February 2006 - Posts
SYMPTOMS
You may see a warning alert in MOM Operator Console;
Severity: Warning
Status: New
Source: AD Replication Monitoring
Name: AD Replication is occurring slowly
Description: The following DCs took more than three times the expected replication time to replicate.
DESCRIPTION
The following DCs took more than three times the expected replication time to replicate.
Format: DC, Naming Context, Calculated Replication Time (in minutes). Intersite, expected replication time is 15 minutes.
CAUSE
This is due to IntersiteExpectedMaxLatency of 15 threshold of 15 minutes in AD Replication Monitoring script
WORKAROUND
AD Replication Monitoring script Detects slow replication and replication problems. You can find AD Replication Monitoring VBSscript in the Scripts Container under Management Packs. The parameters can be customized for IntersiteExpectedMaxLatency based on the WAN links for Inter Sites. IntersiteExpectedMaxLatency is the expected maximum time that replication will take to occur between sites and by default it is set to 15 minutes.
DO NOT EDIT THE SCRIPT DIRECTLY and instead click on Parameters - Click on IntersiteExpectedMaxLatency and enter the new value.
If you are wondering to configure DHCP Management Pack to use Low-Privilege (MOM Action) account or normal user account without administrative privileges then that's not supported.
Monitoring functionality on an agent computer is provided by both the MOM Service (MOMService.exe) and the agent Action Account. To work properly, the DHCP Management Pack requires that the Action Account and the MOM Service account both have local Administrator rights on the monitored computer. Configurations with low-privileged accounts are not supported.
MORE INFORMATION
Monitoring in Low-Privilege Configuration with the Windows DHCP Management Pack
http://www.microsoft.com/technet/prodtechnol/mom/mom2005/Library/807086f1-8e1d-4f1f-b040-e07129a6a35b.mspx
After enabling access to MOM2005 Operations Console for users, the users are still unable to access / open MOM Operator Console with error;
Access denied to server: <server name>
MOM2005 is installed on Windows Server 2003 SP# 1 and due to changes in DCOM security on Windows 2003 Server SP1, the users connecting to the management Server must now also be in the "Distributed COM Users" local security group on the Management Server.
MORE INFORMATION
You receive a "You do not have the appropriate privilege" error message when you try to open the Microsoft Operations Manager (MOM) 2005 Administrator Console;
http://support.microsoft.com/kb/895952/
The console Scopes defines which computer groups that user of the operator console can view and manage and depending on that you might want to add the users to the following local groups created during MOM2005 installation;
- MOM Administrators: MOM Administrators can view and modify settings in the Operations Console and in the Operations node, Management Packs node, and Administration nodes in the MOM Administration Console
- MOM Authors: MOM Authors can view and modify settings in the Operations Console, and in the Operations node and Management Packs node in the MOM Administration Console
- MOM Users: MOM Users can view and modify settings in the Operations Console and the Operations node of the MOM Administration Console
Add the users to specific group and the users will be able to access it accordingly.
DESCRIPTION
While trying to push agent install from MOM2005 Server, you may see the following errors;
SYMPTOMS
The MOM Server failed to install agent on remote computer <FQDN>.
Error Code: -2147023174
Error Description: The RPC server is unavailable.
Microsoft Installer Error Description: No Description Available
The MOM Server failed to perform specified operation on computer <FQDN>.
Error Code: 5
Error Description: Access is denied.
CAUSE
This is seen if MOM ACTION is account is not having the required privileges on the remote computer.
WORKAROUND
- Add MOM ACTION account to 'Performance Monitor Users' group (Members of this group have remote access to monitor this computer).
- Add MOM ACTION account to Local 'Users' group (Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications).
- Grant MOM ACTION account 'Manage auditing and security log' permission (SeSecurityPrivilege).
- Grant MOM ACTION account 'Allow log on locally' permission (SeInteractiveLogonRight).
- Add MOM ACTION account to 'Administrators' group. (This is generally not recommended but if you have tried all the 4 points above and still MOM agent install fails, then you might want try this last step).
DISCLAIMER
This procedure worked for me on member servers.
Before installing MOM2005 Agent, make sure Windows Installer 3.1 is installed. I just installed an agent on Windows 2000 server with old version of windows installer and saw this error;
Failed:
The MOM Server detected that remote computer <FQDN>has older version of Windows Installer installed. Please update to Windows Installer 3.1 version.Please refer to release notes for more details.
Error Code: -2147023283
Error Description: This installation package cannot be installed by the Windows Installer service. You must install a Windows service pack that contains a newer version of the Windows Installer service.
DOWNLOAD
http://www.microsoft.com/downloads/details.aspx?FamilyID=889482fc-5f56-4a38-b838-de776fd4138c&displaylang=en&Hash=F3N3X85#filelist
DESCRIPTION
The script 'AD Replication Monitoring' encountered a permissions error. The script failed to update this DCs monitoring object in the naming context 'DC=DomainDnsZones,DC=sadad,DC=com' because access was denied. Alter the permissions for this naming context so that the script can add this container, or change the parameters for this script to stop monitoring this naming context.
The error returned was: 'General access denied error' (0x80070005)
CAUSE
This is due to lack of permissions for MOM ACTION account on MOMLatencyMonitors container in Active Directory (this container is hidden).
WORKAROUND
- Open Active Directory Users & Computers (DSA.msc).
- Click on view and select Advanced Features.
