MOM Essentials 6 – Managing the Enterprise
Part 1
Gordon McKenna MOM – MVP
Monitoring Active Directory
Agenda
Why Monitor Active Directory
Brief Intro to MOM 2005
Overview of the Active Directory MP
– Client Side Monitoring
– Replication Monitoring
Summary/Best Practices
Whitepapers, Install Guides, and other Resources
Why Monitor Active Directory?
Like any distributed systems, unexpected problems
happen
– Hardware failures
– Low disk space
– Network connectivity issues
– User configuration error
– Name Resolution
– Sites and subnet configuration
– Errant applications overloading DCs
Why Monitor Active Directory?
Problems with Active Directory can be disruptive if left
unresolved
– Slow login/login failures/password issues
– Group Policy problems
– Resource access problems
– Exchange e-mail
– Replication issues can lead to security related issues
Why Monitor Active Directory?
Problems are often easy to fix when detected early
Proactively fix before it is escalated to help desk
 Lower TCO: Save yourself time and your company $$$
 Maintain high directory availability
When To Monitor
Plan your monitoring solution before deploying Active
Directory
Lab test your monitoring solution before deploying Active
Directory
Monitor simultaneously with
first DC deployment
Pause new DC deployment if monitoring detects problems
OR your monitoring solution fails
Continue monitoring post deployment
Effective Monitoring
All production deployments need effective
forest-wide Active Directory monitoring
You cannot do your job effectively
with out it
Ad-hoc monitoring solutions are
not enough
How much time are you willing to spend building your own monitoring
solution?
– Active Directory management pack took multiple man-years
– Don’t forget AD’s dependencies: Windows OS, DNS, Group Policy,
etc…
Agenda
Why Monitor Active Directory
Brief Intro to MOM 2005
Overview of the Active Directory MP
– Client Side Monitoring
– Replication Monitoring
Summary\Best Practices
Whitepapers, Install Guides, and other Resources
MOM Architectural Overview
Key Terms
Data sources
–
Events: Windows, application, WMI, service change, SNMP traps, timed events, missing
events, UNIX syslogs…
–
Performance data: Used for graphs, reports and to set thresholds
Alerts
–
MOMs indication of a particular issue
 What operators see first
–
Based on events, performance thresholds, or script output
–
Requires action from operator
Response
–
Reaction to an alert (send e-mail, page, run script)
Management Pack (MP)
–
Set of Processing Rules to monitor applications
–
Supporting views and reports
MOM 2005 Architecture
Reporting
Server
Reporting Server
–
Reporting
Agents
MOM 2005 Database
–
Data aggregation
–
Knowledge – management packs
–
Configuration data
MOM 2005 Server
MOM
Server
DB
SQL Reporting Services
Ops Console
Admin Console
Web Console
Agents
–
Database access
–
Consolidator
–
Agent manager
–
User interfaces
–
Agentless monitoring
MOM 2005 Agents
–
Local monitoring
–
Local management
–
Encrypted Communications
MOM – Operator Perspective
Agents Agents
Consoles
 View Alerts/Server State
 condition requiring
intervention
 execute tasks
 topological views
 service level exceptions
Operator
Console
Administrator
Console
MOM 2005
Server
HTTP
Internet
Informatio
n
Server
System Center
Reporting
Server
SQL Reporting Services
Web
Console
Examples
 Server Availability
 Operational Health
 Performance Trending
What's new for management packs with MOM
2005?
State Monitoring
– Live “at a glance” health view by role
Topology
– Display relationships between servers
Reports
– use SQL Server Reporting Services
– System Center Reporting Server
Tasks
– Ad hoc diagnosis and resolution
Improved Product Knowledge
Alerts View / State View
Alerts View
State View
Alert 
Ticket
Dynamic
Manually
resolved
Component
Details
Role-based
Demo
MOM 2005 Introduction:
Topology View
Alert View
Product Knowledge
Agenda
Why Monitor Active Directory
Brief Intro to MOM 2005
Overview of the Active Directory MP
– Client Side Monitoring
– Replication Monitoring
Summary\Best Practices
Whitepapers, Install Guides, and other Resources
AD MP Design Goals
Customers will receive a very small # of highly relevant alerts identifying the
“root cause”
wherever possible
Very little configuration necessary
 Usable “out-of-the-box” for very large
Active Directory deployments
Full end-to-end health monitoring for every Active Directory component
 Excellent Active Directory health definition
Easily customizable for very sophisticated implementations
AD MP Features
Monitors all aspects of Active Directory health
–
Performance and availability
–
Not a security management pack (e.g. auditing)
Monitors availability of all processes that are vital to the health of Active
Directory
–
NetLogon, FRS, ISM, W32Time, KDC
Collects key performance data
Reports on service availability, performance,
and trending
End-to-end replication validation in accordance with your SLAs
Centralized monitoring console to collect all events that can adversely affect
Active Directory
AD MP Features
Supports all Windows 2000 Server and
Windows Server 2003 features
Utilizes WMI providers to monitor replication partner health and *Trust
relationships
(*Windows Server 2003 only)
All scripts provide simple clear messages
Quiet with a very low # of highly relevant alerts (OK for pagers)
Client pack for client-side monitoring
Extensive product knowledge
Globalization support
Active Directory Event Monitoring
Over 400 rules
DC Locator
DIT corruption
GC
ISM
KCC
KDC
NetLogon
Replication
Security Accounts Manager
(SAM) errors
Site links
Sysvol
UserEnv
These
W32Time
rules do the deep dive into the
internal health of the AD!
