locked
SCOM AD Topology RRS feed

  • Question

  • Hi,

    I have a fresh installation of SCOM r2  with CU3 update  . I have imported latest AD MP for monitoring my windows 2008 domain controllers as per ADMP guide. All agents are showing healthy after installation But AD topology views and AD topology root in distributed application remain in unmonitored state. I could see all the related monitors and discoveries as enabled. I am also getting following alert...

    1. AD Replication Partner Op Master Consistency : The script 'AD Replication Partner Op Master Consistency' failed to get the fSMORoleOwner for <DC Name>The error returned was '' (0x80020009)

    2.AD Replication Partner Op Master Consistency : Unable to determine infrastructure Op Master on domain controller <DC Name>.

     

    Any immediate help appreciated


    Friday, January 21, 2011 8:12 PM

Answers

  • Voting won't have much impact - the DCR is filed, and has been closed as won't fix any time soon.  You might want to take the argument over to the AD forum.  If the PG sees the noise (they don't look here) they may change their mind.

    The concensus on the forums is to disable the discovery for replication partners if you don't like the noise levels.

     


    Microsoft Corporation
    • Marked as answer by Yog Li Tuesday, February 1, 2011 9:47 AM
    Tuesday, January 25, 2011 4:24 PM

All replies

  • Hi,

    I have a fresh installation of SCOM r2  with CU3 update  . I have imported latest AD MP for monitoring my windows 2008 domain controllers as per ADMP guide. All agents are showing healthy after installation But AD topology views and AD topology root in distributed application remain in unmonitored state. I could see all the related monitors and discoveries as enabled. I am also getting following alert...

    1. AD Replication Partner Op Master Consistency : The script 'AD Replication Partner Op Master Consistency' failed to get the fSMORoleOwner for <DC Name>The error returned was '' (0x80020009)

    2.AD Replication Partner Op Master Consistency : Unable to determine infrastructure Op Master on domain controller <DC Name>.

     

    Any immediate help appreciated

     


    in fact FSMO roles are showing consistent with "netdom query fsmo" commend  from all DCs  
    Friday, January 21, 2011 8:20 PM
  • Hi

    First off, I'd check permissions - did you install the agent to run as local system? If so, have you run HSLockdown to allow Local System the required permissions:

    http://thoughtsonopsmgr.blogspot.com/2009/09/hslockdown-explained.html

    You can also get these errors from replication partners if one of the DCs is down although you do state that all DCs are fine. Might be worth a double check though.

    Cheers

    Graham


    View OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/
    Friday, January 21, 2011 8:28 PM
  • Thanks for Responce,

     

    I have already done this on all DCs and now "hslockdown /A "NT Authority\Syst" output shows as below


    C:\Windows\system32>hslockdown /A "NT Authority\Syst

    [OperationTeam] NT Authority\System allowed.
    Management Group [OperationTeam]
    Allowed:
        NT AUTHORITY\SYSTEM
        NT AUTHORITY\Authenticated Users
    Denied:

     

    I have also done following settings

    Agent proxying Enabled on both RMS and DCs

    health service running under local system account and a domain admin account assigned to "AD MP account "Profile.

     

    I suspect Some AD MP related discoveries targeted to RMS are not working (Not sure and I am new to SCOM)...

    Friday, January 21, 2011 8:44 PM
  • The failures you are getting are unrelated to the topology discovery.

    The topology discovery runs from the RMS only. Topology discovery only works when the rms is the same forest or there's a forest trust in place. (http://jama00.wordpress.com/2010/01/26/monitoring-multiple-active-directory-forests-without-a-trust/ the discoveries are in the screenshot)

     

    This is a crappy feature and a leftover from the converted mom2005 (mom2000 actually) mp. MS should update this as well as the errors you are getting. Checking every minute if all replication partners of a particular DC is consistent is complete BS.

    Vote for my complete redesign of the AD mp on connect.microsoft.com because it's an utterly crap mp for such an important ms role.

     


    Rob Korving
    http://jama00.wordpress.com/
    Tuesday, January 25, 2011 3:29 PM
  • Voting won't have much impact - the DCR is filed, and has been closed as won't fix any time soon.  You might want to take the argument over to the AD forum.  If the PG sees the noise (they don't look here) they may change their mind.

    The concensus on the forums is to disable the discovery for replication partners if you don't like the noise levels.

     


    Microsoft Corporation
    • Marked as answer by Yog Li Tuesday, February 1, 2011 9:47 AM
    Tuesday, January 25, 2011 4:24 PM
  • great, this is priority number 1 for me. I don't care about a vnext with new features, just a vnext without many bugs and performance issues. And a large part of the performance issues are coming from mp's written by Microsoft as they never really wrote one for SCOM but used the upgraded mom2005 ones.

    edit: I just checked and it hasn't been closed, so please vote!!! also it wouldn't make sense to do as MS is always proud about the good object model for SCOM monitoring and loads of mp's by microsoft don't use this functionality at all, instead they still make use of the computer based monitoring. AD is a perfect example of this and goes a lot further than just those alerts that create noise!

     


    Rob Korving
    http://jama00.wordpress.com/

    • Marked as answer by Yog Li Tuesday, February 1, 2011 9:47 AM
    • Unmarked as answer by Yog Li Tuesday, February 1, 2011 9:48 AM
    Wednesday, January 26, 2011 8:21 AM
  • btw, if i need to take this to the AD pg, why the f*** did ms create a connect site to provide feedback about mp's. Just to keep us happy so we can be ignored a little bit longer? (i know how big compagnies work, i work at one, but like my customers i'll treat MS as 1 compagny, not 2000 divisions)
    Rob Korving
    http://jama00.wordpress.com/
    Wednesday, January 26, 2011 10:52 AM