MOM Essentials 6 – Managing the Enterprise Part 1 Gordon McKenna MOM – MVP

Monitoring Active Directory

Agenda

Why Monitor Active Directory

Brief Intro to MOM 2005

Overview of the Active Directory MP

– Client Side Monitoring

– Replication Monitoring

Summary/Best Practices

Whitepapers, Install Guides, and other Resources

Why Monitor Active Directory?

Like any distributed systems, unexpected problems happen

–Hardware failures

–Low disk space

–Network connectivity issues

–User configuration error

– Name Resolution

– Sites and subnet configuration

–Errant applications overloading DCs

Why Monitor Active Directory?

Problems with Active Directory can be disruptive if left unresolved

– Slow login/login failures/password issues

– Group Policy problems

– Resource access problems

– Exchange e-mail

– Replication issues can lead to security related issues

Why Monitor Active Directory?

Problems are often easy to fix when detected early

Proactively fix before it is escalated to help desk

Lower TCO: Save yourself time and your company $$$

Maintain high directory availability

When To Monitor

Plan your monitoring solution before deploying Active Directory

Lab test your monitoring solution before deploying Active Directory

Monitor simultaneously with first DC deployment

Pause new DC deployment if monitoring detects problems OR your monitoring solution fails

Continue monitoring post deployment

Effective Monitoring

All production deployments need effective forest-wide Active Directory monitoring

You cannot do your job effectively with out it

Ad-hoc monitoring solutions are not enough

How much time are you willing to spend building your own monitoring solution?

– Active Directory management pack took multiple man-years

– Don’t forget AD’s dependencies: Windows OS, DNS, Group Policy, etc…

Agenda

Why Monitor Active Directory

Brief Intro to MOM 2005

Overview of the Active Directory MP

– Client Side Monitoring

– Replication Monitoring

Summary\Best Practices

Whitepapers, Install Guides, and other Resources

MOM Architectural OverviewKey Terms

Data sources

– Events: Windows, application, WMI, service change, SNMP traps, timed events, missing events, UNIX syslogs…

– Performance data: Used for graphs, reports and to set thresholds

Alerts

– MOMs indication of a particular issue What operators see first

– Based on events, performance thresholds, or script output

– Requires action from operator

Response

– Reaction to an alert (send e-mail, page, run script)

Management Pack (MP)

– Set of Processing Rules to monitor applications

– Supporting views and reports

MOM 2005 Architecture

Reporting Server

– SQL Reporting Services

MOM 2005 Database

– Data aggregation

– Knowledge – management packs

– Configuration data

MOM 2005 Server

– Database access

– Consolidator

– Agent manager

– User interfaces

– Agentless monitoring

MOM 2005 Agents

– Local monitoring

– Local management

– Encrypted Communications

DB

Reporting Reporting ServerServer

ReportingReporting

AgentsAgentsAgentsAgents

Ops ConsoleOps ConsoleAdmin ConsoleAdmin ConsoleWeb ConsoleWeb Console

MOMMOM ServerServer

ConsolesConsoles View Alerts/Server StateView Alerts/Server State

condition requiring condition requiring intervention intervention execute tasks execute tasks topological views topological views service level exceptions service level exceptions

OperatorOperatorConsoleConsole

SQL Reporting ServicesSQL Reporting Services

Internet Internet InformatioInformatio

nnServerServer

HTTPHTTP

AdministratorAdministratorConsoleConsole

ExamplesExamples Server Availability Server Availability Operational Health Operational Health Performance TrendingPerformance Trending

System Center System Center Reporting Reporting

ServerServer

MOM 2005MOM 2005 ServerServer

AgentsAgents AgentsAgents

WebWebConsoleConsole

MOM – Operator Perspective

What's new for management packs with MOM 2005?

State Monitoring– Live “at a glance” health view by role

Topology– Display relationships between servers

Reports – use SQL Server Reporting Services

– System Center Reporting Server

Tasks– Ad hoc diagnosis and resolution

Improved Product Knowledge

Alerts View / State View

Alerts View

Alert Ticket

Manually resolved

State View

Dynamic

Role-based

Component Details

MOM 2005 Introduction:• Topology View

• Alert View

• Product Knowledge

• Tasks

Demo

Agenda

Why Monitor Active Directory

Brief Intro to MOM 2005

Overview of the Active Directory MP

– Client Side Monitoring

– Replication Monitoring

Summary\Best Practices

Whitepapers, Install Guides, and other Resources

AD MP Design Goals

Customers will receive a very small # of highly relevant alerts identifying the “root cause” wherever possible

Very little configuration necessary Usable “out-of-the-box” for very large Active Directory deployments

