Upload
darleen-thornton
View
234
Download
2
Embed Size (px)
Citation preview
Welcome
Getting Started – Import Management PackOptional ConfigurationActive Directory Management Pack 的安全性考量Active Directory Management Pack 的剖析Troubleshooting
你可以在以下的網址找到 Microsoft Activr
Directory Management Pack -
http://go.microsoft.com/fwlink/?LinkId=82105
你可以在以下的網址找到最新的文件 - http://go.microsoft.com/fwlink/?LinkId=85414
下載最新的 Active Directory Management Pack
Domain discovery that enables Operations Manager 2007 to
automatically discover domains in your Active Directory
environment。
New performance and client monitoring views to provide more
ways to view your monitoring data。
A new child domain topology view, allowing you to see
subdomains of other domains 。
新的 dashboard views 整合多個 views 到單一 view 中。
Active Directory Management Pack 新功能
Before Import Active Directory Management Pack
SCOM 2007針對 Active Directory Domain Services (AD DS)提供兩種類型的 Management Pack。1. 監控 Domain Controllers2. 監控 Active Directory Clients
Management Pack 的限制兩種 Management Pack 都不支援 Agentless 的監控方式。Active Directory Management Pack 不支援跨多個 forests。
事前準備:決定是否需要部署 Active Directory Client Management Pack。確認每台 Domain Controller以及 Client已經安裝 SCOM 2007 Agent。 如果決定要使用 Active Directory Client Management Pack,請部屬於有執行 directory-enabled applications 的電腦上,例如 Microsoft Exchange Server 2000 或 2003。
下載 Active Directory Management Pack 的相關檔案,包含 :
File Name Description
Microsoft.Windows.Server.AD.2000.Discovery
Required for monitoring Active Directory in Windows Server 2000
Microsoft.Windows.Server.AD.2000.Monitoring
Required for monitoring Active Directory in Windows Server 2000
Microsoft.Windows.Server.AD.2003.Discovery
Required for monitoring Active Directory in Windows Server 2003
Microsoft.Windows.Server.AD.2003.Monitoring
Required for monitoring Active Directory in Windows Server 2003
Microsoft.Windows.Server.AD.Library Required for all versions of Active
Directory
Microsoft.Windows.Server.AD.ClientMonitoring
Optional; enables client monitoring
Import Management Pack
After Import Active Directory Server Pack
Enable the Agency Proxy Setting on All Domain Controllers
Note :如果你不想變更這安全性選項或者不需要 Discovery connection objects,你可以透過 override來停用 AD Remote Topology discovery rule。
1. Open the Operations Console and click the Administration button.
2. In the Administration pane, click Agent Managed. 3. Double-click a domain controller in the list.4. Click the Security tab.5. Select Allow this agent to act as a proxy and discover
managed objects on other computers.6. Repeat steps 3 through 5 for each domain controller.
After Import Active Directory Server Pack
Configure an Account for Replication Monitoring
Note :請使用一組專用的帳號,並將此帳號設成密碼不會過期,一但密碼過期, Replication 的監控就會停止。
設定 Domain Account 的權限。將這 Account 連結到 Active Directory Management Pack Account Profile。
After Import Active Directory Server Pack
Configure an Account for Replication Monitoring
設定 Domain Account 的權限。1. Grant the account the following minimum permissions: · Member of the Local Users Group · Member of the Local Performance Monitor Users group · Access to Windows Event logs · Manage auditing and security log privilege (SeSecurityPrivilege) · Generate security audits privilege (SeAuditPrivilege) · Allow log on locally log on right (SeInteractiveLogonRight)
2. Create the MomLatencyMonitors container as a child container of the root of each domain and application
directory partition that you are going to monitor. a. Click Start, click Run, and then type adsiedit.msc. b. In ADSI Edit, double-click Domain [computername]. c. Right-click DC=domainname,DC=com, click New, and then click Object. d. In Select a class, click Container, and then click Next. e. In Value, type MomLatencyMonitors, and then click Next. f. Click Finish.
After Import Active Directory Server Pack
Configure an Account for Replication Monitoring
設定 Domain Account 的權限。
3. If an application directory partition crosses domain boundaries, provide the
appropriate access for the account in each domain.
4. For each domain controller, give the account Read access to the registry key
HKLM\System\CurrentControlSet\Service\NTDS\Parameters. This enables the
Action Account to find the location of NTDS.dit and the Active Directory log
files.
5. While still at the registry path used in Step 4, note the directory locations
contained in the DSA Database File and Database Log Files Path data
values.
6. For each domain controller, give the account Read access for the two
directories you noted in Step 5.
After Import Active Directory Server Pack
Configure an Account for Replication Monitoring
將這 Account 連結到 Active Directory Management Pack Account Profile。
1. Open the Operations Console, and then click the Administration button.
2. In the Administration pane, expand Security, and then click Run As Accounts.
3. Right-click and select Create RunAs Account, and then follow the prompts to complete the wizard. When you enter the account password, be careful to type the correct password; the field is not validated. For additional information, click the Help button.
4. In the Administration pane, click Run As Profiles.5. Double-click AD MP Account.6. Click the Run As Accounts tab, and then click New.7. Associate the AD MP Account to all domain controllers in your
environment. Because of security restrictions, you must manually select each domain controller and associate the account until all managed domain controllers are associated with this account.
