Welcome. Getting Started – Import Management Pack Optional Configuration Active Directory Management Pack 的安全性考量 Active Directory Management Pack 的剖析

Welcome

Getting Started – Import Management PackOptional ConfigurationActive Directory Management Pack 的安全性考量Active Directory Management Pack 的剖析Troubleshooting

你可以在以下的網址找到 Microsoft Activr

Directory Management Pack -

http://go.microsoft.com/fwlink/?LinkId=82105

你可以在以下的網址找到最新的文件 - http://go.microsoft.com/fwlink/?LinkId=85414

下載最新的 Active Directory Management Pack

Domain discovery that enables Operations Manager 2007 to

automatically discover domains in your Active Directory

environment。

New performance and client monitoring views to provide more

ways to view your monitoring data。

A new child domain topology view, allowing you to see

subdomains of other domains 。

新的 dashboard views 整合多個 views 到單一 view 中。

Active Directory Management Pack 新功能

Before Import Active Directory Management Pack

SCOM 2007針對 Active Directory Domain Services (AD DS)提供兩種類型的 Management Pack。1. 監控 Domain Controllers2. 監控 Active Directory Clients

Management Pack 的限制兩種 Management Pack 都不支援 Agentless 的監控方式。Active Directory Management Pack 不支援跨多個 forests。

事前準備：決定是否需要部署 Active Directory Client Management Pack。確認每台 Domain Controller以及 Client已經安裝 SCOM 2007 Agent。如果決定要使用 Active Directory Client Management Pack，請部屬於有執行 directory-enabled applications 的電腦上，例如 Microsoft Exchange Server 2000 或 2003。

下載 Active Directory Management Pack 的相關檔案，包含 :

File Name Description

Microsoft.Windows.Server.AD.2000.Discovery

Required for monitoring Active Directory in Windows Server 2000

Microsoft.Windows.Server.AD.2000.Monitoring


Microsoft.Windows.Server.AD.2003.Discovery


Microsoft.Windows.Server.AD.2003.Monitoring


Microsoft.Windows.Server.AD.Library Required for all versions of Active

Directory

Microsoft.Windows.Server.AD.ClientMonitoring

Optional; enables client monitoring

Import Management Pack

After Import Active Directory Server Pack

Enable the Agency Proxy Setting on All Domain Controllers

Note ：如果你不想變更這安全性選項或者不需要 Discovery connection objects，你可以透過 override來停用 AD Remote Topology discovery rule。

1. Open the Operations Console and click the Administration button.

2. In the Administration pane, click Agent Managed. 3. Double-click a domain controller in the list.4. Click the Security tab.5. Select Allow this agent to act as a proxy and discover

managed objects on other computers.6. Repeat steps 3 through 5 for each domain controller.


Configure an Account for Replication Monitoring

Note ：請使用一組專用的帳號，並將此帳號設成密碼不會過期，一但密碼過期， Replication 的監控就會停止。

設定 Domain Account 的權限。將這 Account 連結到 Active Directory Management Pack Account Profile。



設定 Domain Account 的權限。1. Grant the account the following minimum permissions: · Member of the Local Users Group · Member of the Local Performance Monitor Users group · Access to Windows Event logs · Manage auditing and security log privilege (SeSecurityPrivilege) · Generate security audits privilege (SeAuditPrivilege) · Allow log on locally log on right (SeInteractiveLogonRight)

2. Create the MomLatencyMonitors container as a child container of the root of each domain and application

directory partition that you are going to monitor. a. Click Start, click Run, and then type adsiedit.msc. b. In ADSI Edit, double-click Domain [computername]. c. Right-click DC=domainname,DC=com, click New, and then click Object. d. In Select a class, click Container, and then click Next. e. In Value, type MomLatencyMonitors, and then click Next. f. Click Finish.



設定 Domain Account 的權限。

3. If an application directory partition crosses domain boundaries, provide the

appropriate access for the account in each domain.

4. For each domain controller, give the account Read access to the registry key

HKLM\System\CurrentControlSet\Service\NTDS\Parameters. This enables the

Action Account to find the location of NTDS.dit and the Active Directory log

files.

5. While still at the registry path used in Step 4, note the directory locations

contained in the DSA Database File and Database Log Files Path data

values.

6. For each domain controller, give the account Read access for the two

directories you noted in Step 5.



將這 Account 連結到 Active Directory Management Pack Account Profile。

1. Open the Operations Console, and then click the Administration button.

2. In the Administration pane, expand Security, and then click Run As Accounts.

3. Right-click and select Create RunAs Account, and then follow the prompts to complete the wizard. When you enter the account password, be careful to type the correct password; the field is not validated. For additional information, click the Help button.

4. In the Administration pane, click Run As Profiles.5. Double-click AD MP Account.6. Click the Run As Accounts tab, and then click New.7. Associate the AD MP Account to all domain controllers in your

environment. Because of security restrictions, you must manually select each domain controller and associate the account until all managed domain controllers are associated with this account.

