Stuart 的个人资料Stuart Renes: The Blog照片日志列表更多  |  工具 帮助 |
|
|
1月22日 Problems with Windows Server 2008 Base OS Management Pack for MOM 2005 SP1 *Resolved*You may remember that I found two issues with the current (05.0.5000.0000) release of this management pack (MP) several months ago. A case to Microsoft CSS was opened at that time. The first problem occurs when the MP calls the Win32_LogicalMemoryConfiguration class. The alert “A management pack script was unable to complete successfully” is generated based on the MP script result of “The class returned no valid instances”. I provided a script (in this blog) that fixes the problem until the MP is re-released. Another problem concerning the Win32_ShadowCopy class surfaced and is currently under review by CSS. The alert “A management pack script was unable to complete successfully” is generated based on the MP script result of “The class returned no valid instances”. This only happens on x64 Windows Server 2008 platforms. Here's Microsofts response to this issue: "After many hours testing and debugging, we finally got to the bottom of the "Microsoft Windows Server 2008 Volume Shadow Copy Performance Counter Generation" script error. What we found out is that support for 32-bit access to the VSS WMI provider on a 64-bit OS was removed in Server 2008. That means that any 32-bit program (such as the Mom 2005 Agent) that attempts to enumerate Win32_ShadowCopy instances (or instances of any VSS class) will fail on Server 2008 x64. There's no possibility of a hotfix because these limitations are by-design. 32-bit support was removed intentionally from the VSS provider, and the OpsMgr product group has no plans to release an AMD64 version of the MOM 2005 Agent. Therefore, the only workaround is to disable that rule on Server 2008 x64." Case closed. MOM 2005 SP1 agent access to Vista/W2K8 Security logs *HOTFIX*Finally we have a hotfix and associated article that addresses this issue (for details, see previous blog entries below). Here's a synopsis and a link to the complete article (961099):
SYMPTOMSAssume that you have an application that uses Microsoft Windows NT event log APIs. However, on a computer that is running Windows Vista or Windows Server 2008, the application cannot read the description of an event log message.
For example, in a network environment, you run Microsoft Operations Manager (MOM) 2005. When the MOM agent is running on a client that is running Windows Vista or Windows Server 2008, the MOM agent cannot read the descriptions of the events in the Windows NT event log. For example, the MOM agent cannot read the following messages. Example 1 Type: Audit Success Example 2
Time: Time Domain: Domain Computer: Computer Description: Unable to find Security source Microsoft-Windows-Security-Auditing message … Source: Microsoft-Windows-Security-Auditing Category: Event Number: Event Number User: N/A Event Id: Event ID Provider Type: Event Log Provider Name: Security Source Domain: Domain Source Computer: Domain Consolidated: False Raises Alert: False Type: Audit Success Time: Time In these examples, the Description section is not displayed correctly.Domain: Domain Computer: Computer Description: Unable to find Security source Microsoft-Windows-Eventlog message 1102 [1102] SID Computer Domain Logon ID Source: Microsoft-Windows-Eventlog Category: Event Number: 1102 User: N/A Event Id: 9afd9646-3599-4da6-a065-5fe0bd51bb6d Provider Type: Event Log Provider Name: Security Source Domain: Domain Source Computer: Computer Consolidated: False Raises Alert: False Note When the MOM agent runs under the Network Service Account, you must grant the Read permission to the following registry entry on the client computer to make sure that MOM agent has permission to read the registry key for the Security log: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Security However, even if you grant the Read permission to the MOM agent for the entry, the description is not displayed correctly.
CAUSEThis issue occurs because in Windows Vista and in Windows Server 2008, the Adtschema.dll component does not have a string table that maps an event ID to the corresponding message description. Therefore, the legacy API cannot format the event description.
RESOLUTIONA hotfix is available to resolve this issue. Install this hotfix on the computer that is running Windows Vista or Windows Server 2008. 1月14日 Microsoft Windows Time Services Management PackHaving recently suffered through some serious time services issues on our Windows Server 2003 AD forest and getting no help from MOM, I decided to write a Time Services management pack. MOM 2005 provides limited Time Services alerting through the AD MP (and only for Domain Controllers). If you have time critical applications on your forest member servers, you'll want to have some Time Services monitoring to see if they're getting accurate time! If System Center Operations Manager 2007 doesn't have any better support, you might want to grab this MP and convert it for use in SCOM. Attached below you'll find a link to the custom management pack:
Microsoft Windows Time Services Management Pack
|
|
|