After Import Active Directory Client Management Pack
Enable client Monitoring
1. Open the Operations Console, and then click the Authoring button.
2. Expand Management Pack Objects, and then click Object Discoveries.
3. Locate the AD Client Monitoring Discovery rule. If you do not see the rule, check that your scope is set to include the Active Directory Client Perspective by clicking the Change Scope link at the top of the Actions pane.
4. Right-click the rule and select to override the object discovery for all computers running Windows or for all objects in a group.
5. In the Override Properties window, select Override.6. Change the Override Setting to True. In the Select
destination management pack pull-down menu, select a Management Pack.
7. Click OK to enable the Client Pack.
Configuration Option Additional Information
Change Management Pack default settings by overriding rules as appropriate to your environment.
Using Overrides
Configure the maximum amount of time allowed for a change to replicate across a forest. This value is often monitored closely for Service Level Agreements.
See the Setting the Intersite Replication Latency Threshold Value section.
Disable the collection of warnings, performance data, and miscellaneous noncritical events to decrease network traffic. You can do this in situations similar to the following: •Deployments with very slow wide area network (WAN) links or deployments across satellite links•Large branch office deployments•Deployments in which alerts are forwarded to a global network operations center
See the Disable Performance Data section.
Turn on the storage of replication latency data for specific Domain Controllers so that you can generate reports about replication latency.Replication latency is monitored by the Active Directory Management Pack once you configure the required account, but because of the high volume of data required for this report, the default behavior is to disable the report.
See the Enable Data Collection for the Replication Latency Report section.
Set parameters for commonly used tasks. See the Setting Parameters for Tasks section.
Setting the Intersite Replication Latency Threshold Value
1. Open the Operations Console, and then click the Authoring button. 2. Expand Management Pack Objects, and then click Monitors.3. In the Target pane, expand Active Directory Domain Controller Server
Computer Role.4. Expand Entity Health.5. Expand Availability.6. Right-click AD Replication Monitoring, click Overrides, click Override the
Monitor, and then select the group or type of object for which you want to override the monitor.
7. In the Override Properties window, locate the Intersite Expected Max Latency (min) property.
8. Select the box in the Override column for this property.9. In Override Setting column, type a new value in minutes for the maximum
expected replication latency between domain controllers.10. Select a Management Pack for the override. Typically, you should store all
of your custom overrides in a single Management Pack created for this purpose. If you have not yet created a Management Pack for your overrides, you can use the New button to create one now.
11. Click OK.
Disabling Performance Data
1. Open the Operations Console, and click the Authoring button.
2. Expand Management Pack Objects, and then click Monitors.
3. In the Target pane, expand Active Directory Domain Controller Server Computer Role.
4. Expand Entity Health.5. Right-click Performance, click Overrides, click Disable the
Monitor, select the object or group for which you want to disable the monitor and then click OK.
Enable Data Collection for the Replication Latency Report1. Open the Operations Console, and click the Authoring button.
2. Expand Management Pack Objects, and then click Rules. 3. In the Rules pane, type sources into the Look for box, and then click Find Now. 4. Locate the AD Replication Monitoring Performance Collection (Sources) rule.
There are two rules with this name; be sure you use the rule for the Active Directory Domain Controller Server for your version and not the rule for the Active Directory DC and Global Catalog Server Role. If you cannot find the rule, verify that your current scope includes the Active Directory objects.
5. Right-click the rule, click Overrides, click Override the Rule, and then click For a specific object of type.
6. Select the domain controllers where you want to override the rule. 7. Complete the fields in the Overrides Properties window, and click OK.8. In the Rules pane, type targets into the Look for box, and then click Find Now. 9. Locate the corresponding AD Replication Monitoring Performance Collection
(Targets) rule. There are two rules with this name; be sure you use the rule for the Active Directory Domain Controller Server for your version and not the rule for the Active Directory DC and Global Catalog Server Role. If you cannot find the rule, verify that your current scope includes the Active Directory objects.
10. Right-click the rule and select Overrides -> Override the Rule ->For a specific object of type.
11.Select the Domain Controllers where you want to override the rule. 12.Complete the Overrides Properties window, and then click OK.
Setting Parameters for TasksNETDIAG
NETDOM
NLTEST
REPADMIN
SETSPN
Setting task parameters
• Open the Operations Console, and then click the Monitoring button.• In the Monitoring pane, click Microsoft Windows Active Directory, click Active
Directory Server 2003, and then click DC Server 2003 State View.• In the Actions pane, right-click the task, and then click Run Task.• In the Run Task window, click Override. 1. In the Command Line row, click New Value, fill in the command-line options as
appropriate to your environment, and then click Override.