After Import Active Directory Client Management Pack

Enable client Monitoring

1. Open the Operations Console, and then click the Authoring button.

2. Expand Management Pack Objects, and then click Object Discoveries.

3. Locate the AD Client Monitoring Discovery rule. If you do not see the rule, check that your scope is set to include the Active Directory Client Perspective by clicking the Change Scope link at the top of the Actions pane.

4. Right-click the rule and select to override the object discovery for all computers running Windows or for all objects in a group.

5. In the Override Properties window, select Override.6. Change the Override Setting to True. In the Select

destination management pack pull-down menu, select a Management Pack.

7. Click OK to enable the Client Pack.

Configuration Option Additional Information

Change Management Pack default settings by overriding rules as appropriate to your environment.

Using Overrides

Configure the maximum amount of time allowed for a change to replicate across a forest. This value is often monitored closely for Service Level Agreements.

See the Setting the Intersite Replication Latency Threshold Value section.

Disable the collection of warnings, performance data, and miscellaneous noncritical events to decrease network traffic. You can do this in situations similar to the following: •Deployments with very slow wide area network (WAN) links or deployments across satellite links•Large branch office deployments•Deployments in which alerts are forwarded to a global network operations center

See the Disable Performance Data section.

Turn on the storage of replication latency data for specific Domain Controllers so that you can generate reports about replication latency.Replication latency is monitored by the Active Directory Management Pack once you configure the required account, but because of the high volume of data required for this report, the default behavior is to disable the report.

See the Enable Data Collection for the Replication Latency Report section.

Set parameters for commonly used tasks. See the Setting Parameters for Tasks section.

Setting the Intersite Replication Latency Threshold Value

1. Open the Operations Console, and then click the Authoring button. 2. Expand Management Pack Objects, and then click Monitors.3. In the Target pane, expand Active Directory Domain Controller Server

Computer Role.4. Expand Entity Health.5. Expand Availability.6. Right-click AD Replication Monitoring, click Overrides, click Override the

Monitor, and then select the group or type of object for which you want to override the monitor.

7. In the Override Properties window, locate the Intersite Expected Max Latency (min) property.

8. Select the box in the Override column for this property.9. In Override Setting column, type a new value in minutes for the maximum

expected replication latency between domain controllers.10. Select a Management Pack for the override. Typically, you should store all

of your custom overrides in a single Management Pack created for this purpose. If you have not yet created a Management Pack for your overrides, you can use the New button to create one now.

11. Click OK.

Disabling Performance Data

1. Open the Operations Console, and click the Authoring button.

2. Expand Management Pack Objects, and then click Monitors.

3. In the Target pane, expand Active Directory Domain Controller Server Computer Role.

4. Expand Entity Health.5. Right-click Performance, click Overrides, click Disable the

Monitor, select the object or group for which you want to disable the monitor and then click OK.

Enable Data Collection for the Replication Latency Report1. Open the Operations Console, and click the Authoring button.

2. Expand Management Pack Objects, and then click Rules. 3. In the Rules pane, type sources into the Look for box, and then click Find Now. 4. Locate the AD Replication Monitoring Performance Collection (Sources) rule.

There are two rules with this name; be sure you use the rule for the Active Directory Domain Controller Server for your version and not the rule for the Active Directory DC and Global Catalog Server Role. If you cannot find the rule, verify that your current scope includes the Active Directory objects.

5. Right-click the rule, click Overrides, click Override the Rule, and then click For a specific object of type.

6. Select the domain controllers where you want to override the rule. 7. Complete the fields in the Overrides Properties window, and click OK.8. In the Rules pane, type targets into the Look for box, and then click Find Now. 9. Locate the corresponding AD Replication Monitoring Performance Collection

(Targets) rule. There are two rules with this name; be sure you use the rule for the Active Directory Domain Controller Server for your version and not the rule for the Active Directory DC and Global Catalog Server Role. If you cannot find the rule, verify that your current scope includes the Active Directory objects.

10. Right-click the rule and select Overrides -> Override the Rule ->For a specific object of type.

11.Select the Domain Controllers where you want to override the rule. 12.Complete the Overrides Properties window, and then click OK.

Setting Parameters for TasksNETDIAG

NETDOM

NLTEST

REPADMIN

SETSPN

Setting task parameters

• Open the Operations Console, and then click the Monitoring button.• In the Monitoring pane, click Microsoft Windows Active Directory, click Active

Directory Server 2003, and then click DC Server 2003 State View.• In the Actions pane, right-click the task, and then click Run Task.• In the Run Task window, click Override. 1. In the Command Line row, click New Value, fill in the command-line options as

appropriate to your environment, and then click Override.