Full end-to-end health monitoring for every Active Directory component Excellent Active Directory health definition

Easily customizable for very sophisticated implementations

AD MP Features

Monitors all aspects of Active Directory health

– Performance and availability

– Not a security management pack (e.g. auditing)

Monitors availability of all processes that are vital to the health of Active Directory

– NetLogon, FRS, ISM, W32Time, KDC

Collects key performance data

Reports on service availability, performance, and trending

End-to-end replication validation in accordance with your SLAs

Centralized monitoring console to collect all events that can adversely affect Active Directory

AD MP Features

Supports all Windows 2000 Server and Windows Server 2003 features

Utilizes WMI providers to monitor replication partner health and *Trust relationships (*Windows Server 2003 only)

All scripts provide simple clear messages

Quiet with a very low # of highly relevant alerts (OK for pagers)

Client pack for client-side monitoring

Extensive product knowledge

Globalization support

Active Directory Event Monitoring

Over 400 rulesDC Locator

DIT corruption

GC

ISM

KCC

KDC

NetLogon

Replication

Security Accounts Manager (SAM) errors

Site links

Sysvol

UserEnv

W32Time

These rules do the deep dive into the These rules do the deep dive into the internal health of the AD!internal health of the AD!

New in AD MP for MOM2005State View

– Server health (Time, Netlogon, FRS, ISM, KDC)

– AD Service health

– Replication (Inbound connection objects)

– Client view monitoring

Topology Views

– Site Links (Site Site)

– Connection Objects (DC DC)

– Broken Connection Objects (red DC DC)

Client Monitoring Enhancements

New Reports

Product Knowledge

– More than twice the volume know AD management pack knowledge compared to MOM 2000 SP1.

Active Directory State MonitoringState monitoring Active Directory:At a glance view of AD health

Client View Replication Health

Server Health Service Health

ComponentsComponents

Active Directory RoleActive Directory Role

Can clients connect within thresholds?

Client connectivity– Can clients connect to PDC, GCs

– Is Active Directory responsive to clients

Checks for:– Serverless bind. (Can it contact a DC and is it in a local site)

– PDC Available

– Minimum # of GC’s available

– Are the targeted DCs available\responsive

Is replication healthy?

Replication health

– Is each DC configured properly

– Are all DC’s replicating

– Is replication occurring in a timely fashion (SLA)

– Has initial replication completed in the last 24hours (configurable)

Checks for:

– End-to-end replication via change injection

– Health of inbound connection objects

– Appropriate # of replication partners

– Site islands

– Slow replication

Are all of the required services available?

Are the services on each DC healthy?– Active Directory service

– Processes that are vital to the health of AD

– Database growth and log file free space

Checks for:– Health of LSASS, Knowledge Consistency Checker (KCC), Userenv

– State of NetLogon, FRS, Intersite Messaging Service (ISM), W32Time, Kerberos Distribution Center (KDC)

– Name resolution\DC locator

– Is SYSVOL accessible

Is the Active Directory service available?

Service Availability– Are the necessary FSMO role holders responsive

– Is the Active Directory service responsive

– Can clients connect to the directory

Checks for:– Serverless bind threshold

– GC Search Time

– Lost object count

– Availability of LDAP and crucial roles (PDC, DC, GCs, etc)

– Name resolution\DC locator

– Client pack tests

Active Directory Topology Views

Three different topology views:

–Sites and site links

–Connection Objects

–Broken Connection Objects

Detailed tool tips

–Subnet configuration details, link cost, replication interval, transport type, consecutive failures, partition names

Topology View Example: Site and Site Links

Servers show with health state

Servers annotated for role (e.g. GC)

Site links shown

Tool tips shown with details for site links, sites and computers

Reports – Which And Why?

Current configuration– Domain Controller Report

– Active Directory Operation Masters

– Replication Site Links

– Replication Connection Objects

Diagnostics & Trending– Replication Latency

– Domain Controller Disk space

– Active Directory Domain Changes

– Computer Account Authentication Failures

Agenda

Why Monitor Active Directory

Brief Intro to MOM 2005

Overview of the Active Directory MP

– Client Side Monitoring

– Configuring Replication Monitoring

Summary/Best Practices

Whitepapers, Install Guides, and other Resources

Monitoring Service Level

Server health is important but doesn’t catch all problems

Clients can commonly experience issues even though servers are healthy

IT departments need to verify they are meeting their commitments to management

– Replication is occurring quickly (replication SLA)

– Client logins are quick

– E-Mail is available (Address Book)

Client Side Monitoring

“How do I really know AD is working properly for my customers who rely on it?”

redmond.fabricam.comredmond.fabricam.com

Exchange Exchange UserUser

ExchangeExchange

DC1DC1

DC2DC2

MOMMOM

DC3DC3 DC4DC4

phoenix.fabricam.comphoenix.fabricam.com

E-Mail is slow!