使用低權限帳號時,必須符合以下條件:必須是 local user group 的成員必須是 local Performance Monitor user group 的成員必須有登入本機的權限
注意: AD Topology Discovery 需要高權限的帳號來執行,預設會自動使用 Local
System 來執行,並不需要使用者來指定。
Computer Groups
AD Domain Controller Group (Windows 2000 Server)
AD Domain Controller Group (Windows Server 2003)
AD Monitoring Client Computer Group
Objects Discovered by the Active Directory
Management Pack
How Health Rolls Up
Key Monitoring Scenarios
Viewing Information
Management Pack Details
Objects the Active Directory Management Pack Discovets
Domain controllers
Global catalogs
Sites
Forests
Site links
Connection objects
How Health Rolls Up
Key Monitoring ScenariosActive Directory 提供的監控項目 :
Client-Side Monitoring Active Directory Trust
Relationships Account and Authentication
Problems Net Logon Service Universal Group Membership
Caching Dependent Services Active Directory Availability Replication Performance Monitoring
Key Monitoring Scenarios
Scenario Description
Client-Side Monitoring
Each computer running the Active Directory Management Pack Client Pack can be configured to monitor only the domain controllers in which you are interested. By using the Active Directory Management Pack Client Pack, you can perform the following tasks:•Monitor a specific list of domain controllers.•Monitor domain controllers in the client’s local site.•Monitor domain controllers in a list of specified sites.•Monitor all domain controllers in the client’s domain or in a specified list of domains.•Monitor whether the client can contact a domain controller in its local site.•Monitor whether there are a sufficient number of global catalog servers available.Clients determine domain controller availability by using the following actions:•Pinging, by using both Internet Control Message Protocol (ICMP) and Lightweight Directory Access Protocol (LDAP)•Searching Active Directory•Confirming that a sufficient number of global catalog servers are available•Detecting primary domain controller (PDC) emulator availability and responsiveness
Key Monitoring Scenarios – 續 -Scenario Description
Active Directory Trust Relationships
This scenario monitors trust relationship problems and detects problems with trusts between Active Directory domains and forests.
Account and Authentication Problems
This scenario monitors Active Directory user authentication and account problems between domain controllers, including the following:•Account password problems•Security Accounts Manager (SAM) failures•Invalid requests•Key Distribution Center (KDC) and NTLM errors•Account identifier problems•User credential problems•Account and group problems•Duplicate accounts and security identifiers (SIDs)
Net Logon service This scenario monitors the health of the Net Logon service, including the following:•Computer authentication problems•Computers with duplicate SIDs•Authentication failures for Active Directory computer accounts•Name collisions•Inability of the Net Logon service to register name records with the Windows Internet Name Service (WINS)
Key Monitoring Scenarios – 續 -
Scenario Description
Universal Group Membership Caching
This scenario monitors problems with universal group membership caching.
Dependent Services This scenario monitors problems related to the availability of services that are critical to Active Directory operations, including the following:• File replication errors• Journal wrap errors• Computer account policy failures• Problems with time synchronization between Active Directory components• Group Policy processing problems and errors• Computer account problems• Group Policy object problems• Memory allocation problems
Active Directory Availability This scenario monitors various aspects of Active Directory health that affect availability, including the following:• Connectivity failures• Database size and available free disk space• Global catalog problems and errors• Operations master availability
Key Monitoring Scenarios – 續 -
Scenario Description
Performance Monitoring
This scenario collects various aspects of domain controller performance, including the following:• Number of NTLM authentications per second• Number of Kerberos protocol authentications per second• Directory searches per second• Number of server sessions• Replication latency• Processor usage• System up time• Memory: page writes per second• Memory: available bytes• Memory: committed bytes• KDC Authentication Service requests per second• KDC Ticket-Granting service (TGS) requests per second• LDAP searches per second• LDAP User Datagram Protocol (UDP) operations per second• Number of LDAP client sessions• Number of LDAP writes per second• Number of Local Security Authority Subsystem private bytes• LSASS handle count• LSASS processor usage
Key Monitoring Scenarios – 續 -
Scenario Description
Replication This scenario monitors replication problems or failures, including the following:• Replication failures• Initial replication not completed• Slow replication• Synchronization problems and errors• Time skew problems• Detection of replication islands • Domain controllers having appropriate numbers of replication partners
DC Active Alerts
DC State
Client-Side Monitoring
Active Directory Performance
Views
Replication Views
Topology Views
Viewing Information
Client Monitoring ViewsView Name Description
Client ADSI Bind and Search Time
Displays the time, in seconds, required to perform a search for the domain controller (using a subtree search in the default directory partition and cn=computername as the filter) that is retrieved from the rootDSE object. This search is done only after the script has completed a bind to the rootDSE of the domain controller using ADSI.
Client Alerts Provides a list of alerts generated from the client monitoring function.
Client GC Search Time Displays the time, in seconds, required by the AD Client GC Availability script to perform a search of the global catalog.
Client LDAP Ping and Bind
Displays the time, in seconds, of how long it takes for the client to perform an LDAP ping and bind operation on the domain controller.
Client PDC Ping and Bind Time
Displays the time, in seconds, of how long it takes the client to ping and bind the domain controller that hosts the PDC operations master role.
Client Performance Overview
A view that displays the LDAP Ping and Bind view, the Client GC Search Time view, the Client ADSI Bind and Search Time view, and the Client PDC Ping and Bind Time view all in one pane.
Client State Displays the current state of all monitoring clients.
Active Directory Performance ViewsView Name Description
AD DIT/Log Free Space
Displays in bytes the amount of free space on the volumes containing the Active Directory Directory Information Tree (DIT) and log files.
All Performance Data Allows you to pick which pieces of information to display from the entire set of Active Directory performance data.
Database and Log Overview
A view that displays the Database Size view, the Log File Size view, and the Active Directory DIT/Log Free Space view all in one pane.
Database Size Displays the size, in bytes, of the Active Directory database.
DC OS Metrics Overview
A view that displays the LSASS Processor Time view and the Memory Metrics view in one pane.
DC Response Time Displays the time, in seconds, it takes for a domain controller to respond to a request.
DC/GC Response A view that displays the DC Response Time view and the GC Response Time view in the same pane.
GC Response Time Displays the time, in seconds, it takes for a global catalog to respond to a request.
Log File Size Displays, in bytes, the size of the Active Directory Log File.