使用低權限帳號時，必須符合以下條件：必須是 local user group 的成員必須是 local Performance Monitor user group 的成員必須有登入本機的權限

注意： AD Topology Discovery 需要高權限的帳號來執行，預設會自動使用 Local

System 來執行，並不需要使用者來指定。

Computer Groups

AD Domain Controller Group (Windows 2000 Server)

AD Domain Controller Group (Windows Server 2003)

AD Monitoring Client Computer Group

Objects Discovered by the Active Directory

Management Pack

How Health Rolls Up

Key Monitoring Scenarios

Viewing Information

Management Pack Details

Objects the Active Directory Management Pack Discovets

Domain controllers

Global catalogs

Sites

Forests

Site links

Connection objects

How Health Rolls Up

Key Monitoring ScenariosActive Directory 提供的監控項目 :

Client-Side Monitoring Active Directory Trust

Relationships Account and Authentication

Problems Net Logon Service Universal Group Membership

Caching Dependent Services Active Directory Availability Replication Performance Monitoring


Scenario Description

Client-Side Monitoring

Each computer running the Active Directory Management Pack Client Pack can be configured to monitor only the domain controllers in which you are interested. By using the Active Directory Management Pack Client Pack, you can perform the following tasks:•Monitor a specific list of domain controllers.•Monitor domain controllers in the client’s local site.•Monitor domain controllers in a list of specified sites.•Monitor all domain controllers in the client’s domain or in a specified list of domains.•Monitor whether the client can contact a domain controller in its local site.•Monitor whether there are a sufficient number of global catalog servers available.Clients determine domain controller availability by using the following actions:•Pinging, by using both Internet Control Message Protocol (ICMP) and Lightweight Directory Access Protocol (LDAP)•Searching Active Directory•Confirming that a sufficient number of global catalog servers are available•Detecting primary domain controller (PDC) emulator availability and responsiveness

Key Monitoring Scenarios – 續 -Scenario Description

Active Directory Trust Relationships

This scenario monitors trust relationship problems and detects problems with trusts between Active Directory domains and forests.

Account and Authentication Problems

This scenario monitors Active Directory user authentication and account problems between domain controllers, including the following:•Account password problems•Security Accounts Manager (SAM) failures•Invalid requests•Key Distribution Center (KDC) and NTLM errors•Account identifier problems•User credential problems•Account and group problems•Duplicate accounts and security identifiers (SIDs)

Net Logon service This scenario monitors the health of the Net Logon service, including the following:•Computer authentication problems•Computers with duplicate SIDs•Authentication failures for Active Directory computer accounts•Name collisions•Inability of the Net Logon service to register name records with the Windows Internet Name Service (WINS)

Key Monitoring Scenarios – 續 -


Universal Group Membership Caching

This scenario monitors problems with universal group membership caching.

Dependent Services This scenario monitors problems related to the availability of services that are critical to Active Directory operations, including the following:• File replication errors• Journal wrap errors• Computer account policy failures• Problems with time synchronization between Active Directory components• Group Policy processing problems and errors• Computer account problems• Group Policy object problems• Memory allocation problems

Active Directory Availability This scenario monitors various aspects of Active Directory health that affect availability, including the following:• Connectivity failures• Database size and available free disk space• Global catalog problems and errors• Operations master availability



Performance Monitoring

This scenario collects various aspects of domain controller performance, including the following:• Number of NTLM authentications per second• Number of Kerberos protocol authentications per second• Directory searches per second• Number of server sessions• Replication latency• Processor usage• System up time• Memory: page writes per second• Memory: available bytes• Memory: committed bytes• KDC Authentication Service requests per second• KDC Ticket-Granting service (TGS) requests per second• LDAP searches per second• LDAP User Datagram Protocol (UDP) operations per second• Number of LDAP client sessions• Number of LDAP writes per second• Number of Local Security Authority Subsystem private bytes• LSASS handle count• LSASS processor usage



Replication This scenario monitors replication problems or failures, including the following:• Replication failures• Initial replication not completed• Slow replication• Synchronization problems and errors• Time skew problems• Detection of replication islands • Domain controllers having appropriate numbers of replication partners

DC Active Alerts

DC State

Client-Side Monitoring

Active Directory Performance

Views

Replication Views

Topology Views

Viewing Information

Client Monitoring ViewsView Name Description

Client ADSI Bind and Search Time

Displays the time, in seconds, required to perform a search for the domain controller (using a subtree search in the default directory partition and cn=computername as the filter) that is retrieved from the rootDSE object. This search is done only after the script has completed a bind to the rootDSE of the domain controller using ADSI.

Client Alerts Provides a list of alerts generated from the client monitoring function.

Client GC Search Time Displays the time, in seconds, required by the AD Client GC Availability script to perform a search of the global catalog.

Client LDAP Ping and Bind

Displays the time, in seconds, of how long it takes for the client to perform an LDAP ping and bind operation on the domain controller.

Client PDC Ping and Bind Time

Displays the time, in seconds, of how long it takes the client to ping and bind the domain controller that hosts the PDC operations master role.

Client Performance Overview

A view that displays the LDAP Ping and Bind view, the Client GC Search Time view, the Client ADSI Bind and Search Time view, and the Client PDC Ping and Bind Time view all in one pane.

Client State Displays the current state of all monitoring clients.

Active Directory Performance ViewsView Name Description

AD DIT/Log Free Space

Displays in bytes the amount of free space on the volumes containing the Active Directory Directory Information Tree (DIT) and log files.

All Performance Data Allows you to pick which pieces of information to display from the entire set of Active Directory performance data.

Database and Log Overview

A view that displays the Database Size view, the Log File Size view, and the Active Directory DIT/Log Free Space view all in one pane.

Database Size Displays the size, in bytes, of the Active Directory database.

