error

Issue: Exchange EAS not required in the environment.

Resolution: Disabled the rule for all types of type Exchange EAS, as this functionality is not used in the environment.

Alert: The 3GB virtual address space option is not enabled

Issue: The 3GB configuration should be used for Exchange servers except for those which are functioning as bridgeheads or front-end servers (per the Exchange Best Practices Analyzer [BPA]).

Resolution: Disabling this rule for the front-end servers or bridgehead servers in the environment.

Alert: Failed to probe the state of monitored services

Issue: This was occurring on the SMTP services on an Exchange server which the administrators has manually restarted.

Resolution: The alert was notifying on a true business-impacted situation. Requested the administrators to put the server into maintenance mode prior to making changes like this, unless it is an emergency situation.

Alert: Data Publisher object is not installed

Issue: This was a system which was misidentified as an Exchange sever that was using a third party product to provide Exchange restoration functionality.

Resolution: Disabled the rule for this system through an override.

Alert: Microsoft Windows Internet Information Server 2003 NNTP Virtual Server is Unavailable.

Issue: NNTP Service Down on non-active cluster node

Resolution: The NNTP service is supposed to be down since it is running on a cluster and the system showing this error is not the active node in the cluster. Created a group for these servers which are running Exchange and are part of the cluster and disabled the rules for the group. NNTP was not used on Exchange and could also have been removed as a service from the systems.

Alert: Microsoft Windows Internet Information Server 2003 SMTP Virtual Server is Unavailable.

Issue: SMTP Service Down on non-active cluster node

Resolution: The SMTP service is supposed to be down as it is running on a cluster and the system showing this error is not the active node in the cluster. Created a group for these servers which are running Exchange and are part of the cluster and disabled the rules for the group.

Alert: Microsoft Windows Internet Information Server 2003 Web Site is Unavailable

Issue: Web Service Down on non-active cluster node

Resolution: The Web service is supposed to be down as it is running on a cluster and the system showing this error is not the active node in the cluster. Created a group for these servers which are running Exchange and are part of the cluster and disabled the rules for the group.

Alert: Check Services FE Monitor reported a problem

Issue: Product knowledge on this: “Services State monitoring with this registry key is a legacy from the MOM 2005 Exchange 2003 MP. This monitor is included since configuration is possible from within the Exchange Configuration Wizard. OpsMgr 2007 provides a dedicated health model for monitoring Windows Service Health.”.

Resolution: Right-click and choose Overrides, Disable the Monitor for all objects of type: Exchange 2003 Role.

Alert: Exchange EAS monitor reported a problem

Issue: Synthetic Exchange ActiveSync requires SSL

Resolution: Closed the alert as it had not repeated for 2 days and had a 15 minute schedule to run. Issue repeated. EAS logon verification: Cannot measure EAS availability for the following URL: 0x80131537(-214233033) Invalid URI: The format of the URI could not be determined. Found the following information at MyItForum:

This script problem is caused by OMA and EAS virtual directories not being SSL-enabled. So in order to correct it, simply enable SSL:

• Open Internet Information Services (IIS Manager).
• Connect to the server name of your front-end Exchange server.
• Drill down to Web Sites, then to the web site.
• Locate the two virtual directories named OMA and Microsoft-Server-ActiveSync.
• Open the properties of the virtual directories, choose the Directory Security tab.
• Under Secure communications, click Edit.
• Check the box labeled "Require security channel (SSL)".

Alert: No MOM test mailbox account for some mailbox databases

Issue: No MOM mailboxes were created on a per-storage group when running the configuration Wizard. The alert is being created expecting that per-store monitoring will be configured which is not the case in this environment.

Resolution: Disable this rule for all objects (of type Exchange 2003 role) because this rule is monitoring on a per-store basis but we are monitoring on a per-server basis. Closed the alerts.

Alert: SSL is not configured on this Exchange server

Issue: This occurs on servers which have SSL enabled if they do not require usage of SSL within IIS. Back-end servers communicate with front-end servers via HTTP not HTTPS so SSL should not be required on the back-end Exchange servers. We found the following information at Notes from the Underground…

"SSL in a Front-End/Back-End Scenario

Although it’s possible to implement SSL on a front-end (FE) server, resulting in all transmitted data between the FE and your client browsers being encrypted, you should be aware that you can’t use SSL between any FE and back-end (BE) servers—it simply doesn’t work. This means that if your FE server is placed in a perimeter network (also known as a demilitarized zone, or DMZ), all traffic between the FE and BE would be unencrypted. So if you’re planning such a scenario, consider using IPSec between the FEs and BEs. More and more organizations place their FEs directly on their private networks (and instead place an ISA server or similar in the DMZ), which eliminates this security risk.”