- Click on MOMLatencyMonitors container and click on properties (you should see your DC's in this container).
- Click on security tab and add MOM ACTION account and give it Full Control.
- Restart the MOM service.
DESCRIPTION
The SQL Server management pack script "SQL Server 2000 Block Analysis" is unable to successfully connect to the SQL Server instance "MSSQLSERVER". The error message returned is "Login failed for user."
CAUSE
This might be due to login failure or lack of Windows user rights for the SQL Service Account to Log on as a service (SeServiceLogonRight).
WORKAROUND
Use Lockoutstatus.exe from Windows 2003 Resource Kit Tools which gives a statistics of Bad PWD Count and if the account is locked. If everything is clear, make sure SQL Service Account is having the prvillege to Log on as a service from the Group Policy.
MORE INFORMATION
DESCRIPTION
An error occurred while executing 'AD Remote Topology Discovery' Failed to CreateObject 'OOMADs'. The error returned was: 'ActiveX component can't create object' (0x1AD) 0x1AD.
CAUSE
This occurs when domain controllers do not have the OOMADS.DLL registered which is required for Active Directory Management Pack. As soon as the rules associated with this computer group are deployed, a script automatically runs to install and register this DLL and if you dont have ACTIVE DIRECTORY HELPER OBJECT installed, you will see such error.
WORKAROUND
Install oomads.msi (Active Directory Helper Object) from MOM Support Tools.
DESCRIPTON
The "Microsoft SQL Server" management pack failed to execute the SQL Server 2000 Replication Monitoring script successfully. The following error event was returned "Access denied while reading registry value [\\Your-MOM-Server\HKLM\Software\Microsoft\MSSQLServer\Setup\ProductCode]". The following additional error details were returned "". Please refer to the events associated with this alert to view the computers that have experienced this problem.
WORKAROUND
In reality, on my SQL2000 SP4 installation, this registry path does not exists. Looks like a BUG. My knowledge to SQL Scripting is very limited and so I have disabled SQL Server 2000 Replication Monitoring Script from MOM Admin Console:-). This script is located in State Monitoring and Service Discovery Event Rules container.
BEST PRACTICE
Make sure MOM ACTION account is a member of Built-in Users group on MOM Server. Built-in Users group has read permissions on HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer.
If you are wondering How to Identify MOM2005 Service Pack Level in MOM2005, then you can use this tip;
Right click Microsoft Operations Manager (Your-MOM-Server) and click About Microsoft Operations Manager and check the first line;
- For MOM2005 you should see, 5.0.2749.0
- For MOM2005 Service Pack1, you should see, 5.0.2911.0
Hello everyone and after a long time, I am back to the community. I have changed my employer and I am now working for Atos Origin Middle East.
So, today I started to play with MOM2005 in my test-bed and encountered with couple of issues which I really wanted to share;
ENVIRONMENT
Ok, fair enough and I installed SQL 2000 SP4 without any glitches. One thing to remember here is the MSSQLSERVER SERVICE will not start automatically and you have to start it manually.
Now, I ran the Check Prerequisites wizard (The Prerequisite Check page indicates whether you have met all the requirements for installing the MOM components) to check the following Selected Components:
-
MOM Database.
-
MOM User Interfaces.
-
MOM Management Server.
The prerequisite check failed for the selected components. The reason being MOM setup is unable to detect SQL Server 2000 SP4;
Failures
Minimum Requirement
Recommended
(if different from minimum)
Required For
Detected Value
Microsoft SQL Server 2000 SP3 or later. SQL Server 2000 SP3 or later not detected
Download the required version from http://www.microsoft.com/downloads/
I quickly ran SQL Query Analayser to check if the SP4 is installed to execute the following queries;
As expected the result is SP4 8.00.2039 [Microsoft SQL Server 2000 - 8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003 Microsoft Corporation Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 1)]
As always, I am back to community for help and started the following thread MOM prerequisite check failed. Thanks to Ronny for guiding to support kb article You receive a " Microsoft SQL Server 2000 SP3a or above required" error message when you try to install MOM 2005. I then found Technet article, 'Troubleshoot MOM 2005 Prerequisite Checking' which further explained this BUG.
Instead of executing msiexec command with PREREQ_COMPLETED=1, I found another cheeky workaround where in you can tweak the registry to SQL SP3. For more information see the table below;
SQL Server 2000 Version and Level
@@VERSION
Product Level
SQL Server 2000 Original Release
8.00.194
RTM
Database Components SP1
8.00.384
SP1
Database Components SP2
8.00.534
SP2
Database Components SP3, SP3a or MSDE 2000 Release A.
8.00.760
SP3
Database Components SP4
8.00.2039
SP4
All I have to do is to edit the registry from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\CurrentVersion – value name “CSDVersion = 8.00.2039 to a new value of 8.00.760” which essentially means SQL SP3. Now, just run the MOMPreReqReport to make sure there are no errors and just run the installer again with success!! Dont forget to revert back to CSDVersion = 8.00.2039.
MORE INFORMATION
http://support.microsoft.com/default.aspx?scid=kb;en-us;902803
http://www.microsoft.com/technet/prodtechnol/mom/mom2005/Library/be9f9412-c93f-4e6a-8b3e-586395cfdac4.mspx
http://blog.bernt.net/2005/07/russ-kaufmann-mom-2005-and-sql-server.html
http://cs.thefoleyhouse.co.uk/blogs/karl/archive/2005/07/02/456.aspx
Happy Testing!