DC OS Metrics Overview

A view that displays the LSASS Processor Time view and the Memory Metrics view in one pane.

DC Response Time Displays the time, in seconds, it takes for a domain controller to respond to a request.

DC/GC Response A view that displays the DC Response Time view and the GC Response Time view in the same pane.

GC Response Time Displays the time, in seconds, it takes for a global catalog to respond to a request.

Log File Size Displays, in bytes, the size of the Active Directory Log File.

LSASS Processor Time

Displays, as a percentage of the total time available, the processor time being consumed by the Local Security Authority Subsystem (LSASS).

Memory metrics Allows you to pick which memory metrics to display from the entire set of Active Directory data.

Op Master Performance

Displays the performance data collected by the AD OpMaster Response script, which measures the responsiveness of all monitored domain controllers that host an Operations Master role.

Replication Monitoring Views

View Name Description

Intersite Replication Traffic Displays, in bytes per second, the amount of inbound compressed replication data.

Replication Alerts last 7 days

Displays the last seven days of alerts.

Replication Inbound Bytes/sec

Allows you to pick which Directory Replication Agent (DRA) inbound bytes metrics to display on one graph.

Replication Latency Displays, in minutes, how long it takes for a change that is made in one location in Active Directory to be reflected in all connected Active Directory domain controllers.

Replication Performance Overview

A view showing the previous four views in one pane.

Topology Views

View Name Description

AD Domains Displays a topology of all your Active Directory domains.

AD Sites Displays a topology of all your Active Directory sites

Connection Objects Displays a topology for all your connection objects. Stale connection objects are shown as an error, or red, state. To see only your stale connection objects, use the Filter by Health button above the view to show only those objects in the error state.

Topology A topology that contains all information in the previous three views.

Reports

你可以使用 Active Directory Management Pack提供的報表來了解特定期間的趨勢狀態。所提供的報表有：

• Configuration Information

• Operations Information

• 各式各樣其他的 Reports

Configuration Information Reports

Report Name Description

AD Domain Controllers

Lists all domain controllers in the selected domain, along with their Internet Protocol (IP) addresses and sites.

AD Role Holders Lists which computers are holding one or more operations master roles or are global catalog servers.

AD Replication Site Links

Summarizes the current replication site link configuration for Active Directory.

Operations Information Reports

Report Name Description

AD Domain Changes Summarizes significant changes to the domain, such as movement of the PDC emulator operations master and the addition or removal of domain controllers.

AD Machine Account Authentication Failures

Summarizes which workstations (that are joined to the domain) are unable to authenticate. This failure can prevent Group Policy updates and software distribution to the computer.

AD SAM Account Changes Summarizes events that indicate that the SAM has detected an error. Corrective guidance is provided where applicable.

Miscellaneous ReportsReport Name Description

DC Disk Space Chart Summarizes Active Directory disk space usage and free space for the database and log volumes. It is critical that adequate free space be available for Active Directory. Use this report to track trends and predict the size of volumes that you will need, given your current growth rate.

AD Replication Bandwidth Summarizes the replication bandwidth, compressed and uncompressed, over the selected period. This report is useful for tracking trends and planning capacity for replication bandwidth requirements.

Top Applications (Client Monitoring only)

This report shows the top ten errors that were encountered by the client monitoring. It shows the application name, version, vendor, total volume, number of unique users that were affected, and the number of unique computers that were affected.

Top Error Groups (Client Monitoring only)

This report shows the top error groups, total crash count, average crash count per error group, and average daily crash count per error group.

Management Pack Details

To see knowledge for a monitor• In the Operations Console, click the Authoring

button.• Expand Management Pack Objects, and then click

Monitors.• In the Monitors pane, expand the targets until

you reach the monitor level. Alternatively, you can use the Search box to find a particular monitor.

• Click the monitor, and in the Monitor pane, click View knowledge.

1.Click the Product Knowledge tab.

你可以在這個網址找到相關資訊 – http://go.microsoft.com/fwlink/?

LinkId=29499Problem Solution

The DC/GC Response View or the GC Response Time Performance View shows zero latency for the Global Catalog Response.

None. This is a known problem with the Active Directory Helper Object (OOMAD) and will be addressed in a future release of this helper object. For more information, see the "64-bit Considerations on Windows Server 2003" topic in the section.

You see alert messages with the following message: Scripts failing to create object 'McActiveDir.ActiveDirectory'.

This is caused by a missing Active Directory Helper Object (OOMADS). Go to Add or Remove Programs and make sure the AD Helper object is installed. If it is not, follow these steps to manually install the object:1. On the domain controller locate the folder %ProgramFiles%\System Center Operations Manager 2007\HelperObjects2. Double-click oomads.msi to run the installation.

The topology views are empty.

Verify that you have enabled the Agency Proxy setting on all domain controllers. For more information, see the "Enable the Agency Proxy Setting on All Domain Controllers" topic in the section.

The client monitoring views are empty.

Verify that you have set the client monitoring override to enable client monitoring. For more information, see the "After You Import the Active Directory Client Management Pack" topic in the section.

