Our Operations Center asked me to investigate an alert that they had received from a client’s managed server. The associated event initially seemed to indicate a problem with the System event log:
Type: Error
Source: Health Service Modules
Category: N/A
Event ID: 25004
Date: 2008-09-09
Time: 09:13:47
User: N/A
Computer: CLIENTDC1
Description:
The Windows Event Log Provider is still unable to open the System event log on computer ‘{BE6AEC47-3H7F-97C4-20G4-D37GB234BC98}’. The Provider has been unable to open the System event log for 4390 seconds.
Most recent error details: The RPC server is unavailable.
One or more workflows were affected by this.
Workflow name:
Microsoft.Windows.DHCPServer.Library.Server.UnitMonitor.DependentServiceHealth
Instance Name: clientdc1.somedomain.com
Instance ID: {BE6AEC47-3H7F-97C4-20G4-D37GB234BC98}
Management Group: MGMTGP1
During my troubleshooting, I came across a recent posting on the Microsoft Connect web site that indicated that the problem was due to an apparent bug in the current DHCP Management Pack rather than a System event log problem. The admin that submitted the bug uninstalled the management pack and the alerts stopped. I did not want to uninstall the entire management pack so I began searching through the monitors looking for the culprit that was causing the noise.
From the Authoring space of the System Center Operations Manager 2007 Console, I selected Monitors in the Authoring pane, located and expanded Microsoft Windows DHCP Server in the Monitors pane and expanded the Entity Health and Availability aggregate rollups. I then right-clicked on the DHCP Dependent Service Health Monitor and selected Overrides > Override the Monitor > For all objects of type: Microsoft Windows DHCP Server to configure the override of the monitor.
The monitor triggers the 25004 event every 12 minutes. Once I had created the override, I monitored the System event log for approximately 30 minutes and saw no repeat alerts.
Remember, when working with management packs, it is considered a best practice to create overrides to rules and monitors rather than disable them. Also, do not save overrides to the Default Management Pack – create a new management pack for the override with a descriptive name.
October 27, 2008 at 4:13 pm |
which setting is your override configured for?
October 28, 2008 at 6:35 am |
Good morning, Chris,
The actions that I took basically turn off the event monitor DHCP Dependent Service Health Monitor for all DHCP servers that we manage. Although we would normally not want to totally disable a monitor, we deemed it appropriate in this case since the alert is the result of a bug in the management pack, as opposed to totally uninstalling the DHCP management pack as did the admin referenced in my post. I hope this clarifies things and answers your question.