Interpreting Monitor alerts

Similar Messages

• Operations Manager - KMS Idle Minutes Monitor Alerts - False Positives As Event ID 12290 Still Being Logged

  Hi all,
  I am using System Center 2012 R2 Operations Manager with the Key Management Service Management Pack at version 6.0.7234.0, and I keep receiving the following alert in Operations Manager:
  "Idle Minutes Monitor Alert:
  Key Management Service (KMS) inactivity exceeded threshold
  Knowledge:
  Summary:
  The purpose of this rule is to alert system administrators to a possible KMS or network outage. This rule monitors the end-to-end operation of KMS activation. A notification event is created by KMS if no activation or renewal requests were logged by KMS
  (activity event 12290) in the specified time interval. In addition to new activations, periodic renewal requests are expected to occur (default is 7 days). Whether or not this alert is serious depends on the number of machines in the KMS environment, how many
  are actually connected, and the configured renewal interval.
  Causes:
  Any failure or incorrect configuration of the KMS service, other Windows components, firewall, hardware, network or routers can trigger the Idle Minutes Alert. This alert can also result from normal behavior, since it is possible that not enough machines
  attempted to activate or renew during the specified time interval.
  Resolutions:
  The first step is to determine whether there really is a problem. Start with a known good KMS client and run (with elevated privileges) the script slmgr.vbs -ato . If the activation/renewal fails, it will report an error code. You can direct the client to
  connect to a specific KMS machine by using the slmgr.vbs -skms option. The request event (12288) and response event (12289) in the Windows Application event log may provide additional information, including the identity of failing KMS machines. If there has
  been a failure, check the following:
  Software Licensing service (slsvc) is running.
  Other KMS machine behavior is normal.
  KMS firewall port is open (default is TCP 1688).
  Attempt to connect to KMS using telnet to the KMS port(you won’t be able to do anything other than connect)
  Use a network monitor (e.g. netmon) to capture and trace network problems.
  There is one Idle Minutes Monitor that is used to monitor for activity. It may be desirable to adjust the time threshold, depending on expected KMS activity."
  Despite what the alert says, there are activity events with ID 12290 being logged, but they are appearing under the 'Key Management Service' log instead of the general 'Application' log.  I know that my clients are activating with the server without
  any problems as I have run slmgr.vbs -ato with success on a number of them, and none are stating that activation is required.  This issue was previously raised here:
  http://social.technet.microsoft.com/Forums/systemcenter/en-US/1391acf8-f0be-4a48-9039-8d24e275f1fd/kms-idle-time-monitor-raise-wrong-alerts?forum=operationsmanagermgmtpacks, but  I am running Windows Server 2008 R2 SP1 and the hotfix KB981314 comes
  up as 'not applicable to this computer' so I assume it is part of SP1 now.  I have also tried installing KB2692929, as that was cited as being a possible fix here:
  http://social.technet.microsoft.com/Forums/systemcenter/en-US/8ec8ae5b-a310-4b0f-9a5f-e0599bceb93a/kms-managementpack?forum=operationsmanagermgmtpacks, however I am still seeing the same alerts.
  Would greatly appreciate any further suggestions!
  Many thanks

  Hi,
  I've checked for all the events that are generated by our servers, and there are periods of time where no requests are received for up to 18 hours, so that is no doubt why the alerts are appearing (we then sometimes see five requests in the same minute,
  but there we go).  I'll need to adjust the thresholds.
  Thank you for your help, Chunky.1, I'll mark your reply as the answer, as it was very helpful in understanding the alert.
  For anyone else who needs to check this, create a PowerShell script using the following content, and place your own details into the relevant sections in bold (without the brackets, of course).  This will generate a csv file which will have the server
  name in one column and the time that the request event was generated - you can then check the gaps between the requests.  The script is quick and dirty, with no checks along the way, so feel free to embellish it as required.
  Out-File "<directory to place file in>\KMS_check_results.csv"
  $results = get-eventlog -ComputerName <KMS server hostname> -logname 'Key Management Service'|where{$_.message -match "<String which identifies servers instead of clients>"}
  $filteredresults = @()
  foreach($event in $results){
      #This splits up the message into sections, separated by commas, and places each section as an element in an array
      $event.Message -split ","|foreach{
          if($_ -match "<server domain suffix - e.g. contoso.com>"){
              $eventserver = $_
      $timegenerated = $event.TimeGenerated
      $filteredresults += New-Object PSObject -Property @{
          Server = $eventserver
          TimeGenerated = $timegenerated
  $filteredresults|select-object server,timegenerated|export-csv "<directory to place file in>\KMS_check_results.csv"  -NoTypeInformation