Everything is fine!

Help DeskHelp Desk

WHY ?WHY ?

Client Side Monitoring

Ensures AD is available for Exchangeand other directory-enabled applications at the application server

Tests all necessary AD interfaces– ICMP and LDAP ping

–LDAP bind and sub-search

Very granular control– (Automatically targets local site)

–List of domains, sites, computers

– + specific computers

–Text file

– Turn auto discovery off

Client Side Monitoring

Very WAN efficient

Can be placed near/on the application server of interest

Can run on any server which is running a MOM agent

Trends key LDAP perf indicators

“Closes the loop” by providing MOM the client’s perspective of Active Directory health

redmond.fabricam.comredmond.fabricam.com

ExchangeExchange

DC1DC1

DC2DC2

MOMMOMDC3DC3 DC4DC4

phoenix.fabricam.comphoenix.fabricam.com

CPCPAlert:Alert: Client is going to out of site DC

Alert:Alert: Server response time exceeded limits

DC3DC3 DC4DC4

phoenix.fabricam.comphoenix.fabricam.com

MOMMOM

redmond.fabricam.comredmond.fabricam.com

ExchangeExchange

DC1DC1

DC2DC2

CPCP

No impact to existing No impact to existing generic app servergeneric app server

Both boxes sit next to Both boxes sit next to each othereach other

Separate administrationSeparate administration

Client Monitoring ConfigurationAdd computers to “Active Directory Client Side Monitoring” computer group

Demo

Agenda

Why Monitor Active Directory

Brief Intro to MOM 2005

Overview of the Active Directory MP

– Client Side Monitoring

– Replication Monitoring

Summary/Best Practices

Whitepapers, Install Guides, and other Resources

Replication Monitoring

AD management pack creates new container:CN=MomLatencyMonitors

Periodic scripts adds timestamps for monitoring replication latency

Separate maximum replication time thresholds for

– Intrasite monitoring

– Intersite monitoring

Specify Computers for Replication Monitoring

Source DCsSource DCs

Target DCsTarget DCs

Source and target computers specified through computer Source and target computers specified through computer groups (a computer can be both a source and target)groups (a computer can be both a source and target)

Replication Latency Configuration

Demo

Replication Latency Configuration

Add computers to computer groups:

Active Directory Replication Latency Data Collection – Sources

Active Directory Replication Latency Data Collection – Targets

pecify the maximum replication latency in the rule:

Script - AD Replication Monitoring

Agenda

Why Monitor Active Directory

Brief Intro to MOM 2005

Overview of the Active Directory MP

– Client Side Monitoring

– Replication Monitoring

Summary/Best Practices

Whitepapers, Install Guides, and other Resources

MOM/AD Best Practices

Push out agents and rules incrementally (Initial deployment)

Be wary of monitoring auditing rules (disabled by default)

Size your MOM architecture

–Fast disk, RAM, and CPU all necessary

–Use upcoming MOM 2005 performance and sizing guide

Groom data aggressively from MOM database

MOM/AD Best Practices (2)

MOM Action Account should be in root domain

Always use MOM MP to manage MOM

Use management packs AD depends on:

– Windows Base OS

– Group Policy

– DNS

Review most common alerts\events

– Weekly review most common alerts/events report

Baseline your implementation

– Adjust thresholds with this data as necessary

Summary

Effective forest-wide monitoring is a must

Monitor during and after Active Directory deployment

Get the full picture – use the Client Pack

Deploy the MOM + AD MP and keep Active Directory healthy

Resources

AD Management Pack Users Guide– Installation, configuration, and best-practices

operations information

– Specific support for large branch office scenarios and extremely low-bandwidth wan links

– MOM 2005: http://www.microsoft.com/technet/prodtechnol/mom/mom2005/maintain/admpguideformom2005.mspx

AD Management Pack Technical Reference Guide– Typical scenarios that the AD MP was designed to monitor

– How ADMP defines “health” for AD components

– MOM 2005: http://www.microsoft.com/technet/prodtechnol/mom/mom2005/maintain/dirmgmtpackmom.mspx

Managing Windows Servers

Agenda

Why Monitor Windows Servers

Overview of the Windows Base O/s MP

– Capacity monitoring

– Performance Monitoring

Overview of Hardware Management Packs

– Capacity monitoring

– Performance Monitoring

Summary/Best Practices

Whitepapers, Install Guides, and other Resources

Why Monitor Windows Servers?