LSASS Processor Time
Displays, as a percentage of the total time available, the processor time being consumed by the Local Security Authority Subsystem (LSASS).
Memory metrics Allows you to pick which memory metrics to display from the entire set of Active Directory data.
Op Master Performance
Displays the performance data collected by the AD OpMaster Response script, which measures the responsiveness of all monitored domain controllers that host an Operations Master role.
Replication Monitoring Views
View Name Description
Intersite Replication Traffic Displays, in bytes per second, the amount of inbound compressed replication data.
Replication Alerts last 7 days
Displays the last seven days of alerts.
Replication Inbound Bytes/sec
Allows you to pick which Directory Replication Agent (DRA) inbound bytes metrics to display on one graph.
Replication Latency Displays, in minutes, how long it takes for a change that is made in one location in Active Directory to be reflected in all connected Active Directory domain controllers.
Replication Performance Overview
A view showing the previous four views in one pane.
Topology Views
View Name Description
AD Domains Displays a topology of all your Active Directory domains.
AD Sites Displays a topology of all your Active Directory sites
Connection Objects Displays a topology for all your connection objects. Stale connection objects are shown as an error, or red, state. To see only your stale connection objects, use the Filter by Health button above the view to show only those objects in the error state.
Topology A topology that contains all information in the previous three views.
Reports
你可以使用 Active Directory Management Pack提供的報表來了解特定期間的趨勢狀態。所提供的報表有:
• Configuration Information
• Operations Information
• 各式各樣其他的 Reports
Configuration Information Reports
Report Name Description
AD Domain Controllers
Lists all domain controllers in the selected domain, along with their Internet Protocol (IP) addresses and sites.
AD Role Holders Lists which computers are holding one or more operations master roles or are global catalog servers.
AD Replication Site Links
Summarizes the current replication site link configuration for Active Directory.
Operations Information Reports
Report Name Description
AD Domain Changes Summarizes significant changes to the domain, such as movement of the PDC emulator operations master and the addition or removal of domain controllers.
AD Machine Account Authentication Failures
Summarizes which workstations (that are joined to the domain) are unable to authenticate. This failure can prevent Group Policy updates and software distribution to the computer.
AD SAM Account Changes Summarizes events that indicate that the SAM has detected an error. Corrective guidance is provided where applicable.
Miscellaneous ReportsReport Name Description
DC Disk Space Chart Summarizes Active Directory disk space usage and free space for the database and log volumes. It is critical that adequate free space be available for Active Directory. Use this report to track trends and predict the size of volumes that you will need, given your current growth rate.
AD Replication Bandwidth Summarizes the replication bandwidth, compressed and uncompressed, over the selected period. This report is useful for tracking trends and planning capacity for replication bandwidth requirements.
Top Applications (Client Monitoring only)
This report shows the top ten errors that were encountered by the client monitoring. It shows the application name, version, vendor, total volume, number of unique users that were affected, and the number of unique computers that were affected.
Top Error Groups (Client Monitoring only)
This report shows the top error groups, total crash count, average crash count per error group, and average daily crash count per error group.
Management Pack Details
To see knowledge for a monitor• In the Operations Console, click the Authoring
button.• Expand Management Pack Objects, and then click
Monitors.• In the Monitors pane, expand the targets until
you reach the monitor level. Alternatively, you can use the Search box to find a particular monitor.
• Click the monitor, and in the Monitor pane, click View knowledge.
1.Click the Product Knowledge tab.
你可以在這個網址找到相關資訊 – http://go.microsoft.com/fwlink/?
LinkId=29499Problem Solution
The DC/GC Response View or the GC Response Time Performance View shows zero latency for the Global Catalog Response.
None. This is a known problem with the Active Directory Helper Object (OOMAD) and will be addressed in a future release of this helper object. For more information, see the "64-bit Considerations on Windows Server 2003" topic in the section.
You see alert messages with the following message: Scripts failing to create object 'McActiveDir.ActiveDirectory'.
This is caused by a missing Active Directory Helper Object (OOMADS). Go to Add or Remove Programs and make sure the AD Helper object is installed. If it is not, follow these steps to manually install the object:1. On the domain controller locate the folder %ProgramFiles%\System Center Operations Manager 2007\HelperObjects2. Double-click oomads.msi to run the installation.
The topology views are empty.
Verify that you have enabled the Agency Proxy setting on all domain controllers. For more information, see the "Enable the Agency Proxy Setting on All Domain Controllers" topic in the section.
The client monitoring views are empty.
Verify that you have set the client monitoring override to enable client monitoring. For more information, see the "After You Import the Active Directory Client Management Pack" topic in the section.
Getting Started – Import Management PackOptional ConfigurationExchange Server Management Pack 的安全性考量Exchange Server Management Pack 的剖析
你可以在以下的網址找到 Microsoft Exchange Server
Management Pack - http://go.microsoft.com/fwlink/?
