Thursday, February 14, 2013 8:13 PM
I’m using scom 2007 r2 cu6. I’ve set an override on AD Trust object, changing the status from critical to warning. Currently computers in our domain with an expired pword display as a critical error in the main page of the alert monitor.
I’ve created an override by right clicking on the alert, going to monitor, properties, override and then setting the override to apply to all domain controllers of class Server 2008. I’ve set the alert to enabled, changed the override value from critical to warning and made sure the effective value is set to warning.
I’ve then cleared the current alerts and reset the health of the current monitor. All looks fine in the monitoring console, but after 20 minutes or so, I still get critical alerts for computers with expired account passwords.
What am I missing?
Thanks in advance
- Moved by Matthew Hudson [MVP]MVP Thursday, February 14, 2013 8:22 PM OpsMgr question
Thursday, February 14, 2013 10:44 PM
Please send a screenshot of your override window. It is easier to debug...
Friday, February 15, 2013 1:50 PM
right click the alert --> overrides --> override the monitor --> For the object XXX(first item in the list) --> view the effective value
What is the effective override of Alert sverity?
Monday, February 18, 2013 8:57 AMModerator
I would like to suggest you check the targeting of the override:
OpsMgr 2007: Monitor or rule targeted at computer group does not generate alerts
Using Classes and Groups for Overrides in Operations Manager
TechNet Community Support
- Proposed As Answer by Spam Filter Friday, March 01, 2013 7:25 AM
- Unproposed As Answer by Nicholas LiMicrosoft Contingent Staff, Moderator Wednesday, March 06, 2013 4:25 AM
Wednesday, February 20, 2013 7:08 PM
I have exactly the same problem
Here's a pic of the override set I'm using, not sure where I'm going wrong, but AD trust monitor keeps on coming back....
Thursday, February 21, 2013 11:21 AM
It could be that another override is also setting this value. What do you see when you right-click the monitor and select Overrides -> Summary -> For all objects of class...". There is probably more than one override and both overrides configure the same setting. Make sure only one override configures this setting. If you don't want to do this you can also enforce an override (not recommended though). Just scroll a bit to the right in the override window and select the checkbox. This should force your override.
On a side note. I see that you have selected the "Default Management Pack" as the override placement location. You are aware this is a worst-practise methode? Make a new Management pack instead and place the override in this new MP.
Thursday, February 21, 2013 2:11 PM
I've checked the summary and there are actuallty 6 overrides set, all of which have the override value and effective value set to "warning". I'm aware of using the default management pack and did change the destination after using the snipping tool.
The reason why I have so many monitors is because I'm not sure where to target the rule. I basically want to stop Windows clients from registering critical errors in the domain if they have an expired computer pword. I tried "for all objects of class: Server 2008 DC role", "for objects of a specific class:MydomainControllerName", "for all objects of class:Windows Client Operating Systems" and even "for objects of a specific class: NameOfScomRMS" - all to no avail.
Admittedly I haven't seen any new alerts in the last few hours, but there are old alerts which come back and bubble up. To effectively close the alert so I'm not alerted again, should I just close the resolution state or do I need to use health explorer to expand the alert, dig down to the specific alert, reset the health of the monitor and then reset the overrall health in health explorer?
Thursday, February 21, 2013 2:32 PM
I myself never use any override selection other then "For a group ..." and "For all objects of class: <default name>". Reason for this is removing complexity. If I want to only target a few computers instead of everything I create a group of the correct objects (same class as the targeted class) and use this for an override.
I would suggest the same procedure in this case. Remove all current overrides and create either a global override (this should work), or create a group and target the override to this. Just make sure that the group is filled with objects of the same class the rule is targeted to namely "Active Directory Domain Controller Server 2008 Computer Role"
If you want to close an (monitor) alert the correct way you can use the following procedure;
- Open the health explorer
- reset the health of the unhealthy components
- close the alert
If you don't do this and the monitor itself isn't capable of resetting the health state then you will never be alerted again.
Thursday, February 21, 2013 2:44 PM
I guess the question is "what am I actually targetting?" The alert is generated by Windows XP and 7 clients, but registered on all DCs. Therefore would choosing a class of "Active Directory Domain Controller Server 2008 Computer Role" be the right target choice?