Windows Server O/s is crucial to the Health of the AD–Performance monitoring

–Storage Monitoring

–Health Checking

–Status Checking

–Security Checking

Hardware critical to health of Windows Base O/s–Component monitoring

–Peripheral Monitoring

–Capacity Monitoring

Agenda

Why Monitor Windows Servers

Overview of the Windows Base O/s MP

– Monitoring Scenarios

– Performance Monitoring

Overview of Hardware Management Packs

– Vendor available MP’s

– Performance Monitoring

Summary/Best Practices

Whitepapers, Install Guides, and other Resources

Monitoring Scenarios

Service and application management

–Core Windows service up/down status•

–Unexpected service terminations•

–Service configuration issues •

–Service account and authentication issues

Reliability

–Detects reoccurring application terminations

–Gathers data on system shutdowns (for shutdown reporting)

–Reports system failures (for stop error reporting)

Monitoring Scenarios cont….

Storage

–Share availability issues

–Share configuration issues

–Local storage resource availability

–Local storage free space

–File system integrity and corruption issues

Networking

– IP address conflicts

–Disconnected network adapters

–Duplicate network names

Agenda

Why Monitor Windows Servers

Overview of the Windows Base O/s MP

– Capacity monitoring

– Performance Monitoring

Overview of Hardware Management Packs

– Capacity monitoring

– Performance Monitoring

Summary/Best Practices

Whitepapers, Install Guides, and other Resources

Performance Monitoring

Performance measuring

-For most commonly used performance data

Performance threshold monitoring

–Physical Disk - Avg. Disk sec./

–Physical Disk - Avg. Disk sec./Read

–Memory - Pages/sec.

–Processor - % Processor

–Processor - % DPC

–Processor - % Interrupt Time

–Memory - % Committed bytes in use

–Memory - Available Megabytes

Performance Monitoring

State monitoring and service discovery

– Base OS services

– Storage

– Messenger service

– Computer browser

– Logical Disk Manager service

– Dynamic Host Configuration Protocol (DHCP) client

– Domain Name Service (DNS) client

– Remote Procedure Call (RPC) health

– Server service

– Transmission Control Protocol/Internet Protocol (TCP/IP)

– NetBIOS Helper service

– Hardware discovery

– Event log

– Workstation service

Agenda

Why Monitor Windows Servers

Overview of the Windows Base O/s MP

– Capacity monitoring

– Performance Monitoring

Overview of Hardware Management Packs

– HP

– Dell

– Fujitsu

– IBM

Demo

Whitepapers, Install Guides, and other Resources

HP Management Packs 1.1

Hardware resource management for HP ProLiant and Integrity servers

Hooks into HP Insight Manager Software

Support for Microsoft Windows Server 2003 and x64 Editions

Event rules for HP ProLiant Support Pack versions up to 7.4

Eveny rules for HP Integrity Support Pack versions up to 4.05

Topology Diagram View

State Roll-up component

Easy launch Tasks for server based webviews

Public View for troubleshooting

HP State View

System requirements

HP Insight Management Agents for ProLiant Servers, versions 5.5 to 7.40

HP Insight Management Agents for Integrity Servers, versions 2.3 to 4.05

SNMP for servers

–Required locally on each managed HP server to enable correct operations of the HP Insight Management Agents and to populate MOM 2005 with hardware state information

HTTP

–Required to enable tasks in MOM 2005 that access HP SIM, the HP System Management Homepage on individual managed systems, and HP Management Processors

Agenda

Why Monitor Windows Servers

Overview of the Windows Base O/s MP

– Capacity monitoring

– Performance Monitoring

Overview of Hardware Management Packs

– HP

– Dell

– Fujitsu

– IBM

Demo

Whitepapers, Install Guides, and other Resources

Dell Management Pack 2.0

Hardware Resource Management for Dell Servers

Hooks into Dell OpenManage Server Administrator and Dell OpenManage Array Manager Software

Dell State Monitoring Alerts View, Topology Views, and State Views

Task based Web link to launch a Dell Remote Access Controller when a warning or critical event occurs

Task to update State Views

Dell Knowledge Base information to support new event processing rules of Server Administrator (including the enhanced Storage Management Service) and Array Manager

Dell Diagram View

ROCKSDEV\CONN-NAS Dell Asset Tag: Dell-NAS Dell Server IPAddress: 192.168.234.235, 192.168.18.98 Dell Server Model Type: PowerVault 775N Dell Server OS: Microsoft Windows Powered Dell Service Tag: 3C1471S Status: Critical Error

System requirements

Microsoft Windows 2000 Server with Service Pack 4 or later, Windows 2000 Advanced Server with Service Pack 4 or later, Windows Server 2003 (Standard Edition, Web Edition, and Enterprise Edition), Windows Small Business Server (SBS) 2000, and Windows SBS 2003

Support for Dell OpenManage Server Administrator versions 1.6–2.0 (including the enhanced Storage Management Service version 1.0–1.1). For receiving alerts from the storage subsystem, you must have installed either Dell OpenManage Array Manager or the Server Administrator enhanced Storage Management Service.