• Configuring HP-Openview to monitor alerts of CCMS in SAP system via SOLMAN

  Hi All,
  I need to configure CCMS in SOLMAN and then monitor the same alerts via HP-Openview because thats what is used in my company to monitor alerts.I have a few queries regarding the same:
  1. Is it possible to configure CCMS in SOLMAN and then monitor the same alerts via HP-Openview.
  2. How actually does HP-Openview work regarding picking up monitoring data from CCMS in SAP.
  3. Does it work like CCMS would be generating logs of the alerts and stored some where and we could congigure HP-OV to look for a keyword in the logfile by giving HP-OV the path of that logfile and as soon as it comes across that keyword it would generate an alert.
  4. Do we need any addon to be downloaded ( also want to know whether its free or cost is involved) and configured in SAP under CCMS that would help Hp-OV to detect alerts.
  Regards,
  Ashish Robinson
  SAP BASIS TEAM

  i think so.. i have seen somewhere..
  I will get back to you on this.

• Solman Setup system Monitoring alert threshold value for Filesystem issue

  Hi,
  Our solman system is SAP EHP 1 for SAP Solution Manager 7.0 sp level 0024.
  We have setup the alerts System Monitoring alerts from DSWP in solman system for our target production system .
  But while assigning individual threshold values of filesystem freespace in MB for windows operating system disks C:,D:..all the values are getting changed after saving  to same value.(i.e if I update C:\ disk value and click on save rest of disks are also getting updated to this value).
  The same works fine for filessytems if target system OS is unix.
  I have tried the examples suggested in note:522453 but it nothing changed.Please suggest.

  Hi Sonal
  when you want to save the thresholds for only the one MTE you set
  you need to click on
  EDIT
  -> PROPERTIES
     -> USE FOR INDIVIDUAL MTE
  Kind Regards
  Marius

• CCMS monitoring alerts

  Hi Experts,
  I need to install and configure CCMS Monitoring alerts.I don't have idea about CCMS, please help me for this and give me any links or docs.
  In my Landscape we have 4 SAP systems.
  1. SAP CRM7.0 EHP2
  2.SAP ECC6 EHP5
  3.NET WEAVER 7.3 EHP1
  4.SAP SRM7.0 EHP2
  Thanks
  Jana

  Hi Jana,
  Please see link:
  http://help.sap.com/saphelp_crm700_ehp03/helpdata/en/49/2d927507361903e10000000a42189c/frameset.htm
  Normaly CCMS alrts are set as default.  If it is not activated please see as well note 1827820 which might have been applied in your system.
  Best regards - Christophe

• Cloud Service Monitor Alert Can't be Created

  Hi Team,
  we had a cloud service deployed at Azure North Ireland Data Center,
  i would like to create monitor for the role instance, but when creating alert it shows an error, and the alert can't be created.
  thanks in advance

  Hello Baker,
  Thanks for posting here!
  I reproduced the issue on my system it works fine for me.
  As per the description provided what I have understood is that the configuration did not go successfully or could be a problem in execution.
  Delete the configuration and try to reconfigure the Alerts.
  Sometimes it could be the browser issue. Try deleting cache and cookies and then try again or try with different browser.
  If it doesn't work, I suggest you could try to deploy a new cloud service and the try to configure the Alerts.
  You might want to check the below mentioned links for better understanding:
  Understanding Monitoring Alerts and Notifications in Azure
  How to: Receive Alert Notifications and Manage Alert Rules in AzureHow
  to Monitor Cloud Services
  And a Video for setting up
  Endpoint Monitoring for Azure Web Sites.
  Let me know if that helps!
  Best Regards,
  Sadiqh Ahmed

