Monday, March 25, 2013

Active Directory MP Issue: Topologies Stay Unmonitored

Bumped into this situation recently. The customer had two OM12 environments in place: one for testing purposes and another for production.

In both environments the AD MP (version 6.8070.0) was imported, configured and tuned. In the test environment the MP worked fine and the Topology Views were populated and had a health status to the top level entity.

However in Production the Topology Views were also displayed but showed an unmonitored health status. Which puzzled me since there were no errors to be found in the OM12 Console related to the AD MP. I also checked al DCs and their OpsMgr event logs. No errors nor warnings to be found there. The OpsMgr Agent on all DCs was in top notch condition and all MPs and their scripts properly executed.

On all DCs – besides the OM12 Agent – the AD MP Helper Object (OOMADs.msi) was present and functional , so no issues there as well.

The ONLY difference
Since the production environment has a trust in place with another forest and that forest is already covered by other monitoring mechanisms, I had enabled the option ‘Agent-Only Discovery’  as described in the AD MP guide, pages 30 and 31.

This way only the DCs of the forest where the OM12 MS servers reside will be discovered and monitored by the AD MP. So no noise. I have used this approach in many other similar environments and have had no issues at all.

As a test I removed the override for Agent-Only Discovery. Bounced the Health Services on all DCs and OM12 MS servers as well (the OM12 MS servers are responsible for Health State calculations) and presto, within 5 minutes all topology views got a health status which rolled up to the top level entity!

1 comment:

Blake Wilson said...

I'm also having undesired results with Agent Only Discovery. My current deployment consists of a single forest, with 4 domains. One of the domains has hundreds of DC's that we DO NOT want to be discovered. I created the override and changed the path of the OpsMgr install to reflect OM 2012 R2's path, turned on verbose logging and watched. It appeared that this ran successfully, but I came in this morning to find 500 of these unmonitored DC's in my Windows Computers (showing not monitored).

I think this "feature" doesn't work as designed. Thoughts?