Support for Array Manager versions 3.4–3.7.

Agenda

Why Monitor Windows Servers

Overview of the Windows Base O/s MP

– Capacity monitoring

– Performance Monitoring

Overview of Hardware Management Packs

– HP

– Dell

– Fujitsu

– IBM

Demo

Whitepapers, Install Guides, and other Resources

Fujitsu Siemens 2.0

Hardware Resource Management for Fujitsu Siemens PRIMERGY Servers

Hooks into Fujitsu Siemens ServerView Software

Server View State Monitoring Alerts View, Topology Views, and State Views

Tasks for ServerView Management Console, ServerView Frontend, ServerView WebVersion, Start ServerView

Fujitsu Siemens Knowledge Base information

System requirements

Operating system Windows 2000 (service pack 4 or higher ) or Windows Server 2003

ServerView Agents v 2.59 or higher must be installed

Simple Network Management Protocol (SNMP )for servers - required for correct operations of the ServerView Management

IBM Hardware

Most recently added

Pro-active management of IBM Hwardware

Hooks into IBM Director Software

Come with Knowledge Base Information

No task or diagram support

MP Downloads

HP

http://h18004.www1.hp.com/products/servers/management/mom2005/index.html

Dell

http://ftp.us.dell.com/sysman/DOMMP20.exe

Fujitsu Siemens

http://download.fujitsu-siemens.com/Download/ShowDescription.asp?SoftwareGUID=4190578B-A3E7-41F9-93B0-AED74F700B84

IBM

http://www-1.ibm.com/support/docview.wss?uid=psg1MIGR-61783

Management Update Notification

Sign up for Management Update Notification Service

–Notice of updates to

– New/Updated Management Packs

– Microsoft Management Product News

– Solutions

–http://www.microsoft.com/management/notifyme/

Ask The ExpertsGet Your Questions Answered

Questions

Community Resources

Community Resources

– http://www.microsoft.com/communities/default.mspx

Most Valuable Professional (MVP)

– http://www.microsoft.com/communities/mvp

Newsgroups

–Converse online with Microsoft Newsgroups,including Worldwide

– http://communities2.microsoft.com/communities/newsgroups/en-us/default.aspx

User Groups - Meet and learn with your peers

– http://www.microsoft.com/communities/usergroups/default.mspx

Microsoft Learning Resources

Come and talk to Microsoft Learning to find out more about developing your skills, you can kind us in the ‘Ask the Experts’ area

Special offers on Microsoft Certification from Microsoft Learning

Click here to access free Microsoft Learning Assessments http://www.microsoft.com/learning/assessment/ind/default.asp

and FREE elearning for Microsoft Visual Studio 2005 and Microsoft SQL Server 2005 with free Assessments and E-Learninghttp://www.microsoft.com/learning/mcp/

MOM Resources

Microsoft Operations Manager http://www.microsoft.com/MOM

Getting Started Resourceshttp://www.microsoft.com/MOM/Beginners

– Technical Walkthrough

– Key Documentation

– MOM Evaluation Download

Partner Product Cataloghttp://www.microsoft.com/MOM/ManagementPacks

MOM Communityhttp://www.microsoft.com/MOM/community/

Solution Acceleratorshttp://www.microsoft.com/mom/evaluation/solutions/default.mspx

What else does TechNet give you?

FREE TechNet Newsletter”

FREE Events and Webcasts

FREE quarterly “TechNet” magazine

FREE comprehensive technical website

FREE TechNet Radio, Security Centre, Learning Paths and Virtual Labs

TechNet Plus Subscription DVD

A range of tools and resources for IT professionals that let you plan, manage ,deploy

To subscribe to the newsletter or just to find out more, please visit www.microsoft.com/uk/technet

http://www.microsoft.com/uk/technet

PS (The evaluation form is now sent out electronically with your thank you e-mail. This can take up to 5 working days. Please do feedback as we read all the comments and use them to shape future event content)

Thank you for attending this TechNet Event

Gordon McKenna

MOM MVP

Inframon Limited

gordon@inframon.com