• How to monitor Alert file large in EM Grid

  Hello,
  In Enterprise Manager 9 we used to monitor Alert File Large.
  I am not able find this in Grid Control.
  Can anybody tell me how to monitor this metric in OEM 10 GRid?
  Best regards,
  Jvries

  You must to select the host target and metric and policy issues
  Select all metrics and search File or Directory size MB
  You can to add the file when you want to monitor the size and
  you must to enable a response action when the critical theshold appear
  The response action must be a shell script like this
  #/bin/ksh
  #if you want backup
  cp /directory/file.log /backup_destination/file.log.bak
  #for clean the file and his size was empth
  /directory/file.logRemember that you want enable the credentials for host and the owner of agent had rights of read and write in the location of file
  Regards

• HANA DB - what if db goes down, how to monitor/alerting using Studio

  I have configured mail alerts for my hana db instance (for certain / all events).
  If I stop my db (instance) I still do not get any alerts because I assume there are no specific events to be set for monitoring/alerting purpose in case hana db itself goes down. Is this a normal behavior in HANA as the db itself has monitoring/alerting capability? If yes then how will a DBA get to know if the db goes down.
  Please correct me if I am missing something while setting alerting mechanism. 

  Also would want to know if there are issues with the latest rev. SP7 w.r.t alerts and hdbstatisticsserver service under Landscape?
  I have observed the hdbstatisticsserver (and daemon.ini) doesnt come up on its own after db instance is restarted.
  FYI: I have HANA Instance on Linux VM (sandbox). 

• Control monitoring alerts- RAR 5.3

  I've few mitigating controls in palce with frequency in reports tab as 1. I'm sure that the action given in the reports tab was not executed in the backend system by the monitor but still I do not get alterts for control monitoring in Alert monitor tab. Please advise

  Plz. note the correction:
  It is not 9 character or 5 character risk id that makes the difference. I was not getting control monitoring alert because the 9 character riskid I specified in the mitigating control was a permission level rule id and SAP says that from 5.3 onwards permission rules are not considered for any analysis. So we have to mention the riskid with * or we can specify the action level rule id to receive the control monitoring alerts.

• System monitoring - alert email notification

  Hello Sapers,
  I already set up system monitoring in our Solution Manager but i would like to receive mail if any alert occur.  Unfortunatelly I did not find any way how to do it through Solution Manager. I guess there must be something like edit -> Automatic email transmission where I set up sending Earlywatch and SL reports to my mailbox, but how to set up alert email notification?
  I also tried another way - setting up CEN (in our sollution manager) in RZ20, there i created monitor where i have desired alerts from all remote systems configured in SMSY (i have not used sapccm4x or any other ccms agent), also tried autoreaction method on local and it is working fine (SCOT is set up) but when i tried create and assign central autoreaction method (sapnote 429265) during assigning i receive error "no ccms agent avalable for system" and it is not working. Do I really need configure SAPCCM4X on all remote systems when i want to use central autoreaction? I dont feel very confortable with this solution. I think there must be some other smarter way (maybe in solution manager).
  We also tried to connect our RZ20 monitor set to nagios (used in our company to monitor non sap servers and email notification), but we are not able to compile the ccms nagios plugin uder 64bit. AIX 5.3.
  I also heard little bit about ALM (Alert management) but dont know anything about forwarding alerts from RZ20 to ALM and transmitting email from there. But I think this sollution would be the most difficult from all mentioned above.
  Thank you very much for any help

  Josef,
    Somewhat chasing the point here - when you have the Solman and you look in your CCMS and you can see the other systems - it is all RFC data and not actually on the Solution Manager (the only local MTE's are those tha belong to the Solution Manager).  For the Solution Manager to Centrally Auto-React to threasholds (act as the CEN System), the information needs to be passed to the Central System through the agents.
    If you want to do email threasholds on your remote systems, you can configure it on each of the systems individually without agents as this is a CCMS Function that any SAP System can do - but this is not Central Auto-Reaction.  This is just actions taken on individual systems based on local MTE's.
    To Centrally Auto-React - you have to add the agents so the information is passed to the CEN to react on.
    I hope that this has clarified the situation a bit more.  If this answers your question, please set this thread to answered.