State View
New
in AD
MP
for
MOM2005
– Server
health
(Time,
Netlogon,
FRS, ISM, KDC)
–
AD Service health
–
Replication (Inbound connection objects)
–
Client view monitoring
Topology Views
–
Site Links (Site  Site)
–
Connection Objects (DC  DC)
–
Broken Connection Objects (red DC  DC)
Client Monitoring Enhancements
New Reports
Product Knowledge
–
More than twice the volume know AD management pack knowledge compared to
MOM 2000 SP1.
Active Directory State Monitoring
State monitoring Active Directory:
At a glance view of AD health
Client View
Replication Health
Server Health Service Health
Active Directory Role
Components
Can clients connect within thresholds?
Client connectivity
– Can clients connect to PDC, GCs
– Is Active Directory responsive to clients
Checks for:
– Serverless bind. (Can it contact a DC and is it in a local site)
– PDC Available
– Minimum # of GC’s available
– Are the targeted DCs available\responsive
Is replication healthy?
Replication health
– Is each DC configured properly
– Are all DC’s replicating
– Is replication occurring in a timely fashion (SLA)
– Has initial replication completed in the last 24hours (configurable)
Checks for:
– End-to-end replication via change injection
– Health of inbound connection objects
– Appropriate # of replication partners
– Site islands
– Slow replication
Are all of the required services available?
Are the services on each DC healthy?
– Active Directory service
– Processes that are vital to the health of AD
– Database growth and log file free space
Checks for:
– Health of LSASS, Knowledge Consistency Checker (KCC), Userenv
– State of NetLogon, FRS, Intersite Messaging Service (ISM), W32Time, Kerberos
Distribution Center (KDC)
– Name resolution\DC locator
– Is SYSVOL accessible
Is the Active Directory service available?
Service Availability
– Are the necessary FSMO role holders responsive
– Is the Active Directory service responsive
– Can clients connect to the directory
Checks for:
– Serverless bind threshold
– GC Search Time
– Lost object count
– Availability of LDAP and crucial roles (PDC, DC, GCs, etc)
– Name resolution\DC locator
– Client pack tests
Active Directory Topology Views
Three different topology views:
– Sites and site links
– Connection Objects
– Broken Connection Objects
Detailed tool tips
– Subnet configuration details, link cost, replication interval,
transport type, consecutive failures, partition names
Topology View Example: Site and Site Links
Servers show with health
state
Servers annotated for
role (e.g. GC)
Site links shown
Tool tips shown with
details for site links, sites
and computers
Reports – Which And Why?
Current configuration
–
–
–
–
Domain Controller Report
Active Directory Operation Masters
Replication Site Links
Replication Connection Objects
Diagnostics & Trending
–
–
–
–
Replication Latency
Domain Controller Disk space
Active Directory Domain Changes
Computer Account Authentication Failures
Agenda
Why Monitor Active Directory
Brief Intro to MOM 2005
Overview of the Active Directory MP
– Client Side Monitoring
– Configuring Replication Monitoring
Summary/Best Practices
Whitepapers, Install Guides, and other Resources
Monitoring Service Level
Server health is important but doesn’t catch all problems
Clients can commonly experience issues even though servers are
healthy
IT departments need to verify they are meeting their commitments to
management
– Replication is occurring quickly (replication SLA)
– Client logins are quick
– E-Mail is available (Address Book)
Client Side Monitoring
“How do I really know AD is working properly for my customers who
rely on it?”
redmond.fabricam.com
DC1
Exchange
User
Exchange
WHY ?