LinkId=82105
你可以在以下的網址找到最新的文件 - http://go.microsoft.com/fwlink/?LinkId=85414
下載最新的 Exchange Server Management Pack
Exchange Server Management Pack 新功能
自動調整 e-mail message queue thresholds ,透過學習過程判斷特定效能常態值並自動設定 (alert)門檻值從 operations console 叫用 Exchange Server System Manager實施 Exchange MAPI Logon模擬 , 獲取相關資訊
新增的 Agent tasks:
安裝 Exchange Server Best Practices Analyzer
執行 local domain controllers query
啟動、停止、暫停和重新啟動 Exchange Server 相關服務
Brfore Import Management Pack
建議加強 Exchange環境的安全性
在 Exchange front-end servers啟用 Secure Sockets
Layer (SSL)
儲存 Message Tracking Log的分享資料夾已受保護
SMTP 資料夾採用 NTFS file system partition
不接受 SMTP 匿名 relay
為 Exchange Servers做必要的設定,以便提供 Operations
Manager 2007 進行監控
更新 .NET Framework hotfix
下載 Exchange Server Management Pack 的相關檔案,包含 :
Microsoft.Exchange.Server.Library.MP (Exchange Server Core Library)
Microsoft.Exchange.Server.2003.Monitoring.MP (Exchange Server 2003 Discovery)
Microsoft.Exchange.Server.2003.Monitoring.MP (Exchange Server 2003 Monitoring)
Microsoft Exchange Server Management Pack Configuration Wizard
建議 : (服務系統的相關設備監測 )
至少應選用 Active Directory Domain Services (AD DS) Management Pack
其他 : 監控執行 Exchange Server 的 OS 、監控 Internet Information Services (IIS) 、監控網路設備 ( 例如 :router) 等
Agent-Managed
必須安裝 SCOM 2007 Agent 才能提供所有的監控功能
Agentless Managed
Exchange Server Management Packs for Operations
Manager 2007 不支援 agentless 方式的監控。
Import Management Pack
Run the Exchange Management Pack Configuration Wizard
Requirements
需有安裝 .NET Framework 1.1 與 Exchange System Manager。
安裝的使用者必須有本機 Administrator 的權限。
所有需要設定的 Exchange 必須安裝 SCOM 2007 Agent與啟動 Remote Registry Service。
執行 wizard 的帳號必須有 Exchange full administrator
rights。
Run the Exchange Management Pack Configuration Wizard
Install the Configuration Wizard
1. 執行 MPConfigApp.exe 來解開 Configapp.msi 檔案。
2. 執行 ConfigApp.msi,必依指示來完成安裝。
Run the Exchange Management Pack Configuration Wizard
使用預設值進行設定時啟用的監控項目Enables message tracking.
Enables service monitoring of the following services:
Microsoft Exchange Information Store
Microsoft Exchange Management
Microsoft Exchange MTA Stacks
Microsoft Exchange System Attendant
Simple Mail Transfer Protocol (SMTP)
World Wide Web Publishing Service
Creates a Test mailbox on the First Mailbox Store of Exchange.
Enables server availability monitoring, and lets you identify the
sending and receiving mail servers for the mail flow test.
Creates the Mailbox Access Account and mailbox.
Install the Configuration Wizard
Run Configuration Wizard with Default Setting
Enable Exchange Topology View
To enable Exchange Topology Discovery
1. Enable the agent proxy on all managed servers running
Exchange Server 。
2. Use overrides to enable Exchange Topology Discovery on a
managed server running Exchange Server 。
1. In the Authoring pane of the Operations Manager 2007 Operations Console, click Object Discoveries.
2. In the Object Discoveries pane, right-click Exchange 2003 Topology Discovery, point to Overrides, point to Override the Object Discovery, and then click For a specific object of type: Exchange 2003 Role.
3. In the Select Object dialog box, type the search criteria, and then click OK.
4. Select the desired server running Exchange Server 2003 from Matching objects, and then click OK.
5. In the Override Properties dialog box, select Override for the Enabled parameter, and then select True from the Override Setting drop-down list.
6. Select the Management Pack to save the override in, and then click OK.
Configure Custom URLs For OWA,OMA,and EAS
To configure a custom URL for Outlook Web Access
Open Registry Editor, locate the \\HKLM\Software\Microsoft\
Exchange MOM\ FEMonitoring\front-end servername\ key, and
create a registry value (type string) named CustomUrls. Enter
the custom URL value as a comma-delimited list in this value.
For single URLs, follow this example:
· https://www.example.com/exchange
For multiple URLs, use the following format:
· https://www.example.com/exchange,
https://www.example.com/mail
Note
Do not append the mailbox name in the URL, such as
https://www.example.com/exchange/johnsmith, or the synthetic logon
will fail.
Configure Custom URLs For OWA,OMA,and EAS
To configure a custom URL for Outlook Moblie Access
Open Registry Editor, locate the \\HKLM\Software\Microsoft\
Exchange MOM\FEMonitoring\ front-end servername\ key, and
create a registry value (type string) named CustomOmaUrls.
Enter the custom URL value as a comma-delimited list in this
value. For single URLs, follow this example:
· https://www.example.com/oma
For multiple URLs, use the following format:
· https://www.example.com/oma,
https://www.example.com/moblie
Configure Custom URLs For OWA,OMA,and EAS
To configure a custom URL for Exchange ActiveSync
Open Registry Editor, browse to the \\HKLM\Software\Microsoft\
Exchange MOM\ FEMonitoring\front-end servername\ key, and
create a registry value (type string) named CustomEasUrls.