Getting Started – Import Management PackOptional ConfigurationExchange Server Management Pack 的安全性考量Exchange Server Management Pack 的剖析

你可以在以下的網址找到 Microsoft Exchange Server

Management Pack - http://go.microsoft.com/fwlink/?

LinkId=82105

你可以在以下的網址找到最新的文件 - http://go.microsoft.com/fwlink/?LinkId=85414

下載最新的 Exchange Server Management Pack

Exchange Server Management Pack 新功能

自動調整 e-mail message queue thresholds ，透過學習過程判斷特定效能常態值並自動設定 (alert)門檻值從 operations console 叫用 Exchange Server System Manager實施 Exchange MAPI Logon模擬 , 獲取相關資訊

新增的 Agent tasks:

安裝 Exchange Server Best Practices Analyzer

執行 local domain controllers query

啟動、停止、暫停和重新啟動 Exchange Server 相關服務

Brfore Import Management Pack

建議加強 Exchange環境的安全性

在 Exchange front-end servers啟用 Secure Sockets

Layer (SSL)

儲存 Message Tracking Log的分享資料夾已受保護

SMTP 資料夾採用 NTFS file system partition

不接受 SMTP 匿名 relay

為 Exchange Servers做必要的設定，以便提供 Operations

Manager 2007 進行監控

更新 .NET Framework hotfix

下載 Exchange Server Management Pack 的相關檔案，包含 :

Microsoft.Exchange.Server.Library.MP (Exchange Server Core Library)

Microsoft.Exchange.Server.2003.Monitoring.MP (Exchange Server 2003 Discovery)

Microsoft.Exchange.Server.2003.Monitoring.MP (Exchange Server 2003 Monitoring)

Microsoft Exchange Server Management Pack Configuration Wizard

建議 : (服務系統的相關設備監測 )

至少應選用 Active Directory Domain Services (AD DS) Management Pack

其他 : 監控執行 Exchange Server 的 OS 、監控 Internet Information Services (IIS) 、監控網路設備 ( 例如 :router) 等

Agent-Managed

必須安裝 SCOM 2007 Agent 才能提供所有的監控功能

Agentless Managed

Exchange Server Management Packs for Operations

Manager 2007 不支援 agentless 方式的監控。

Import Management Pack

Run the Exchange Management Pack Configuration Wizard

Requirements

需有安裝 .NET Framework 1.1 與 Exchange System Manager。

安裝的使用者必須有本機 Administrator 的權限。

所有需要設定的 Exchange 必須安裝 SCOM 2007 Agent與啟動 Remote Registry Service。

執行 wizard 的帳號必須有 Exchange full administrator

rights。


Install the Configuration Wizard

1. 執行 MPConfigApp.exe 來解開 Configapp.msi 檔案。

2. 執行 ConfigApp.msi，必依指示來完成安裝。


使用預設值進行設定時啟用的監控項目Enables message tracking.

Enables service monitoring of the following services:

Microsoft Exchange Information Store

Microsoft Exchange Management

Microsoft Exchange MTA Stacks

Microsoft Exchange System Attendant

Simple Mail Transfer Protocol (SMTP)

World Wide Web Publishing Service

Creates a Test mailbox on the First Mailbox Store of Exchange.

Enables server availability monitoring, and lets you identify the

sending and receiving mail servers for the mail flow test.

Creates the Mailbox Access Account and mailbox.

Install the Configuration Wizard

Run Configuration Wizard with Default Setting

Enable Exchange Topology View

To enable Exchange Topology Discovery

1. Enable the agent proxy on all managed servers running

Exchange Server 。

2. Use overrides to enable Exchange Topology Discovery on a

managed server running Exchange Server 。

1. In the Authoring pane of the Operations Manager 2007 Operations Console, click Object Discoveries.

2. In the Object Discoveries pane, right-click Exchange 2003 Topology Discovery, point to Overrides, point to Override the Object Discovery, and then click For a specific object of type: Exchange 2003 Role.

3. In the Select Object dialog box, type the search criteria, and then click OK.

4. Select the desired server running Exchange Server 2003 from Matching objects, and then click OK.

5. In the Override Properties dialog box, select Override for the Enabled parameter, and then select True from the Override Setting drop-down list.

6. Select the Management Pack to save the override in, and then click OK.

Configure Custom URLs For OWA,OMA,and EAS

To configure a custom URL for Outlook Web Access

Open Registry Editor, locate the \\HKLM\Software\Microsoft\

Exchange MOM\ FEMonitoring\front-end servername\ key, and

create a registry value (type string) named CustomUrls. Enter

the custom URL value as a comma-delimited list in this value.

For single URLs, follow this example:

· https://www.example.com/exchange

For multiple URLs, use the following format:

· https://www.example.com/exchange,

https://www.example.com/mail

Note

Do not append the mailbox name in the URL, such as

https://www.example.com/exchange/johnsmith, or the synthetic logon

will fail.


To configure a custom URL for Outlook Moblie Access

Open Registry Editor, locate the \\HKLM\Software\Microsoft\

Exchange MOM\FEMonitoring\ front-end servername\ key, and

create a registry value (type string) named CustomOmaUrls.