DC2
Everything
is fine!
phoenix.fabricam.com
E-Mail is
slow!
MOM
DC3
Help Desk
DC4
Client Side Monitoring
Ensures AD is available for Exchange
and other directory-enabled applications at the application
server
Tests all necessary AD interfaces
– ICMP and LDAP ping
– LDAP bind and sub-search
Very granular control
– (Automatically targets local site)
– List of domains, sites, computers
– + specific computers
– Text file
– Turn auto discovery off
Client Side Monitoring
Very WAN efficient
Can be placed near/on the application server of interest
Can run on any server which is running a MOM agent
Trends key LDAP perf indicators
“Closes the loop” by providing MOM the client’s
perspective of
Active Directory health
redmond.fabricam.com
Alert: CP
Client is going to out
of
DC1
site DC
Exchange
DC2
Alert: Server response time
exceeded limits
phoenix.fabricam.com
MOM
DC3
DC4
redmond.fabricam.com
CP
DC1
Exchange
DC2
No impact to existing
generic app server
Both boxes sit next to
each other
SeparateMOM
administration
phoenix.fabricam.com
DC3
DC4
Demo
Client Monitoring Configuration
Add computers to “Active Directory Client Side Monitoring”
computer group
Agenda
Why Monitor Active Directory
Brief Intro to MOM 2005
Overview of the Active Directory MP
– Client Side Monitoring
– Replication Monitoring
Summary/Best Practices
Whitepapers, Install Guides, and other Resources
Replication Monitoring
AD management pack creates new container:
CN=MomLatencyMonitors
Periodic scripts adds timestamps for monitoring replication
latency
Separate maximum replication time thresholds for
– Intrasite monitoring
– Intersite monitoring
Specify Computers for Replication Monitoring
Target DCs
Source DCs
Source and target computers specified through computer
groups (a computer can be both a source and target)
Demo
Replication Latency Configuration
Replication Latency Configuration
Add computers to computer groups:
Active Directory Replication Latency Data Collection –
Sources
Active Directory Replication Latency Data Collection –
Targets
pecify the maximum replication latency in the rule:
Script - AD Replication Monitoring
Agenda
Why Monitor Active Directory
Brief Intro to MOM 2005
Overview of the Active Directory MP
– Client Side Monitoring
– Replication Monitoring
Summary/Best Practices
Whitepapers, Install Guides, and other Resources
MOM/AD Best Practices
Push out agents and rules incrementally (Initial
deployment)
Be wary of monitoring auditing rules (disabled by default)
Size your MOM architecture
– Fast disk, RAM, and CPU all necessary
– Use upcoming MOM 2005 performance and sizing guide
Groom data aggressively from MOM database
MOM/AD Best Practices (2)
MOM Action Account should be in root domain
Always use MOM MP to manage MOM
Use management packs AD depends on:
– Windows Base OS
– Group Policy
– DNS
Review most common alerts\events
– Weekly review most common alerts/events report
Baseline your implementation
– Adjust thresholds with this data as necessary
Summary
Effective forest-wide monitoring is
a must
Monitor during and after
Active Directory deployment
Get the full picture – use the
Client Pack
Deploy the MOM + AD MP and keep Active Directory
healthy
Resources
AD Management Pack Users Guide
– Installation, configuration, and best-practices
–
–
operations information
Specific support for large branch office scenarios and extremely low-bandwidth
wan links
MOM 2005:
http://www.microsoft.com/technet/prodtechnol/mom/mom2005/maintain/admpguid
eformom2005.mspx
AD Management Pack Technical Reference Guide
– Typical scenarios that the AD MP was designed to monitor
– How ADMP defines “health” for AD components
– MOM 2005:
http://www.microsoft.com/technet/prodtechnol/mom/mom2005/maintain/dirmgmtp
ackmom.mspx
Managing Windows Servers
Agenda
Why Monitor Windows Servers
Overview of the Windows Base O/s MP
– Capacity monitoring
– Performance Monitoring
Overview of Hardware Management Packs
– Capacity monitoring
– Performance Monitoring
Summary/Best Practices
Whitepapers, Install Guides, and other Resources
Why Monitor Windows Servers?