Enter the custom URL value in this registry value, for
example:
• https://www.example.com/Microsoft-Server-ActiveSync
Configure Exchange Clusters
• Microsoft Windows Server Library Management Pack 會 Discovery Windows Cluster 的 virtual node
• Virtual node 會被加入 Management Group。• Exchange Management Pack 會 discovery 和
monitory 這些 Cluster Server 上的 Virtual node。• 因此這些 Cluster Server 上的 Virtual node 會被關聯
到 Exchange Role,而不是 physical nodes。
建議:請匯入 Windows Cluster Server Management Pack,一起監控 Windows Cluster Server。
Monitor Exchange Server over Low-Bandwidth Connections
• 使用 overrides 設定相關的 rules 來收集較少物件的資料
• 以較低的頻率來執行相關的 rules• 加大時間間距• 停用相關 rules• …等等
Using Group
Using Roles• Groups• Tasks• Views
Objects Discovered by the Exchange Server
Management Pack
How Health Rolls Up
Key Monitoring Scenarios
Viewing Information
Objects Discovered by the Exchange Server Management Pack
Object Discovery Rule Name
Discovered Object Type
Exchange 2003 ActiveSync Discovery
Exchange 2003 ActiveSync component on Exchange 2003 front-end servers
Exchange 2003 Database Discovery
Exchange database component(s) on Exchange 2003 back-end servers
Exchange 2003 IMAP4 Service Discovery
Exchange 2003 IMAP4 service
Exchange 2003 Information Store Discovery
Exchange 2003 Information Store service
Exchange 2003 Initial Server Discovery
The initial discovery of a server running Exchange Server 2003. Disabling this rule disables all local discovery of a server running Exchange 2003 Server
Exchange 2003 Mailflow Discovery Exchange 2003 Mailflow Monitoring Component
Exchange 2003 Management Service Discovery
Exchange 2003 Management Service
Exchange 2003 MAPI Discovery MAPI logon monitoring component on a back-end server running Exchange Server 2003
Exchange 2003 Message Transfer Agent Stack Service Discovery
Exchange 2003 MTA Stack Service
Exchange 2003 Outlook Mobile Access Discovery
Exchange 2003 Outlook Mobile Access component on front-end servers for Exchange Server 2003
Objects Discovered by the Exchange Server Management Pack
Object Discovery Rule Name Discovered Object Type
Exchange 2003 Outlook Web Access Discovery
Exchange 2003 Outlook Web Access component on front-end servers for Exchange Server 2003
Exchange 2003 POP3 Service Discovery
Exchange 2003 POP3 Service
Exchange 2003 Queue Discovery Exchange 2003 Queue Monitoring Component
Exchange 2003 Replication Service Discovery
Exchange 2003 Replication Service
Exchange 2003 Routing Engine Service Discovery
Exchange 2003 Routing Engine Service
Exchange 2003 Server Role Attribute Discovery
Discovers all attributes of a server running Exchange Server 2003
Exchange 2003 System Attendant Service Discovery
Exchange 2003 System Attendant Service
Exchange 2003 SMTP Service Discovery
Exchange 2003 SMTP Service
Exchange 2003 Topology Discovery Exchange 2003 topology. The topology can include computers running Exchange Server 2003 that are not yet managed by Operations Manager 2007
Exchange Server 各元件之間的關係How Health Rolls Up
Key Monitoring Scenarios - Can MAPI Client Log On the Exchange Database?
Rules for MAPI Logon Monitoring Rule Name Alert Properties
Event Collection Rule for MAPI Logon failure Not applicable: This rule collects event data; it does not generate alerts.
MAPI Logon Failure Event-basedPriority: MediumSeverity: Warning
MAPI Logon Failure: Cannot verify Exchange Information Store service availability due to unexpected error
Event-basedPriority: MediumSeverity: Warning
MAPI Logon Failure: Error preventing MAPI Logon attempt
Event-basedPriority: MediumSeverity: Warning
MAPI Logon Failure: Test mailbox residing on the wrong server
Event-basedPriority: MediumSeverity: Warning
Performance Collection Rule for MAPI Logon latency
Not applicable: This rule collects performance data; it does not generate alerts.
Key Monitoring Scenarios - Can MAPI Client Log On the Exchange Database? –續 -
Views for MAPI Logon Monitoring • MAPI Logon Active Alerts• MAPI Logon Latency
Reports for MAPI Logon Monitoring • Availability Report• Performance Report
Key Monitoring Scenarios - Can E-mail Be Sent and Received ? Monitors for Mail Flow Monitoring• Exchange Mail Flow Monitor (Sender Part)• Exchange Mail Flow Monitor (Receiver Part)
Rules for Mail Flow Monitoring
Rule Name Alert Properties
An incorrect parameter was sent to the Received Mail script
Not applicable: This rule collects performance data; it does not generate alerts.
EAS logon failure: Forbidden Event-basedPriority: MediumSeverity: Warning
Configuration problem detected by the mail flow receiver script
Event-basedPriority: MediumSeverity: Warning
Configuration problem detected by the mail flow sender script
Event-basedPriority: MediumSeverity: Warning
Key Monitoring Scenarios - Can E-mail Be Sent and Received ? –續 -
Rules for Mail Flow Monitoring
Rule Name Alert Properties
General errors in the mail flow receiver script Event-basedPriority: MediumSeverity: Warning
General errors in the mail flow sender script Priority: MediumSeverity: Warning
Mail flow latency exceeded the specified threshold
Event-basedPriority: MediumSeverity: Warning
Mail flow message not received Event-basedPriority: MediumSeverity: Warning
Mail flow script cannot resolve recipient's address
Event-basedPriority: MediumSeverity: Warning
Key Monitoring Scenarios - Can E-mail Be Sent and Received ? –續 -
Rules for Mail Flow Monitoring
Rule Name Alert Properties
Performance Collection Rule for mail flow receiver
Not applicable: This rule collects performance data; it does not generate alerts.