Resolution: Disabled the alert on Exchange back-end servers.

Alert: Calendaring agent failed with error while saving appointment

Issue: Calendaring agent failed with error code 0x8004010f while saving appointment.

Resolution: Good links on this: http://www.eventid.net/display.asp?eventid=8206&eventno=1103&source=EXCDO&phase=1. Lots of product knowledge on this related to virus scanners, registry settings, etc. This is a result of an event ID of 8206 on the Exchange server.

Alert: Disabled user does not have a master account SID.

Issue: The user does not have “Associated external account” permission and the Exchange server does not have the hotfix available to resolve this issue.

Resolution: To resolve this, open the user account in Active Directory Users and Computers, go to Properties, Exchange Advanced, Mailbox Rights. For the Self account we added the “Associated external account” permission which resolves the error. The error itself does re-appear, but it appears with the next user identified in the environment which had the issue. If there are a large number of these in your environment you can also locate them by going to each Exchange back-end server, and doing a Filter on event number 9548 within the application event log. A hotfix is available for this, available at: http://support.microsoft.com/kb/916783. (This information is a subset of what was originally posted at http://cameronfuller.spaces.live.com/blog/cns!A231E4EB0417CB76!835.entry.)

Alert: Low Free Disk Space

Issue: Part of the Exchange Management Pack checks for free space on all drives including those which do not have Exchange directories or files on them. This activates a warning at less than 5% free disk space and less than 1000 MB of free disk space on Exchange server drives that do NOT have the transaction logs or queue files on them.

Resolution: Free disk space on the drive. See the “Logical Disk Free Space is Low” entry for potential approaches to free disk space on the drive.

Alert: Very low free disk space

Issue: Part of the Exchange Management Pack checks for free space on all drives including those which do not have Exchange directories or files on them. This activates an error at less than 2% free disk space and less than 400 MB of free disk space on Exchange server drives which do NOT have the transaction logs or queue files on them.

Resolution: Free disk space on the drive. See the “Logical Disk Free Space is Low” entry for potential approaches to free disk space on the drive.

Alert: Logical Disk Free Space is Low

Issue: Low disk space on a drive within a server being monitored by OpsMgr.

Resolution: Can either free up disk space on the drive or configure an override for the drive to change the monitoring configurations for the drive (see http://cameronfuller.spaces.live.com/blog/cns!A231E4EB0417CB76!1001.entry for details on how to do this override). Other items to consider:

• If the page file is currently on the drive which is critical on drive space, it can be moved to another drive.
• The “disk cleanup” wizard can also be used to provide methods to free up disk space (right-click on the drive, go to properties, click the disk cleanup button).
• If the drive is critical on available free disk space, automatic updates can be turned off in the control panel and the c:\windows\softwaredistribution\download folder can be removed (of course, automatic updates will not occur after this change is made).
• The default IIS configuration puts the IIS log files under C:\WINDOWS\system32\LogFiles\W3SVC1. These can be moved within the Internet Information Services (IIS) Manager by clicking on the properties of the web sites, under the properties of the log files. The log files can either be moved or disabled if required.
• Exchange log files can take up a large amount of disk space on a drive if the Exchange server is not being backed up regularly. When the Exchange server has a full backup completed the log files are removed. If an Exchange server is critical on space on the log drive, determine if backups are occurring and if they are not, perform an ntbackup of the Exchange files to truncate the logs. Circular logging (which removes this type of a situation) can also be enabled in some configurations but is not recommended if there is any mailbox data on the system.

Alert: MAPI Logon Failure.

Issue: This occurred almost immediately after running the Exchange 2003 Management Pack configuration wizard.

Resolution: The issue was resolved when the Wizard completed its configurations and had only repeated once. Ran the “MAPI Logon” task to validate that the issue had been resolved and confirmed no errors. Closed out the alert.

Alert: MAPI session closed due to excessive number of store objects in use.

Issue: Exceeded the maximum of 250 objects of type “objtMessage” (1 repeat). Or exceeded the maximum of 32 objects of type “session” (0 repeats). Or Exceeded the maximum of 500 objects of type “objtFolder”.

Resolution: Microsoft resolutions in the Product Knowledge. Eventid.net has http://www.eventid.net/display.asp?eventid=9646&eventno=3449&source=MSExchangeIS&phase=1 on this. Microsoft KB article on this: http://support.microsoft.com/default.aspx/kb/830836.

Alert: Outlook Web Access logon failure: Unexpected error during synthetic Outlook Web Access logon

Issue: OWA Logon failed. Cannot measure OWA availability. Unexpected error. No Exchange virtual servers and virtual directory (SSL enabled) can be found on this server to form a valid URL. Try providing the url in the custom urls registry key.