• Monitoring/Alerting Set up options in SM - System Monitoring

  Comrades
  When configuring Solution monitoring in SM 4.0 for our lanscape the customised CCMS monitor set (created in RZ20 of Target Sysem) needs to be imported during set-up system monitoring process
  1.Is it possible to import the customised CCMS context in solution monitoring during set up?
  2.In the current system monitoring configuration certain DB related monitors are not visible (displayed) though they are configured properly is something to be done ?
  Also looking on the following alerting options E-mail,SMS and SNMP Traps from the SM 4.0.My understanding is E-mail and SMS are based on Central autoreaction methods on the Alert Monitor.
  3.Is it possible to configure E-mail and SMS without CCMS Agents on Target Systems ? and Is there a way of configuring  E-mail and SMS other than Central Auto Reaction Methods ?
  4.Are there any prerequistes (Agents, Software, packages ) for configuring SNMP Traps from SM ?
  I have done some reading and searching on these points and pretty unclear on these aspects.Kindly share your knowledge on this area.
  Kindly Respond
  Many a Thanks
  Gnana

  I managed to set up an account manually on the C7 but I had to trick the email application by entering an invalid email address and password. After it could not find my account it then opened up all the settings and permitted me to add the manual IMAP settings, reply to address and other details. After I committed the settings, the phone recognised the account as a gmail account and it locked down all the settings again so I could not go back and change them if wrong. 
  I was quite chuffed with myself for seemingly resolving all my issues.....but on using the new account settings I could not sync the gmail sent / bin folders. All the other folders synchronised fine and when I send email it has the correct reply to address. Strangely this matches the best results I obtained when connecting using the Mail for Exchange settings so am no further forward. I am a little confused by this as when I let the phone set up the Gmail account on it's own it can sync everything.....but I just can't 
  I am now hoping that the new software update (PR1.2) gets email working a little better....well when I eventually get it hehe.

• SQL Server Agent Job Duration monitor alerts incorrectly

  As per SQL Server MP guide, changes in Dec 2007 update : Fixed a script that was resulting in invalid alerts being generated from the agent job's Job Duration monitor.
  In my SCOM 2012 environment on few SQL servers I'm getting an alert from Job Duration monitor for SQL jobs that have completed well within the defined thresholds. Interestingly this monitor then resets on its own(The monitor has been initialized for
  the first time or it has exited maintenance mode) and immediately turns critical again. I do not see any pattern around these state changes. These are weekly jobs, however the Job Duration monitor continues to alert for these specific jobs 10-15 times a day.
  This is creating unnecessary noise in the environment.
  Is anyone else facing this issue? I know I can disable this default monitor and create my own monitor. However I want to check if this is a known bug in this SQL MP(version 6.4.1.0).
  Note : I'm aware about an updated MP version 6.5.1.0, however the release note doesn't specify if it fixes this issue.
  Thanks,
  Harry
  Thanks, Harry :-)

  Resolution: The issue was that the SCOM Agent was getting restarted repeatedly. Post restart health calculation was done again and the SQL Job duration monitors would reset and generate new alerts.
  There is a recovery configured in an aggregate monitor to restart the SCOM Agent if Handle Count/Private Bytes of Health Service/Monitoring Host breach a set threshold. I had to create an override to change the thresholds for all Health Service/Monitoring
  Host and exclude the recovery on Physical servers.
  If there are large number of workflow on an SCOM Agent due to multiple MP(SQL, HP, etc.), the increase in Handle Count/Private Bytes is usual.
  Thanks, Harry :-)

