Get Operations Manager Warnings Alerts to reflect the correct URL (computername rather than LocalHost)
-
2010년 8월 30일 월요일 오후 9:32
Hi,
We get Operations Manager Alerts sent to a communal IT email box. However the URL in the messages is always pointing to http://localhost/reportserver:
Severity: Warning
Status: New
Source: Microsoft Forefront Client Security Threat ID = 2147637651
Name: Computer Infected - Successful Response (Alert Level 5)
Description: Client Security has detected and successfully responded to the following threat:
- Threat name: Trojan:Win32/Opachki.C
- Performed action: Remove
To investigate and resolve this incident:
1. Review the security status of the computer that was infected. Consult the Computer Detail report:
http://localhost/ReportServer?/Microsoft%20Operations%20Manager%20Reporting/Microsoft%20Forefront%
2. Learn more about the threat and its mitigation. Consult the Microsoft Malicious Software Encyclopedia:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Opachki.C
3. Identify other computers infected with this malware. Consult the Malware Detail Report:
http://localhost/ReportServer?/
>>>How can I get it to point to the forefront server's actual computername so these can be opened from any computer and not just the forefront server (or without manually substituting the forefront server name for localhost)? I looked in notifications on the admin console and in the global setting but don't see where I can change this.
모든 응답
-
2010년 9월 3일 금요일 오후 1:30중재자
Hello Donia,
In the spirit of trying the easiest things first, can you re-run the Configuration Wizard on the management server and ensure that the URLs specified there are server names and not localhost? Here are the steps: http://technet.microsoft.com/en-us/library/bb404215.aspx, you will likely need to do step #3 to launch the wizard. You should be able to generated test alerts by detecting the EICAR test file at www.eicar.org on a test client at that alert level.
If that doesn't work, perhaps you can run the following query against the Collection Database to see if the URLs are incorrect for reportServerVRoot or webApplicationVRoot?
Select
* from OnePoint.dbo.ReportingSettings
Thanks,
Craig
Forefront Client Security Support -
2010년 9월 3일 금요일 오후 3:11
Thanks Craig--those were both great suggestions! There is still no change in the emails, though.
I reran the config wizard and noted the report URLs do show the actual forefront computername, rather than "localhost" I then opened an Eicar.txt file and looked to see the email that would result. (It showed "localhost" rather than the computername, as below):
To investigate and resolve this incident:
1. Review the security status of the computer that was infected. Consult the Computer Detail report:
http://localhost/ReportServer?/
>>>I then ran the query against OnePoint, and rather than localhost it also shows the correct computername path for ReportServerVRoot (http://FOREFRONTCOMPUTERNAME//ReportServer) and WebApplicationVRoot (http://FOREFRONTCOMPUTERNAME//Reports/Pages/Folder.aspx?ItemPath=%)
It still annoyingly shows localhost everywhere in the email rather than the forefront computername.
Thanks for your help!
.png)