Timeout when calling the mail flow receiver Event-basedPriority: MediumSeverity: Warning
Timeout when calling the mail flow sender Event-basedPriority: MediumSeverity: Warning
Warning: Mail flow message not received Event-basedPriority: MediumSeverity: Warning
Key Monitoring Scenarios - Can E-mail Be Sent and Received ? –續 -
Views for Mail Flow Monitoring • Mail Flow Active Alerts• Mail Flow Performance Data
Reports for Mail Flow Monitoring • Availability Report• Performance Report
Key Monitoring Scenarios - Can Customers Able to Access Their E-mail with Their Web Browser?
Monitors for OWA Monitoring • Outlook Web Access Logon MonitorThis Monitor requires Exchange Server 2003 Service Pack 1
Key Rules for OWA Monitoring Rule Name Alert Properties
Outlook Web Access: Current Web Service Connections
Not applicable: This rule collects performance data; it does not generate alerts.
Outlook Web Access: Message Opens / second
Not applicable: This rule collects performance data; it does not generate alerts.
Outlook Web Access: Message Sends / second
Not applicable: This rule collects performance data; it does not generate alerts.
Outlook Web Access: Number of Recent Users
Not applicable: This rule collects performance data; it does not generate alerts.
Outlook Web Access: Authentication / second Not applicable: This rule collects performance data; it does not generate alerts.
Key Monitoring Scenarios - Can Customers Able to Access Their E-mail with Their Web Browser? 續
Key Rules for OWA Monitoring
Rule Name Alert Properties
Outlook Web Access: Total Messages Opened Not applicable: This rule collects performance data; it does not generate alerts.
Outlook Web Access: Total Messages Sent Not applicable: This rule collects performance data; it does not generate alerts.
Outlook Web Access logon failure: (HTTP error 401) Unauthorized
Event-basedPriority: MediumSeverity: Warning
Outlook Web Access logon failure: Service Unavailable
Event-basedPriority: MediumSeverity: Warning
Performance Collection Rule for Outlook Web Access logon latency
Not applicable: This rule collects performance data; it does not generate alerts.
Key Monitoring Scenarios - Can Customers Able to Access Their E-mail with Their Web Browser? 續
Views for OWA Monitoring • OWA Active Alerts• OWA Logon Latency• OWA Performance Data
Reports for OWA Monitoring
• Availability Report• Performance Report
Key Monitoring Scenarios - Are Customers Able to Synch Their Devices ?
Monitors for EAS Monitoring • Exchange ActiveSync Monitor• Exchange ActiveSync Hearbeat Interval MonitorThis Monitor requires Exchange Server 2003 Service Pack 1 Key Rules for EAS Monitoring
Rule Name Alert properties
ActiveSync: Pending I/O requests to Exchange server
Not applicable: This rule collects performance data; it does not generate alerts.
ActiveSync: rate of incoming changes from ActiveSync devices (changes\sec)
Not applicable: This rule collects performance data; it does not generate alerts.
ActiveSync: rate of I/O request to Exchange server (requests/sec)
Not applicable: This rule collects performance data; it does not generate alerts.
ActiveSync: rate of outgoing changes sent to ActiveSync devices (changes\sec)
Not applicable: This rule collects performance data; it does not generate alerts.
ActiveSync: Total number of unrecognized requests since last service start
Not applicable: This rule collects performance data; it does not generate alerts.
ActiveSync: Total number of users since last service start
Not applicable: This rule collects performance data; it does not generate alerts.
Key Monitoring Scenarios - Are Customers Able to Synch Their Devices ? 續
Key Rules for EAS Monitoring Rule Name Alert properties
Current number of ActiveSync users Not applicable: This rule collects performance data; it does not generate alerts.
Exchange ActiveSync logon failure: Bad Request
Event-basedPriority: MediumSeverity: Warning
Exchange ActiveSync logon failure: Forbidden Event-basedPriority: MediumSeverity: Warning
Exchange ActiveSync logon failure: General Error
Event-basedPriority: MediumSeverity: Warning
Exchange ActiveSync logon failure: Internal Server Error
Event-basedPriority: MediumSeverity: Warning
EAS logon failure: Server Busy Event-basedPriority: MediumSeverity: Warning
Performance Collection Rule for Exchange ActiveSync logon latency
Not applicable: This rule collects performance data; it does not generate alerts.
Key Monitoring Scenarios - Are Customers Able to Synch Their Devices ? 續
• EAS Active Alerts• EAS Logon Latency• EAS Performance Data
• Availability Report• Performance Report
Views for EAS Monitoring
Reports for EAS Monitoring
Key Monitoring Scenarios - Are Customers Able to Access E-mail from their Device Browers ?
Monitors for OMA Monitoring • Outlook Mobile Access Monitor• Outlook Mobile Access Last Response Time MonitorThis Monitor requires Exchange Server 2003 Service Pack 1 Key Rules for OMA Monitoring
Rule Name Alert Properties
Outlook Mobile Access logon failure: ASP.net errors Event-basedPriority: MediumSeverity: Warning
Outlook Mobile Access logon failure: Outlook Mobile Access configuration errors
Event-basedPriority: MediumSeverity: Warning
Outlook Mobile Access logon failure: Unable to connect
Event-basedPriority: MediumSeverity: Warning
Outlook Mobile Access logon failure: Wireless access is not enabled for the account
Event-basedPriority: MediumSeverity: Warning
Performance Collection Rule for Outlook Mobile Access logon latency
Not applicable: This rule collects performance data; it does not generate alerts.
