locked
New Active Directory 6.0.7695.1 Known Issue RRS feed

  • Question

  • I just opened the new documentation for Microsoft Active Directory MP version 6.0.7695.1.  I wanted to see if they had fixed the previous Known Issue for domain controllers in Maintenance Mode.  To my surprise, they just cut and pasted the same text from the previous document:

    If users are getting the alerts from the following replication monitoring rules for domain controllers in maintenance mode, it is a known issue. The workaround is to resolve these alerts when domain controllers are out of maintenance mode. 

    How disappointing.  I guess that is why this is just a .1 revision.  The "AD Replication is occurring slowly" is the most common alert report in my Data Warehouse even though my DC is in maintenance mode.  Anyone come up with a better workaround?

    Tuesday, October 11, 2011 5:36 PM

Answers

  • due to nature of this script workaround requires whole MP redesign and redeveloping.

    if you are familiar with AD replication and what SCOM does to measure its latency you will understand this.

    see.

    each agent creates LDAP entry xxx\ServerName(do not remember by heart) and periodically touches it.  This change requires AD replication to occur.

    Also agent verifies LastModified time of all LDAP records created by SCOM agents. If  one of the records has old LastModified , then the agent will alert.

    What happens when you set MM on one Dc? The agent just stops updating LDAP record. So all remote agents treat this as issue with replication.

     

    what could be done? On each new MM we need to notify all DC agents do not measure latency for agent in MM mode. How? Remote agent can't get this info other means that talk to SCOM SDK.(this requires whole MP redesign and redevelopment - too expensive.). Alternatively we can do Like Exchange 2010 does - create windows service which can talk with SCOM SDK and correlate events. Service will be watching on each new MM for DC and notify all remote agent to exclude agent in MM of concideration when checking replication latency (too expensive, requires heavy development).

    Option 3. Create PoSh script which automatically closes these alerts if respective DC is in MM.


    Tuesday, October 11, 2011 6:32 PM
  • Good explanation Pavel!

    This release primarily is a patch release to address the highest support causing bugs (MM has a workaround, so is not included in this release), and make the changes so that the issue in the old MP where most monitoring rules could not possibly work was corrected.

    In Pavel's option 3, an orchestrator job could be made to do this.  For the AD MP, it may be a broken case to expect an MP to alert when a replication partner is slow.


    Microsoft Corporation
    • Marked as answer by Nicholas Li Tuesday, October 25, 2011 8:31 AM
    Tuesday, October 11, 2011 9:34 PM
  • Same here, Kudos to Pavel!

    By the way, I would not expect that anybody would want a dc to be in maintenance mode for long.

    GUessing the only ways around it is to either script around it as Pavel and Dan suggest or to take the box out of MM.


    Bob Cornelissen - BICTT (My BICTT Blog) - Microsoft Community Contributor 2011 Recipient
    • Marked as answer by Nicholas Li Tuesday, October 25, 2011 8:31 AM
    Wednesday, October 12, 2011 6:11 AM

All replies

  • due to nature of this script workaround requires whole MP redesign and redeveloping.

    if you are familiar with AD replication and what SCOM does to measure its latency you will understand this.

    see.

    each agent creates LDAP entry xxx\ServerName(do not remember by heart) and periodically touches it.  This change requires AD replication to occur.

    Also agent verifies LastModified time of all LDAP records created by SCOM agents. If  one of the records has old LastModified , then the agent will alert.

    What happens when you set MM on one Dc? The agent just stops updating LDAP record. So all remote agents treat this as issue with replication.

     

    what could be done? On each new MM we need to notify all DC agents do not measure latency for agent in MM mode. How? Remote agent can't get this info other means that talk to SCOM SDK.(this requires whole MP redesign and redevelopment - too expensive.). Alternatively we can do Like Exchange 2010 does - create windows service which can talk with SCOM SDK and correlate events. Service will be watching on each new MM for DC and notify all remote agent to exclude agent in MM of concideration when checking replication latency (too expensive, requires heavy development).

    Option 3. Create PoSh script which automatically closes these alerts if respective DC is in MM.


    Tuesday, October 11, 2011 6:32 PM
  • Good explanation Pavel!

    This release primarily is a patch release to address the highest support causing bugs (MM has a workaround, so is not included in this release), and make the changes so that the issue in the old MP where most monitoring rules could not possibly work was corrected.

    In Pavel's option 3, an orchestrator job could be made to do this.  For the AD MP, it may be a broken case to expect an MP to alert when a replication partner is slow.


    Microsoft Corporation
    • Marked as answer by Nicholas Li Tuesday, October 25, 2011 8:31 AM
    Tuesday, October 11, 2011 9:34 PM
  • Same here, Kudos to Pavel!

    By the way, I would not expect that anybody would want a dc to be in maintenance mode for long.

    GUessing the only ways around it is to either script around it as Pavel and Dan suggest or to take the box out of MM.


    Bob Cornelissen - BICTT (My BICTT Blog) - Microsoft Community Contributor 2011 Recipient
    • Marked as answer by Nicholas Li Tuesday, October 25, 2011 8:31 AM
    Wednesday, October 12, 2011 6:11 AM
  • I just opened the new documentation for Microsoft Active Directory MP version 6.0.7695.1.  I wanted to see if they had fixed the previous Known Issue for domain controllers in Maintenance Mode.  To my surprise, they just cut and pasted the same text from the previous document:

    If users are getting the alerts from the following replication monitoring rules for domain controllers in maintenance mode, it is a known issue. The workaround is to resolve these alerts when domain controllers are out of maintenance mode. 

    How disappointing.  I guess that is why this is just a .1 revision.  The "AD Replication is occurring slowly" is the most common alert report in my Data Warehouse even though my DC is in maintenance mode.  Anyone come up with a better workaround?


    A workaround to reduce the number of alerts would be to change the frequency of this tests. Default it runs every 15 mins, we put it on every 4 hours! Simply bc MM makes things worse (we had sometimes 200k alerts in the opsdb, only bc they were autoclosed by mm instead of a few alert with a high repeat count, apperently this is removed bc the repeat count is better but now the alert shows up again).

    I'd still like MS to create a totally new design of the AD mp instead of keep updating a mom 2000 mp... make a SCOM mp (so not a "computer based" design, but just by creating replication link objects etc).


    Rob Korving
    http://jama00.wordpress.com/
    • Edited by rob1974 Friday, November 11, 2011 1:11 PM
    Friday, November 11, 2011 12:16 PM