Enter the custom URL value as a comma-delimited list in this

value. For single URLs, follow this example:

· https://www.example.com/oma

For multiple URLs, use the following format:

· https://www.example.com/oma,

https://www.example.com/moblie


To configure a custom URL for Exchange ActiveSync

Open Registry Editor, browse to the \\HKLM\Software\Microsoft\

Exchange MOM\ FEMonitoring\front-end servername\ key, and

create a registry value (type string) named CustomEasUrls.

Enter the custom URL value in this registry value, for

example:

• https://www.example.com/Microsoft-Server-ActiveSync

Configure Exchange Clusters

• Microsoft Windows Server Library Management Pack 會 Discovery Windows Cluster 的 virtual node

• Virtual node 會被加入 Management Group。• Exchange Management Pack 會 discovery 和

monitory 這些 Cluster Server 上的 Virtual node。• 因此這些 Cluster Server 上的 Virtual node 會被關聯

到 Exchange Role，而不是 physical nodes。

建議：請匯入 Windows Cluster Server Management Pack，一起監控 Windows Cluster Server。

Monitor Exchange Server over Low-Bandwidth Connections

• 使用 overrides 設定相關的 rules 來收集較少物件的資料

• 以較低的頻率來執行相關的 rules• 加大時間間距• 停用相關 rules• …等等

Using Group

Using Roles• Groups• Tasks• Views

Objects Discovered by the Exchange Server

Management Pack

How Health Rolls Up


Viewing Information

Objects Discovered by the Exchange Server Management Pack

Object Discovery Rule Name

Discovered Object Type

Exchange 2003 ActiveSync Discovery

Exchange 2003 ActiveSync component on Exchange 2003 front-end servers

Exchange 2003 Database Discovery

Exchange database component(s) on Exchange 2003 back-end servers

Exchange 2003 IMAP4 Service Discovery

Exchange 2003 IMAP4 service

Exchange 2003 Information Store Discovery

Exchange 2003 Information Store service

Exchange 2003 Initial Server Discovery

The initial discovery of a server running Exchange Server 2003. Disabling this rule disables all local discovery of a server running Exchange 2003 Server

Exchange 2003 Mailflow Discovery Exchange 2003 Mailflow Monitoring Component

Exchange 2003 Management Service Discovery

Exchange 2003 Management Service

Exchange 2003 MAPI Discovery MAPI logon monitoring component on a back-end server running Exchange Server 2003

Exchange 2003 Message Transfer Agent Stack Service Discovery

Exchange 2003 MTA Stack Service

Exchange 2003 Outlook Mobile Access Discovery

Exchange 2003 Outlook Mobile Access component on front-end servers for Exchange Server 2003

Objects Discovered by the Exchange Server Management Pack

Object Discovery Rule Name Discovered Object Type

Exchange 2003 Outlook Web Access Discovery

Exchange 2003 Outlook Web Access component on front-end servers for Exchange Server 2003

Exchange 2003 POP3 Service Discovery

Exchange 2003 POP3 Service

Exchange 2003 Queue Discovery Exchange 2003 Queue Monitoring Component

Exchange 2003 Replication Service Discovery

Exchange 2003 Replication Service

Exchange 2003 Routing Engine Service Discovery

Exchange 2003 Routing Engine Service

Exchange 2003 Server Role Attribute Discovery

Discovers all attributes of a server running Exchange Server 2003

Exchange 2003 System Attendant Service Discovery

Exchange 2003 System Attendant Service

Exchange 2003 SMTP Service Discovery

Exchange 2003 SMTP Service

Exchange 2003 Topology Discovery Exchange 2003 topology. The topology can include computers running Exchange Server 2003 that are not yet managed by Operations Manager 2007

Exchange Server 各元件之間的關係How Health Rolls Up

Key Monitoring Scenarios - Can MAPI Client Log On the Exchange Database?

Rules for MAPI Logon Monitoring Rule Name Alert Properties

Event Collection Rule for MAPI Logon failure Not applicable: This rule collects event data; it does not generate alerts.

MAPI Logon Failure Event-basedPriority: MediumSeverity: Warning

MAPI Logon Failure: Cannot verify Exchange Information Store service availability due to unexpected error

Event-basedPriority: MediumSeverity: Warning

MAPI Logon Failure: Error preventing MAPI Logon attempt


MAPI Logon Failure: Test mailbox residing on the wrong server


Performance Collection Rule for MAPI Logon latency

Not applicable: This rule collects performance data; it does not generate alerts.