If the name in URL matches the name in the certificate, we learned that when SSL is enabled, the MP reports an error like this when 'Require SSL' checkbox is not checked on the Directory Security tab of the website. See Andy Dominey’s blog writeup on this: http://myitforum.com/cs2/blogs/adominey/archive/2007/04/10/mom-2005-and-om-2007-exchange-2003-management-pack-issue.aspx

This rule requires OWA to be installed with SSL and to have require SSL checked on the system. It will NOT work without both of these configured. This also requires that the name matches the name on the certificate.

Resolution: Enable SSL and require SSL on the OWA server. If the name of the URL doesn't match the certificate this rule will not work.
Update: Microsoft has a resolution to this which is available at http://support.microsoft.com/default.aspx/kb/919356 for the error 0x80131502(-2146233086) Index was out of range.

Alert: The MAD Monitoring thread was unable to read the CPU usage information.

Issue: This had repeated 8 times in 5 days/16 hours. The MAD Monitoring thread was unable to read the CPU usage information, error ‘0x800706be’. From the summary, if this happens occasionally it can be safely ignored. If it happens every five minutes then there is an issue.

Resolution: Closed the alert as it was not occurring “frequently”.

Alert: The Offline Address List (OAL) Generator could not generate full details for some entries in the OAL. To see which entries are affected, event logging for the OAL must be set to at least medium.

Issue: MSExchangeSA event id 9320.

Resolution: Eventid link on this: http://www.eventid.net/display.asp?eventid=9320&eventno=3692&source=MSExchangeSA&phase=1. The Microsoft article on this is available at http://support.microsoft.com/default.aspx/kb/908496.

Alert: The Offline Address List Generator could not generate full details because the total size of the details information is greater than 64 kilobytes.

Issue: See the Microsoft support article.

Resolution: The Microsoft article on this is available at http://support.microsoft.com/default.aspx/kb/908496.

Is the ACS Database a little larger than you were expecting? You may decide you want to do move this database to another drive on the same server if you have a second disk drive with more space, or want to move to another spindle for better performance.

In our case we relocated an existing ACS installation from the default location on the C: drive to new drives which were added for the data and logs. In the example below, we move the database from the C: drive to the D: drive (data) and the E: drive (logs). The database file names are the default names of dbAuditData.mdf and dbAuditLog.ldf.

1. To determine the location of the files for the OperationsManagerAC Database, log into SQL Server Management Studio, connect to the server running the OperationsManagerAC Database, click on the OperationsManagerAC database and right-click New Query. Enter: sp_helpfile. The response will show the location (and names) of the OperationsManagerAC database files.
2. Stop the ACS Collector service (Operations Manager Audit Collection Service) on any management server(s) running the ACS Collector.
3. Backup the OperationsManagerAC and the master database as well, just to be safe. This can be done using the SQL Server Management Studio; select the OperationsManagerAC database in the left pane, right-click, select Tasks, select Back Up... and follow the instructions. Be sure to do a full backup. Do the same for the master database.
4. Detach the OperationsManagerAC database. In a SQL query select the master database and type: sp_detach_db 'OperationsManagerAC' (Don’t highlight the OperationsManagerAC database on the left pane or it will not detach because it is in use! Also the database will not detach because it is in use if any management servers are running the ACS Collector Service (if you have not stopped the service).
5. Using Windows Explorer, copy the data and log files from the current location to the new drive/location. We are assuming that the location is D:\Sqldata and E:\Sqllogs.
6. Re-attach the database. In a SQL Query window select the master database and type: sp_attach_db 'OperationsManagerAC', 'E:\Sqldata\OperationsManagerAC.mdf', 'E:\Sqllogs\OperationsManagerAC.ldf'
7. Verify it worked, using sp_helpfile. Select the OperationsManagerAC database and in the query window, type: sp_helpfile. The filename column returned in the response from sp_helpfile should reflect the new locations.
8. Restart the collector service on any management servers where it had been stopped and validate functionality of the new database. This can be done well through using the performance monitor (perfmon) utility and monitoring the Connected Clients counter as part of the ACS Collector object.

This entry was designed to provide specifics as to how this is done for the ACS database, see http://support.microsoft.com/kb/224071 for general processes regarding database moves.

You can also use this process to move the underlying files for the other Operations Manager databases. For example, see

http://ops-mgr.spaces.live.com/blog/cns!3D3B8489FCAA9B51!182.entry for information on moving the OperationsManager database to another drive on the same server. 

Moving to another server takes additional work, as documented in our previous article on moving the Operations Manager database (http://ops-mgr.spaces.live.com/blog/cns!3D3B8489FCAA9B51!177.entry). We are currently testing the process to move the Data Warehouse database to another server and hope to have a blog entry on that shortly.