• Process monitor alert to include process id and or user

  I set up a SCOM 2012 process monitor from the process monitoring template, that now quite nicely alerts me when an instance of a process consumes too much CPU or too much Memory from the host. The problem I have now, is that I have 15 Remote Desktop
  Service hosts that my customers log on, to run this process, and an average of 45 users per RDSH. While it's nice to know which server has the process running too high, what I really need to know is the user and/or PID of the offending process. I easily have
  this process running 45 times per RDSH throughout the day. If I knew the PID or the user, I could much more easily find my process, and with user, I could even shadow my user via my service broker to see what's going on. As it is now, I have to myself RDP
  to the server, pull up task manager, sort by offended instance (memory or CPU), to find the task. Then, find the user/pid associate, go back to the service broker and shadow the session to determine the cause.
  I there a fairly simple way to get the PID or user information from the process to show up I the alert? I would think it pretty basic to expect that if I monitor a process, I want to the at least the PID of that process in the alert...and preferably
  the user. Other suggestions to accomplish this? I want to be able to hand these alerts (via notification) off to my support folks, so they have enough information to resolve the issue, without jumping from RDSH to RDSH.
  Thanks in advance!
  mpleaf

  Hi mpleaf,
  Please look at this post:
  http://social.technet.microsoft.com/Forums/windows/en-US/de3799e0-f7db-4481-8f50-cdfe39d73aef/how-to-monitor-process-using-scom-with-pid
  Natalya

• BPM File monitoring - Alerts not triggered.

  Hi All,
  we have defined the application monitor for file monitoring in BPM.
  the problem is we are not getting any alerts so far,
  the file monitoring paramaters we gave are
  1. file path, filename * and pattern: az*
  we are actually monitoring the availablity of the incoming file, there are also files existing of the same name, the only differentiator is the time stamp.
  As per logic, we will be monitoring the latest file that reaches the folder. but no oupt till now.
  can any one pls tell how can we proceed further, for the requirement mentioned above, all the necassary authorizations are provided.
  kindly advice  on

  Hi Ragu,
  Thanks for the reply.
  The status is gray in RZ20. But when i see in dswp it is in green only.
  I tried activating the file size and filae age parameters, according to setup guide it is mentioned that
  After activating, the most recent file is considered for creation time of file.
  for file size and file age , the existing file details are considered.
  but in my case, creation time of file getting some alerts.....eventhogh no file has come after activation.
  And file size and file age are still in gray when old file are there available in the specified folder.
  kinldy advice on why this is happening.
  Thanks and Regards,
  Subhashini.

• Temperature Monitor Alert:Memory controller heatsink Results!!!

  Hello all...
  I have a question about the Memory Controller Heatsink sensor in the temparature monitor and I would appreciate it if you could shed any light in my problem.
  Well it was long time since I checked my temperatures on my G5 DP 2.3 so yesterday while I was into some MP3 encoding I heard the fans making alot of noise ,not something unbearable but not the usual silence behaviour I was used to even under heavy load and with the nap off.
  So because of that noise I decide to check it with the temperature monitor but nothing unusual came up except...yes you guess it the Memory Controller heatsink.
  An alert came up and inform me that the temp was over 75 C/167 F.
  The threshold was by default at 75 C/167 F.
  Let me add that it's summer here and a hot one at 37 C and the room is not airconditioning,but it was exactly the same one year ago(June 2005)and I never came up with an alert.
  Also I have no problem with the rest indications.
  So what do you think is it normal or may I have a broken fan?
  And finally what is the Memory Controller Heatsink?
  Thanx in advance!

  The memory controller heatsink is shown, with the associated cooling tubes and fins, in the right-hand photo of the 'back' of the main logic board here
  http://homepage.mac.com/jerrycube/jerrycubepix/22601bluebord.jpg
  Air is pulled over the back of the main logic board and through the cooling fins, by the fan in a plastic housing, at 90deg to all the other fans, behind the hard drives.
  This fan is called "Main Logic Board Backside" by Hardware Monitor in this ancient DP2.0 - and is showing "20%" in 22deg C room temperature. "Memory Controller Heatsink" is at 54deg C.
  37deg C is above the specified max. 'Operating Temperature' of 35deg C shown here
  http://support.apple.com/specs/powermac/PowerMac_G5_Late2005.html
  I think it would probably be advisable to find some way of lowering the temperature of the room the G5 is in...