Windows Server O/s is crucial to the Health of the AD
– Performance monitoring
– Storage Monitoring
– Health Checking
– Status Checking
– Security Checking
Hardware critical to health of Windows Base O/s
– Component monitoring
– Peripheral Monitoring
– Capacity Monitoring
Agenda
Why Monitor Windows Servers
Overview of the Windows Base O/s MP
– Monitoring Scenarios
– Performance Monitoring
Overview of Hardware Management Packs
– Vendor available MP’s
– Performance Monitoring
Summary/Best Practices
Whitepapers, Install Guides, and other Resources
Monitoring Scenarios
Service and application management
– Core Windows service up/down status•
– Unexpected service terminations•
– Service configuration issues •
– Service account and authentication issues
Reliability
– Detects reoccurring application terminations
– Gathers data on system shutdowns (for shutdown reporting)
– Reports system failures (for stop error reporting)
Monitoring Scenarios cont….
Storage
– Share availability issues
– Share configuration issues
– Local storage resource availability
– Local storage free space
– File system integrity and corruption issues
Networking
– IP address conflicts
– Disconnected network adapters
– Duplicate network names
Agenda
Why Monitor Windows Servers
Overview of the Windows Base O/s MP
– Capacity monitoring
– Performance Monitoring
Overview of Hardware Management Packs
– Capacity monitoring
– Performance Monitoring
Summary/Best Practices
Whitepapers, Install Guides, and other Resources
Performance Monitoring
Performance measuring
-For most commonly used performance data
Performance threshold monitoring
– Physical Disk - Avg. Disk sec./
– Physical Disk - Avg. Disk sec./Read
– Memory - Pages/sec.
– Processor - % Processor
– Processor - % DPC
– Processor - % Interrupt Time
– Memory - % Committed bytes in use
– Memory - Available Megabytes
Performance Monitoring
State monitoring and service discovery
– Base OS services
– Storage
– Messenger service
– Computer browser
– Logical Disk Manager service
– Dynamic Host Configuration Protocol (DHCP) client
– Domain Name Service (DNS) client
– Remote Procedure Call (RPC) health
– Server service
– Transmission Control Protocol/Internet Protocol (TCP/IP)
– NetBIOS Helper service
– Hardware discovery
– Event log
– Workstation service
Agenda
Why Monitor Windows Servers
Overview of the Windows Base O/s MP
– Capacity monitoring
– Performance Monitoring
Overview of Hardware Management Packs
– HP
– Dell
– Fujitsu
– IBM
Demo
Whitepapers, Install Guides, and other Resources
HP Management Packs 1.1
Hardware resource management for HP ProLiant and
Integrity servers
Hooks into HP Insight Manager Software
Support for Microsoft Windows Server 2003 and x64 Editions
Event rules for HP ProLiant Support Pack versions up to 7.4
Eveny rules for HP Integrity Support Pack versions up to
4.05
Topology Diagram View
State Roll-up component
Easy launch Tasks for server based webviews
Public View for troubleshooting
HP State View
System requirements
HP Insight Management Agents for ProLiant Servers,
versions 5.5 to 7.40
HP Insight Management Agents for Integrity Servers,
versions 2.3 to 4.05
SNMP for servers
– Required locally on each managed HP server to enable correct
operations of the HP Insight Management Agents and to populate
MOM 2005 with hardware state information
HTTP
– Required to enable tasks in MOM 2005 that access HP SIM, the HP
System Management Homepage on individual managed systems,
and HP Management Processors
Agenda
Why Monitor Windows Servers
Overview of the Windows Base O/s MP
– Capacity monitoring
– Performance Monitoring
Overview of Hardware Management Packs
– HP
– Dell
–
–
Fujitsu
IBM
Demo
Whitepapers, Install Guides, and other Resources
Dell Management Pack 2.0
Hardware Resource Management for Dell Servers
Hooks into Dell OpenManage Server Administrator and Dell
OpenManage Array Manager Software
Dell State Monitoring Alerts View, Topology Views, and State
Views
Task based Web link to launch a Dell Remote Access
Controller when a warning or critical event occurs
Task to update State Views
Dell Knowledge Base information to support new event
processing rules of Server Administrator (including the
enhanced Storage Management Service) and Array Manager
Dell Diagram View
ROCKSDEV\CONN-NAS Dell Asset Tag: Dell-NAS
Dell Server IPAddress: 192.168.234.235,
192.168.18.98 Dell Server Model Type: PowerVault
775N Dell Server OS: Microsoft Windows Powered
Dell Service Tag: 3C1471S Status: Critical Error
System requirements
Microsoft Windows 2000 Server with Service Pack 4 or later,
Windows 2000 Advanced Server with Service Pack 4 or later,
Windows Server 2003 (Standard Edition, Web Edition, and
Enterprise Edition), Windows Small Business Server (SBS)
2000, and Windows SBS 2003
Support for Dell OpenManage Server Administrator versions
1.6–2.0 (including the enhanced Storage Management
Service version 1.0–1.1). For receiving alerts from the
storage subsystem, you must have installed either Dell
OpenManage Array Manager or the Server Administrator
enhanced Storage Management Service.
