locked
Exchange & System Center 2007 R2 RRS feed

  • Question

  • I'm running into the following error (below) that I'm having difficulty finding a solution. Any help would be greatly appreciated, thank you.



    Node: confi.dential.com
    Summary: Workflow Initialization: Failed to start a workflow that runs a process or script - Data was found in the output
    Description: Data was found in the output
    First Occurrence: 06/05/2013 16:53
    Last Occurrence: 06/05/2013 16:54
    Customer: Confidential
    Manager: scom2007r2
    Severity: Warning



    ________________



    Log Name: Operations Manager
    Source: Health Service Modules
    Date: 6/5/2013 4:53:40 PM
    Event ID: 21414
    Task Category: None
    Level: Warning
    Keywords: Classic
    User: N/A
    Computer: confi.dential.com
    Description:
    Data was found in the output, but has been dropped because the Event Policy for the process started at 4:52:59 PM has detected errors. The 'StdErr' policy expression:
    \a+
    matched the following output:
    Get-EventLog : No matches found
    At C:\Program Files\System Center Operations Manager 2007\Health Service State\
    Monitoring Host Temporary Files 345\7130\CITSLibrary.ps1:622 char:40
    + $msftesqlCrashes = get-eventlog <<<< -computername $Server -after $S
    tartTime -logname "Application" -source $msftesqlServiceName | where {$_.eventI
    d -eq $msftesqlCrashEventId}
    + CategoryInfo : ObjectNotFound: (:) [Get-EventLog], ArgumentExce 
    ption
    + FullyQualifiedErrorId : GetEventLogNoEn 

    Command executed: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "& '.\ExecuteDiagnosticScript.ps1' -MonitoringDataSource 'MSExchange Monitoring Troubleshoot-CI' -MaxStartDelaySeconds '15' -DiagnosticScriptName '.\Troubleshoot-CI.ps1' -DiagnosticScriptArguments '-Action DetectAndResolve -MonitoringContext'"
    Working Directory: C:\Program Files\System Center Operations Manager 2007\Health Service State\Monitoring Host Temporary Files 345\7130\ 

    One or more workflows were affected by this. 

    Workflow name: _10A0B117_F8F9_44ae_BAB4_D3135C88F7AD_ 
    Instance name: Mailbox Monitoring - confi.dential.com (Mailbox) - Default-First-Site-Name 
    Instance ID: {4D6E849C-778E-0F52-FDAE-7D146BAA924F} 
    Management group: SCOMMGMT
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Health Service Modules" />
    <EventID Qualifiers="49152">21414</EventID>
    <Level>3</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-06-05T20:53:40.000000000Z" />
    <EventRecordID>371537</EventRecordID>
    <Channel>Operations Manager</Channel>
    <Computer>confi.dential.com</Computer>
    <Security />
    </System>
    <EventData>
    <Data>SCOMMGMT</Data>
    <Data>_10A0B117_F8F9_44ae_BAB4_D3135C88F7AD_</Data>
    <Data>Mailbox Monitoring - confi.dential.com (Mailbox) - Default-First-Site-Name</Data>
    <Data>{4D6E849C-778E-0F52-FDAE-7D146BAA924F}</Data>
    <Data>4:52:59 PM</Data>
    <Data>"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "&amp; '.\ExecuteDiagnosticScript.ps1' -MonitoringDataSource 'MSExchange Monitoring Troubleshoot-CI' -MaxStartDelaySeconds '15' -DiagnosticScriptName '.\Troubleshoot-CI.ps1' -DiagnosticScriptArguments '-Action DetectAndResolve -MonitoringContext'"</Data>
    <Data>C:\Program Files\System Center Operations Manager 2007\Health Service State\Monitoring Host Temporary Files 345\7130\</Data>
    <Data>System.PropertyBagData</Data>
    <Data>10800</Data>
    <Data>0x1 : Incorrect function.
    </Data>
    <Data>10</Data>
    <Data>5</Data>
    <Data>StdErr</Data>
    <Data>\a+</Data>
    <Data>Get-EventLog : No matches found
    At C:\Program Files\System Center Operations Manager 2007\Health Service State\
    Monitoring Host Temporary Files 345\7130\CITSLibrary.ps1:622 char:40
    + $msftesqlCrashes = get-eventlog &lt;&lt;&lt;&lt; -computername $Server -after $S
    tartTime -logname "Application" -source $msftesqlServiceName | where {$_.eventI
    d -eq $msftesqlCrashEventId}
    + CategoryInfo : ObjectNotFound: (:) [Get-EventLog], ArgumentExce 
    ption
    + FullyQualifiedErrorId : GetEventLogNoEn</Data>
    </EventData>
    </Event>

    Monday, June 10, 2013 3:34 PM

All replies

  • Hi,

    Any antivirus running on the agent?


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Monday, June 10, 2013 6:16 PM
  • Good afternoon,

    Yes sir we have Symantec Endpoint Protection 12.1.2015.2015 running.  I'm somewhat new with managing a SCOM environment so (to me) the error is a little tricky to decipher.  The Exchange server it's running on is Exchange 2010 SP2 with Update Rollup 3 sitting on a 2008 R2 Enterprise virtual server if that matters at all.

    Monday, June 10, 2013 6:32 PM
  • Hi,

    Recommendations for antivirus exclusions that relate to Operations Manager

    http://support.microsoft.com/kb/975931?wa=wsignin1.0


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Monday, June 10, 2013 7:32 PM
  • Good Afternoon,

    Yes I have had all of those exclusions defined so Symantec EP should be leaving it alone.   

    -C:\Program Files\System Center Operations manager 2007\Health Service State\*

    --Which is the queue and log files that are used by Operations Manager

     

    -L:\Log Files\*

    --The log files for the Exchange databases

     

    -M:\Mailbox|*

    --This is where the mailbox databases are stored

     

    -M:\Public Folders\*

    --This is where the public folder databases live


    Monday, June 10, 2013 8:13 PM