martedì 5 giugno 2012 11:14
It looks like starting with SCOM 2012 there are two ways to monitor a web application (URL monitoring):
- The OLD way (Using the Web Application Transaction Monitoring template)
- The NEW way (Using the Web Application Availability Monitoring template)
And, it looks like it is recommended to use the new way, because it is the agent who performs the url request, instead of being done right from the RMS.
I haven't found any problem creating a web application monitor using the new template, except for the fact that our watched web applications use authentication (NTLM - Basic and Kerberos). So, all the requests return an HTTP code 401 (Unauthorized) as expected. however I have not found the way to configure the credentials used for the monitor to do the checks (maybe it is the default action account?), or how to bypass the 401 code and get the server to return the content AFTER authentication.
I have searched a lot on the TechNet library but all articles refer to unauthenticated sites.
I know that the OLD way had a configuration setting to input credentials, but I'd like to stick to the new method, if possible.
Does anyone know how to successfully monitor an URL requiring authentication on SCOM 2012 using the Web Application Availability Monitoring Template? or, at least, using no matter which method?
- Modificato Roberto MD martedì 5 giugno 2012 11:17
Tutte le risposte
martedì 12 giugno 2012 08:49Moderatore
I think ths following article can just help you:
Web Application Monitoring with System Center Operations Manager
If the Web Application requires credentials to be displayed, here is how to configure it:
Log on to the computer with an account that is a member of the Operations Manager Authors role for the Operations Manager 2007 Management Group
In the Operations Console, click the Authoring button
Expand Management Pack Templates and click Web Application and select Web Application Monitor that should be modified
In the Actions pane on the right side, select Edit web application settings
On the Web Application Editor page click Configure settings
In the Select Authentication Settings select the same Authentication Methodas is being used by the Web Application you’re monitoring. For SharePoint sites using Active Directory this is normally NTLM
Set the User Account to one of you previously defined Run As Accounts and click OK and Apply
If you haven’t yet defined an account to test your Web Site, you can create one in the Administration part of the Operations Console. The accounts are defined in the Security section
That’s it. The web site is now being monitored using the credentials defined for the Run As Account
TechNet Community Support
mercoledì 13 giugno 2012 05:19
Thanks for your answer. However, you're proposing to use the "old" way (in fact, in SCOM 2012 authoring section there's no Management Pack Templates > Web Application (instead, there are two options: Application Availability monitoring and Application Transaction Monitoring).
So, my question is, having in account these differences, how can I use the new method (that allows to check the response time from different locations) to "ping" a web server that requests authentication.
Anyhow, thanks for your interest in answering!.
martedì 26 giugno 2012 17:39
What version of SCOM are you using? We are using 7.0.8560.0 and it shows, "Web Application Availability Monitoring" and "Web Application Transaction Monitoring." I am trying to set this up too so I will post back if Yog Li's information is correct.
EDIT: I am getting the same error as you Roberto. There is no way to put in credentials to monitor applications that require authentication that I can see.
- Modificato hhancock martedì 26 giugno 2012 17:57
martedì 26 giugno 2012 18:30Moderatore
They are not really an "old" way and a "new" way - they are 2 different ways of monitoring:
Monitor the availability of one or more web application URLs and run these monitoring tests from internal locations.
Monitor the availability, operation, and performance of a web application.
martedì 26 giugno 2012 19:00I still receive a 401 error when using Web Application Transaction Monitoring. I need to be able to test against authentication.
martedì 26 giugno 2012 19:07Moderatore
Have you followed the steps in the links I gave from your other post? These might also help.
Specifies the authentication method to use for the website. If no authentication is required, select None.
The Run As account to use for authenticating on the site. Only existing accounts that match the selected authentication method are listed. For more information about Run As accounts, see Managing Run As Accounts and Profiles.
mercoledì 27 giugno 2012 05:29
We're using also 7.0.8560.0. As far as we have arrived:
As Graham said, there is not an old and new ways, in fact old meant "existing already in SCOM 2007 R2" and "new" meant "new in SCOM 2012".
Looks like only with the Web Application Transaction is quite more complex as it allows you to record a whole transaction to your particular application. It should allow you to manage any kind of http response from the server. However, tests are performerd internally so the network details are lost in translation.
Web Application Availability Monitoring, on the other hand, seems to be quite lighter as you can just specify one or more URL and not whole conversations. The benefits are that you can run the tests from any machine with an agent installed, thus the tests are quite more realistic as they mimic a real client request. However, we have not found the way to specify authentication information in the request so it is only useful on non-authenticated sites.
Using common sense, an http ping is not be very useful on an enterprise intranet environment if you cannot handle authentication, so I guess this option is only meant for internet or non-authenticated applications. doh.
- Modificato Roberto MD mercoledì 27 giugno 2012 06:03
mercoledì 27 giugno 2012 07:24Moderatore
The web application availability monitoring allows you to plug into what is now known as "Global Service Monitoring" - this is the way things are heading with the next version of SCOM:
The link that Yogi giives - http://sharepointnotes.wordpress.com/2008/03/17/web-application-monitoring-with-system-center-operations-manager/ - runs through using Web Application Transaction Monitoring and configuring authentication although the name has changed from Web Application in the Authoring, Management Pack templates list.
The APM monitoring gives a "from the inside" view of both server side and client side activity of a .Net Application:
mercoledì 27 giugno 2012 13:21
I got it to work using Web Application Transaction Monitoring. What wasn't clear is that you have to create the Web Application Transaction Monitor then go into that specific monitor and edit the Web Application properties. I've attached a screenshot that shows how you do this.
- Contrassegnato come risposta Yog LiModerator lunedì 9 luglio 2012 03:23
mercoledì 27 giugno 2012 13:24Moderatore
You don't have to create the monitor first - when running through the wizard, When you get to the Summary page, you'll see a checkbox at the bottom of the screen for "Configure Advance Montoring or record a browser session". You need to check that box which will bring up thw web application editor for you to do the advanced configuration.
mercoledì 27 giugno 2012 14:01
Well, checking that box simply takes you to the "Web Application Settings" page AFTER the monitor has been created. The wizard doesn't explicty allow you to adjust authentication while creating the monitor.
venerdì 10 maggio 2013 16:58
It looks like new Web Application Availability Monitoring uses the Action Account of the system that is monitoring the web application. I have a monitor setup using one of my Management Servers, with an Action Account configured with a domain user account. The site I am monitoring requires Windows authentication. When the management server hits the site, I can see in the IIS logs that it is using the Action Account (domain user account) to authenticate, which I granted permissions to the site.
UPDATE: Now I am not so sure about this. I tried to add another monitoring agent (Management Server) to a web application, but it isn't not behaving the same as the management server that is working. The second server is not sending the Default Action Account credentials. It is only trying to anonymous on the website, which is failing. I am using the same Action Account on the second management server as the first. The account has all of the necessary permissions on the management server and target web site.
- Modificato Brandon.M lunedì 13 maggio 2013 18:28