Key Monitoring Scenarios - Can MAPI Client Log On the Exchange Database? –續 -

Views for MAPI Logon Monitoring • MAPI Logon Active Alerts• MAPI Logon Latency

Reports for MAPI Logon Monitoring • Availability Report• Performance Report

Key Monitoring Scenarios - Can E-mail Be Sent and Received ? Monitors for Mail Flow Monitoring• Exchange Mail Flow Monitor (Sender Part)• Exchange Mail Flow Monitor (Receiver Part)

Rules for Mail Flow Monitoring

Rule Name Alert Properties

An incorrect parameter was sent to the Received Mail script


EAS logon failure: Forbidden Event-basedPriority: MediumSeverity: Warning

Configuration problem detected by the mail flow receiver script


Configuration problem detected by the mail flow sender script


Key Monitoring Scenarios - Can E-mail Be Sent and Received ? –續 -



General errors in the mail flow receiver script Event-basedPriority: MediumSeverity: Warning

General errors in the mail flow sender script Priority: MediumSeverity: Warning

Mail flow latency exceeded the specified threshold


Mail flow message not received Event-basedPriority: MediumSeverity: Warning

Mail flow script cannot resolve recipient's address





Performance Collection Rule for mail flow receiver


Timeout when calling the mail flow receiver Event-basedPriority: MediumSeverity: Warning

Timeout when calling the mail flow sender Event-basedPriority: MediumSeverity: Warning

Warning: Mail flow message not received Event-basedPriority: MediumSeverity: Warning


Views for Mail Flow Monitoring • Mail Flow Active Alerts• Mail Flow Performance Data

Reports for Mail Flow Monitoring • Availability Report• Performance Report

Key Monitoring Scenarios - Can Customers Able to Access Their E-mail with Their Web Browser?

Monitors for OWA Monitoring • Outlook Web Access Logon MonitorThis Monitor requires Exchange Server 2003 Service Pack 1

Key Rules for OWA Monitoring Rule Name Alert Properties

Outlook Web Access: Current Web Service Connections


Outlook Web Access: Message Opens / second


Outlook Web Access: Message Sends / second


Outlook Web Access: Number of Recent Users


Outlook Web Access: Authentication / second Not applicable: This rule collects performance data; it does not generate alerts.

Key Monitoring Scenarios - Can Customers Able to Access Their E-mail with Their Web Browser? 續

Key Rules for OWA Monitoring


Outlook Web Access: Total Messages Opened Not applicable: This rule collects performance data; it does not generate alerts.

Outlook Web Access: Total Messages Sent Not applicable: This rule collects performance data; it does not generate alerts.

Outlook Web Access logon failure: (HTTP error 401) Unauthorized


Outlook Web Access logon failure: Service Unavailable


Performance Collection Rule for Outlook Web Access logon latency


Key Monitoring Scenarios - Can Customers Able to Access Their E-mail with Their Web Browser? 續

Views for OWA Monitoring • OWA Active Alerts• OWA Logon Latency• OWA Performance Data

Reports for OWA Monitoring

• Availability Report• Performance Report

Key Monitoring Scenarios - Are Customers Able to Synch Their Devices ?

Monitors for EAS Monitoring • Exchange ActiveSync Monitor• Exchange ActiveSync Hearbeat Interval MonitorThis Monitor requires Exchange Server 2003 Service Pack 1 Key Rules for EAS Monitoring

Rule Name Alert properties

ActiveSync: Pending I/O requests to Exchange server


ActiveSync: rate of incoming changes from ActiveSync devices (changes\sec)


ActiveSync: rate of I/O request to Exchange server (requests/sec)


ActiveSync: rate of outgoing changes sent to ActiveSync devices (changes\sec)


ActiveSync: Total number of unrecognized requests since last service start


ActiveSync: Total number of users since last service start


Key Monitoring Scenarios - Are Customers Able to Synch Their Devices ? 續

Key Rules for EAS Monitoring Rule Name Alert properties

Current number of ActiveSync users Not applicable: This rule collects performance data; it does not generate alerts.

Exchange ActiveSync logon failure: Bad Request


Exchange ActiveSync logon failure: Forbidden Event-basedPriority: MediumSeverity: Warning

Exchange ActiveSync logon failure: General Error


Exchange ActiveSync logon failure: Internal Server Error


EAS logon failure: Server Busy Event-basedPriority: MediumSeverity: Warning

Performance Collection Rule for Exchange ActiveSync logon latency


Key Monitoring Scenarios - Are Customers Able to Synch Their Devices ? 續

• EAS Active Alerts• EAS Logon Latency• EAS Performance Data


Views for EAS Monitoring

Reports for EAS Monitoring

Key Monitoring Scenarios - Are Customers Able to Access E-mail from their Device Browers ?

Monitors for OMA Monitoring • Outlook Mobile Access Monitor• Outlook Mobile Access Last Response Time MonitorThis Monitor requires Exchange Server 2003 Service Pack 1 Key Rules for OMA Monitoring


Outlook Mobile Access logon failure: ASP.net errors Event-basedPriority: MediumSeverity: Warning

Outlook Mobile Access logon failure: Outlook Mobile Access configuration errors


Outlook Mobile Access logon failure: Unable to connect


Outlook Mobile Access logon failure: Wireless access is not enabled for the account


Performance Collection Rule for Outlook Mobile Access logon latency


Unable to Connect to Exchange Server Event-basedPriority: MediumSeverity: Critical

• OMA Active Alerts• OMA Logon Latency


Views for OMA Monitoring

Reports for OMA Monitoring

Key Monitoring Scenarios - Are Customers Able to Access E-mail from their Device Browers ? 續

Key Monitoring Scenarios - Exchange Database 是否有足夠的磁碟空間 ?

