February 29
Here’s some information that I've recently discovered trying to get a MOM 2005 SP1 agent to read the Security logs on Vista/Windows Server 2008 clients:
-
The new Security log doesn’t allow Authenticated Users read access, so the MOM agent (running under Network Service) can’t, by default, access this log at all. To fix this, the Network Service account has to be granted Read access to the HKLM\System\CurrentControlSet\Services\Eventlog\Security key.
I've opened a case with Microsoft CSS and I'll post updates as this issue unfolds.
*UPDATE*
It appears that Microsoft will be releasing at least one hotfix to address this and other issues that will allow MOM 2005 and System Center Operations Manager 2007 to manage and be hosted on Windows Server 2008. The support for this was scheduled to be announced the last week of June but has now been delayed until the end of July.
-Stuart
February 26
When Microsoft introduced the new Task Scheduler interface in an early version of Internet Explorer, most folks immediately began using it and stopped using the older AT-style task scheduling mechanism. Unfortulately to this day, none of Microsoft's operating systems have WMI-provider support for the new stype Task Scheduler which makes it difficult to write any form of management interface.
Luckily, Microsoft did provide a utility (schtasks.exe) that allowed you to manage the scheduler. The output of this tool can be parsed by a script as part of a MOM management pack. As luck would have it, the output of schtasks.exe tool is different between client and server Os's and isn't present on Windows 2000 so the MP below is for Windows Server 2003 only.
| Microsoft Task Scheduler Management Pack
|
| This management pack monitors the state of the Windows Task Scheduler service and associated tasks.
|
|
|
| Features
|
| This management pack features service discovery and task status rules.
|
|
|
| Configuration
|
|
This management pack is associated with the Microsoft Windows Task Schedulers computer group. Membership in this computer group is based upon the Task Scheduler Service Start Type computer attribute being set to 2 (Automatic) on the Windows 2003 agent-managed computer. To prevent the MP from scanning the running tasks on an agent-managed computer, set the startup type to Manual or Disabled. This management pack will only work with the scheduled task command line utility (schtasks.exe) for Windows Server 2003. It will not work with Windows 2000 or Windows XP as the schtasks tool is either unavailable or produces slightly different output on those systems. This management pack was based on example code provided by John Hann and Microsoft.
*IMPORTANT* - When you import this Management Pack into your MOM instance don't forget to change the email addresses in the notification operators that come with the MP! |
The MP and associated report can be downloaded by clicking on the following Icons:
If you've got a lot of folks managing servers with MOM 2005, you've probably already stumbled into Microsoft's Notification Workflow Solution Accelerator. It's a great add-on for MOM 2005 that provides very customizable and granular alert notifications.
Like any other product, it needs a management pack so you can monitor it's health. Here's my own Notification Workflow MP:
| Microsoft Notification Workflow Management Pack
|
| Notification Workflow is a Microsoft SQL Server-based Notification Services application that can be used to extend notification functionalities of Microsoft Operations Manager (MOM) 2005. It allows a user to subscribe to, and be notified when, alerts associated with specific applications or Microsoft Windows services are generated. Whenever an alert occurs, an alert notification is sent to the subscriber, in the form of an e-mail. The notifications can be sent to the user based on schedules, schedule overrides, and extended MOM alert properties, according to user selection when subscribing. The alert properties available for selection include computer name, alert source, alert severity, Management Pack name, computer group name, device, and alert description. This Management Pack provides basic service and event management for Notification Workflow and will alert Operations Manager administrators if notification failures occur.
|
|
|
| Features
|
| This Management Pack provides basic service and event management for Notification Workflow and will alert Operations Manager administrators if notification failures occur.
|
|
|
| Configuration
|
|
No configuration is required. The MP will automatically discover any managed servers containing Notification Workflow services and manage both the notification service and critical events.
*IMPORTANT* - When you import this Management Pack into your MOM instance don't forget to change the email addresses in the notification operators that come with the MP!
You can download the MP by clicking on the Icon below: |
Here's another home-made management pack. This one's for IAS. While it's an often used product, Microsoft never wrote a management pack for it. So I did.
Unfortunately, IAS doesn't put a lot of useful stuff in the event logs. But it does have lots of performance counters!
| Internet Authentication Service Management Pack
|
| This custom management pack monitors the health of the Microsoft Internet Authentication Service. Internet Authentication Service (IAS) is the Microsoft implementation of a Remote Authentication Dial-in User Service (RADIUS) server and proxy. As a RADIUS server, IAS performs centralized connection authentication, authorization, and accounting for many types of network access, including wireless and virtual private network (VPN) connections. As a RADIUS proxy, IAS forwards authentication and accounting messages to other RADIUS servers.
|
|
|
| Features
|
| The following product roles are supported by this management pack: 1) Internet Authentication service 2) Internet Authentication service performance counters 3) Internet Authentication service application events
|
|
|
| Configuration
|
|
Performance threshold rules are disabled and will need to have their criteria set before being enabled. Performance measuring rules are also disabled by default and can be enabled as needed. By default, alerts for Critical Errors and Service Unavailable conditions are sent to the membership of the Internet Authentication Administrators notification group. This Management Pack is bound the to members of the Microsoft Internet Authentication Service computer group. Membership in that group is limited to managed agent computers who have the IAS installed (added by computer attribute discovery).
*IMPORTANT* - When you import this Management Pack into your MOM instance don't forget to change the email addresses in the notification operators that come with the MP! |
You can download the MP by clicking on the Icon below:
Over the last two years I've written several management packs to help monitor several popular Antivirus packages used on Windows servers (and clients) in the corporate world.
Here are Management packs for two such products from Computer Associates and McAfee.
| Computer Associates eTrust Antivirus V7
|
| This Management Pack provides basic monitoring of CA eTrust Antivirus, version 7.x.
|
|
|
| Features
|
| The following product roles are monitored by this management pack: 1) eTrust Antivirus services 2) eTrust Antivirus performance counters 3) eTrust Antivirus application events
|
|
|
| Configuration
|
|
Performance threshold settings can be adjusted as required. By default, alerts for Critical Errors are sent to the membership of the eTrust AntiVirus Administrators notification group. This Management Pack is bound the to members of the CA eTrust AntiVirus computer group. Membership in that group is limited to all managed agent computers who have Version 7.x of the product installed (added by computer attribute discovery).
| McAfee VirusScan V8
|
| This Management Pack provides basic monitoring of McAfee VirusShield, version 8.x.
|
|
|
| Features
|
| The following product roles are monitored by this management pack: 1) McAfee VirusShield services 2) McAfee VirusShield application events
|
|
|
| Configuration
|
|
By default, alerts for Critical Errors and above are sent to the membership of the AntiVirus Administrators notification group. This Management Pack is bound the to members of the McAfee VirusShield computer group. Membership in that group is limited to all managed agent computers who have Version 8.x of the product installed (added by computer attribute discovery).
*IMPORTANT* - When you import this Management Pack into your MOM instance don't forget to change the email addresses in the notification operators that come with the MP! | |
You can download the MP's by clicking on the Icons below:
Tools 