Unable to Connect to Exchange Server Event-basedPriority: MediumSeverity: Critical
• OMA Active Alerts• OMA Logon Latency
• Availability Report• Performance Report
Views for OMA Monitoring
Reports for OMA Monitoring
Key Monitoring Scenarios - Are Customers Able to Access E-mail from their Device Browers ? 續
Key Monitoring Scenarios - Exchange Database 是否有足夠的磁碟空間 ?
Monitors
Property Monitored Default Threshold Health State
% Free for all drives •· 2% or less•· 5% or less
•· Error•· Warning
MB Free for all drives •· 400 MB or less•· 1000 MB or less
•· Error•· Warning
% Free on Queue drive •· 5% or less•· 20% or less
•· Error•· Warning
MB Free on Queue drive •· 1000 MB or less•· 5000 MB or less
•· Error•· Warning
% Free on Log drive •· 5% or less•· 20% or less
•· Error•· Warning
MB Free on Log drive •· 1000 MB or less•· 5000 MB or less
•· Error•· Warning
Key Monitoring Scenarios - Exchange Database 是否有足夠的磁碟空間 ? -續 -
Key Rules for Monitoring Exchange Database Free Disk Space
Rule Name Alert Properties
Low free disk space Event-basedPriority: MediumSeverity: Warning
The database engine is rejecting update operations due to low disk space on the designated disk
Event-basedPriority: MediumSeverity: Critical
Very low free disk space Event-basedPriority: MediumSeverity: Warning
• Database Performance• Database Storage Active Alert• Mailbox Average Messages• Mailbox Average size in MB• Mailbox Median Messages• Mailbox Median size in MB• Public Folder Average Message Count• Public Folder Median Messages• Public Floder Median size in MB
• Exchange Disk Usage Report
Views for Monitoring Exchange Free Disk Space
Reports for OMA Monitoring
Key Monitoring Scenarios - Exchange Database 是否有足夠的磁碟空間 ? -續 -
Key Monitoring Scenarios - Exchange Information Store 是否運作正常 ?
Monitors
Monitor Name Description
IS RPC Latency Remote procedure call latency in milliseconds for the past 1024 packets of data.
IS RPC Requests The number of client requests that are currently being processed by the Information Store.
IS Virtual Bytes The current size, in bytes, of the virtual address space the Information Store process is using.
LDAP Search Time The time, in milliseconds, it takes the Information Store process to send an LDAP search request and receive a response.
Key Monitoring Scenarios - Exchange Message Queues 是否在正常範圍 ?
•Exchange Server 2003 Management Pack 提供很多 Windows NT Performance-based self-tuning threshold rules 來監控 Exchange 環境的效能與可用度。•Exchange queues 便是使用 self-tuning thresholds。例如監測 SMTP Local Queue 一個星期來建立 baseline,以後只要超出 baseline,便會觸發 alert。
Viewing Information Active Sync Components (of Exchange) IMAPI4 Mail Flow Mail Queues MAPI Logon Message Transfer Agent Outlook Mobile Access Outlook Web Access Overview (dashboard views of Exchange components) POP3 Server Performance SMTP Storage
TasksTask Name Task Description
Exchange System Manager Starts the Exchange Server System Manager from the Operations Manager 2007 Operations Console.
Note Exchange Server System Manager must be installed on the computer on which the task is run.
Install EXBPA Installs the Exchange Server Best Practices Analyzer (EXBPA).
Query Local Domain Controllers Lists local domain controllers and their status.
Start, stop, pause, and resume Exchange services.
Provides the ability to start, stop, pause, and resume Exchange monitored services, as supported by each Exchange service.
Active Client Logons By Day
Client Logons Per Day
Exchange Disk Usage
Exchange IMAP4 Usage
Exchange Information Store Usage
Exchange Mailbox Store Usage
Exchange MTA Usage
Exchange POP3 Usage
Exchange Server Configuration
Exchange SMTP Usage
Exchange WebMail Usage
Highest Growth Mailboxes
Highest Growth Public Folders
Reports ( 一 )
Mail Delivered Top 100 Recipient Mailboxes by Count
Mail Delivered Top 100 Recipient Mailboxes by Size
Mail Delivered Top 100 Sender Domain by Count
Mail Delivered Top 100 Sender Domain by Size
MTA Work Queue Length By Day
SMTP Out Top 100 Recipient Domains by Count
SMTP Out Top 100 Recipient Domains by Size
SMTP Out Top 100 Senders by Count
SMTP Out Top 100 Senders by Size
Top 100 Mailboxes by Message Count
Top 100 Mailboxes by Size
Top 100 Public Folders by Message Count
Top 100 Public Folders by Size
Reports ( 二 )
Exchange 相關資料
• Exchange Server 2003 Performance and Scalability Guide http://go.microsoft.com/fwlink/?linkid=69704
• Troubleshooting Microsoft Exchange Server 2003 Performance http://go.microsoft.com/fwlink/?LinkId=47588
• 下載 Exchange Server 2003 的各項資源http://www.microsoft.com/taiwan/exchange/downloads/2003.htm
在何處取得 TechNet 相關資訊?• 訂閱 TechNet 資訊技術人快訊
http://www.microsoft.com/taiwan/technet/flash/• 訂閱 TechNet Plus
http://www.microsoft.com/taiwan/technet/• 參加 TechNet 的活動
http://www.microsoft.com/taiwan/technet/• 下載 TechNet 研討會簡報與錄影檔
http://www.microsoft.com/taiwan/technet/webcast/