Monitors

Property Monitored Default Threshold Health State

% Free for all drives •· 2% or less•· 5% or less

•· Error•· Warning

MB Free for all drives •· 400 MB or less•· 1000 MB or less


% Free on Queue drive •· 5% or less•· 20% or less


MB Free on Queue drive •· 1000 MB or less•· 5000 MB or less


% Free on Log drive •· 5% or less•· 20% or less


MB Free on Log drive •· 1000 MB or less•· 5000 MB or less


Key Monitoring Scenarios - Exchange Database 是否有足夠的磁碟空間 ? -續 -

Key Rules for Monitoring Exchange Database Free Disk Space


Low free disk space Event-basedPriority: MediumSeverity: Warning

The database engine is rejecting update operations due to low disk space on the designated disk

Event-basedPriority: MediumSeverity: Critical

Very low free disk space Event-basedPriority: MediumSeverity: Warning

• Database Performance• Database Storage Active Alert• Mailbox Average Messages• Mailbox Average size in MB• Mailbox Median Messages• Mailbox Median size in MB• Public Folder Average Message Count• Public Folder Median Messages• Public Floder Median size in MB

• Exchange Disk Usage Report

Views for Monitoring Exchange Free Disk Space

Reports for OMA Monitoring

Key Monitoring Scenarios - Exchange Database 是否有足夠的磁碟空間 ? -續 -

Key Monitoring Scenarios - Exchange Information Store 是否運作正常 ?

Monitors

Monitor Name Description

IS RPC Latency Remote procedure call latency in milliseconds for the past 1024 packets of data.

IS RPC Requests The number of client requests that are currently being processed by the Information Store.

IS Virtual Bytes The current size, in bytes, of the virtual address space the Information Store process is using.

LDAP Search Time The time, in milliseconds, it takes the Information Store process to send an LDAP search request and receive a response.

Key Monitoring Scenarios - Exchange Message Queues 是否在正常範圍 ?

•Exchange Server 2003 Management Pack 提供很多 Windows NT Performance-based self-tuning threshold rules 來監控 Exchange 環境的效能與可用度。•Exchange queues 便是使用 self-tuning thresholds。例如監測 SMTP Local Queue 一個星期來建立 baseline，以後只要超出 baseline，便會觸發 alert。

Viewing Information Active Sync Components (of Exchange) IMAPI4 Mail Flow Mail Queues MAPI Logon Message Transfer Agent Outlook Mobile Access Outlook Web Access Overview (dashboard views of Exchange components) POP3 Server Performance SMTP Storage

TasksTask Name Task Description

Exchange System Manager Starts the Exchange Server System Manager from the Operations Manager 2007 Operations Console.

Note Exchange Server System Manager must be installed on the computer on which the task is run.

Install EXBPA Installs the Exchange Server Best Practices Analyzer (EXBPA).

Query Local Domain Controllers Lists local domain controllers and their status.

Start, stop, pause, and resume Exchange services.

Provides the ability to start, stop, pause, and resume Exchange monitored services, as supported by each Exchange service.

Active Client Logons By Day

Client Logons Per Day

Exchange Disk Usage

Exchange IMAP4 Usage

Exchange Information Store Usage

Exchange Mailbox Store Usage

Exchange MTA Usage

Exchange POP3 Usage

Exchange Server Configuration

Exchange SMTP Usage

Exchange WebMail Usage

Highest Growth Mailboxes

Highest Growth Public Folders

Reports ( 一 )

Mail Delivered Top 100 Recipient Mailboxes by Count

Mail Delivered Top 100 Recipient Mailboxes by Size

Mail Delivered Top 100 Sender Domain by Count

Mail Delivered Top 100 Sender Domain by Size

MTA Work Queue Length By Day

SMTP Out Top 100 Recipient Domains by Count

SMTP Out Top 100 Recipient Domains by Size

SMTP Out Top 100 Senders by Count

SMTP Out Top 100 Senders by Size

Top 100 Mailboxes by Message Count

Top 100 Mailboxes by Size

Top 100 Public Folders by Message Count

Top 100 Public Folders by Size

Reports ( 二 )

Exchange 相關資料

• Exchange Server 2003 Performance and Scalability Guide http://go.microsoft.com/fwlink/?linkid=69704

• Troubleshooting Microsoft Exchange Server 2003 Performance http://go.microsoft.com/fwlink/?LinkId=47588

• 下載 Exchange Server 2003 的各項資源http://www.microsoft.com/taiwan/exchange/downloads/2003.htm

在何處取得 TechNet 相關資訊？• 訂閱 TechNet 資訊技術人快訊

http://www.microsoft.com/taiwan/technet/flash/• 訂閱 TechNet Plus

http://www.microsoft.com/taiwan/technet/• 參加 TechNet 的活動

http://www.microsoft.com/taiwan/technet/• 下載 TechNet 研討會簡報與錄影檔

http://www.microsoft.com/taiwan/technet/webcast/

Documents

Welcome. Getting Started – Import Management Pack Optional Configuration Active Directory Management Pack 的安全性 考量 Active Directory Management Pack 的剖析

Welcome. Getting Started – Import Management Pack Optional Configuration Active Directory Management Pack 的安全性考量 Active Directory Management Pack 的剖析