Risorse per professionisti IT >
Home page del forum
>
Forefront Client Security Alerting and Monitoring
>
FCS on a domain controller with SCOM agent
FCS on a domain controller with SCOM agent
- We have FCS deployed with agents on all domain controllers.We are now deploying SCOM 2007 R2 and would like to monitor the domain controllers. As I understand it, multi homing between SCOM and MOM on a domain controller is not supported due to the incompatible versions of the helper objects.Is it possible to support FCS agents with alerting and monitoring on the DCs as well as SCOM agents?Thanks,Guy
Tutte le risposte
Hi,
Thank you for your post.
As far as I know, for FCS V1, we could only use MOM 2OO5 and it’s agent. We cannot use a SCOM 2007 agent for FCS, but in the next release of FCS, there will be move to SCOM 2007.
However, MOM 2005 and SCOM 2007 are happily co-exist on the same machine, so it is no problem in using both of them. FCS can still work as the MOM 2005 agent can be dual-homed to talk to you FCS MOM Server.
Regards,
Nick Gu - MSFT- Proposto come rispostaNick Gu - MSFTMSFT, Moderatorelunedì 28 settembre 2009 3.12
- Nick,Thank you very much for your response.In a co-existence scenario for MOM 2005 (from FCS) and SCOM 2007, can you confirm which version of OOMADS.MSI (Active Directory Helper Object) should be installed and how? I can't seem to have both installed and without removing the MOM 2005 agent, I can't get the SCOM 2007 version to install. Without the SCOM 2007 version of OOMADS.MSI, I get frequent script failure alerts for my DCs.Thanks,Guy
Hi,
Thank you for your quick update.
I am sorry for not telling you that dual agents(Mom 2005 and SCOM 2007) on DCs is not supported or will bring problems, such as the issue with AD agent helper objects.
Regards,
Nick Gu - MSFT- Thanks Nick,I guess that brings us back to my original question: what is the supported method, if any, to deploy FCS with monitoring and SCOM 2007 to a domain controller?Guy
- The management pack for FCS would need to be modified and then made agentless management aware. This is a mission in itself and it's supportability is questionable. However if you can, please open a case with CSS and we can work out the details with you and come up with a solution/workaround.
Oguzhan Filizlibay | Security Escalation Engineer | Microsoft EMEA CSS Security- Contrassegnato come rispostaOguzhan FilizlibayMSFT, Moderatoregiovedì 1 ottobre 2009 23.48
- Contrassegno come risposta annullatoGuy Yardeni venerdì 2 ottobre 2009 4.40
- Thanks for the response, but I'm not sure I understand. Are you saying that in order to use two mainstream Microsoft products such as FCS and SCOM in a common usage scenario - protecting and monitoring a domain controller, I need to open a case with CSS and begin a process of extensive and presumably time consuming and expensive customization?That seems to be quite a penalty for an organization implementing the Microsoft stack of management and security products.Guy
Hi,
Thank you for your update.
Would you please tell us what OS of your DCs? And what failure alerts you have got from the DCs?
Regards,
Nick Gu - MSFT- Nick,The DCs are all running Windows Server 2008 SP 2.Here is a sample alert that I get:AD Database and Log : The script 'AD Database and Log' failed to create object 'McActiveDir.ActiveDirectory'.
The error returned was: 'ActiveX component can't create object' (0x1AD)We have seen some positive results from simply manually installing the AD Helper Object from SCOM 2007 R2 (OOMADS.MSI). Since FCS doesn't use the AD management pack, there is no need for the helper objects from MOM so there doesn't appear to be a conflict and FCS monitoring as well as SCOM monitoring are both functioning.Based on the information I've read, I don't think we're in a supported scenario at this point, but with no other options, this configuration may have to be used until the SCOM based version of FCS is out and deployed.Guy