Support for Array Manager versions 3.4–3.7.
Agenda
Why Monitor Windows Servers
Overview of the Windows Base O/s MP
– Capacity monitoring
– Performance Monitoring
Overview of Hardware Management Packs
– HP
– Dell
– Fujitsu
–
IBM
Demo
Whitepapers, Install Guides, and other Resources
Fujitsu Siemens 2.0
Hardware Resource Management for Fujitsu Siemens
PRIMERGY Servers
Hooks into Fujitsu Siemens ServerView Software
Server View State Monitoring Alerts View, Topology Views,
and State Views
Tasks for ServerView Management Console, ServerView
Frontend, ServerView WebVersion, Start ServerView
Fujitsu Siemens Knowledge Base information
System requirements
Operating system Windows 2000 (service pack 4 or higher )
or Windows Server 2003
ServerView Agents v 2.59 or higher must be installed
Simple Network Management Protocol (SNMP )for servers required for correct operations of the ServerView
Management
IBM Hardware
Most recently added
Pro-active management of IBM Hwardware
Hooks into IBM Director Software
Come with Knowledge Base Information
No task or diagram support
MP Downloads
HP
http://h18004.www1.hp.com/products/servers/management/mom2005/ind
ex.html
Dell
http://ftp.us.dell.com/sysman/DOMMP20.exe
Fujitsu Siemens
http://download.fujitsusiemens.com/Download/ShowDescription.asp?SoftwareGUID=4190578B
-A3E7-41F9-93B0-AED74F700B84
IBM
http://www-1.ibm.com/support/docview.wss?uid=psg1MIGR-61783
Management Update Notification
Sign up for Management Update
Notification Service
– Notice of updates to
– New/Updated Management Packs
– Microsoft Management Product News
– Solutions
– http://www.microsoft.com/management/notifyme/
Ask The Experts
Get Your Questions Answered
Questions
Community Resources
Community Resources
– http://www.microsoft.com/communities/default.mspx
Most Valuable Professional (MVP)
– http://www.microsoft.com/communities/mvp
Newsgroups
– Converse online with Microsoft Newsgroups,
including Worldwide
– http://communities2.microsoft.com/communities
/newsgroups/en-us/default.aspx
User Groups - Meet and learn with your peers
– http://www.microsoft.com/communities/usergroups
/default.mspx
Microsoft Learning Resources
Come and talk to Microsoft Learning to find out more about
developing your skills, you can kind us in the ‘Ask the Experts’ area
Special offers on Microsoft Certification from Microsoft Learning
Click here to access free Microsoft Learning Assessments
http://www.microsoft.com/learning/assessment/ind/default.asp
and FREE elearning for Microsoft Visual Studio 2005 and Microsoft
SQL Server 2005 with free Assessments and E-Learning
http://www.microsoft.com/learning/mcp/
MOM Resources
Microsoft Operations Manager http://www.microsoft.com/MOM
Getting Started Resources
http://www.microsoft.com/MOM/Beginners
– Technical Walkthrough
– Key Documentation
– MOM Evaluation Download
Partner Product Catalog
http://www.microsoft.com/MOM/ManagementPacks
MOM Community
http://www.microsoft.com/MOM/community/
Solution Accelerators
http://www.microsoft.com/mom/evaluation/solutions/default.mspx
What else does TechNet give you?
A range of tools and resources for IT professionals that
let you plan, manage ,deploy
FREE TechNet Newsletter”
FREE Events and Webcasts
FREE quarterly “TechNet” magazine
FREE comprehensive technical website
FREE TechNet Radio, Security Centre, Learning Paths and
Virtual Labs
TechNet Plus Subscription DVD
To subscribe to the newsletter or just to find out more, please visit
www.microsoft.com/uk/technet
Thank you for attending this TechNet Event
http://www.microsoft.com/uk/technet
PS (The evaluation form is now sent out electronically
with your thank you e-mail. This can take up to 5
working days. Please do feedback as we read all the
comments and use them to shape future event content)
Gordon McKenna
MOM MVP
Inframon Limited
gordon@inframon.com