How to Fine Tune the Monitoring of ConfigMgr SCCM 2012 with SCOM

scom management pack configmgr sccm  How to Fine Tune the Monitoring of ConfigMgr SCCM 2012 with SCOMSCOM Management Pack for Configuration Manager 2012 is available. This post will help to know more about the critical classes which need to be monitored via SCCM 2012 Management Pack. This may also help to understand the registry keys and event IDs involved in the monitoring process. The details of registry keys and event ids will be very helpful at the time of troubleshooting CM 2012 issues. Note that, I’ve not included performance monitoring and threshold settings details in this post.

In my experience, we waste  loads of time in implementing and fine tuning SCCM 2007 MP. Implementing Management Pack directly into production environment is not very good approach. The best method is to implement the MP in lab environment and configure and fine tune it. Once you’re convinced with the alerts then move to production environment. Read the installation guide of the Management Pack and that should be the first step you need to take before the implementation of MP.

SCCM 2007 Management Pack won’t work with ConfigMgr 2012. CM 2012 MP can be used with SCOM 2007 R2 or later and System Center Configuration Manager 2012.

Before going into details of classes, I just wanted share an excellent blog post from Kevin Holman on CM 2012 MP improvements. As per his analysis there are loads of improvements in the management pack for CM 2012. The biggest problem with ConfigMgr 2007 MP is that it just converted from MOM 2005. Hence it came with lots of bugs. Following are the improvements highlighted as part of SCCM 2012 MP.

NO SCRIPTS in the Monitoring, Decrease in Lines of code, Decrease in Number of workflows, Disabled Workflows out of the box and Well documented guide.

The details of Critical Classes in ConfigMgr 2012 Management Pack  :- 

Fallback status point is monitored via the registry key “HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_FALLBACK_STATUS_POINT\ Availability State”

Management point is being monitored through HTTP responses, IIS and SMS Agent Host service. Along with this SCOM will monitor the threshold settings on all the threads of Management Point.

a) Management Point HTTP Response Monitor    Registry: HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_MP_CONTROL_MANAGER\ 65AC53A5-8C79-4DF9-AE79-A53F689C2222\ Severity
b) IIS Service Availability Monitor on Management Point    NT Service: W3SVC
c) Management Point Availability Monitor    Registry: HKLM\SOFTWARE\Microsoft\SMS\Operations Management\SMS Server Role\{Role Name}\Availability State
d) SMS Agent Host Service Availability Monitor    NT Service: CcmExec

PXE service point is monitored through WDS availability and this is by accomplished by monitoring NT Service: wdsserver .

Site database server availability is monitored via SQL Writer Service Availability Monitor NT Service: SQLWriter

Software update point availability is monitored via registry key and two NT services mentioned below.

a) Software Update Point Availability Monitor    Registry: HKLM\SOFTWARE\Microsoft\SMS\Operations Management\SMS Server Role\{Role Name}\Availability State
b) IIS Service Availability Monitor on Software Update Point    NT Service: W3SVC
c) WSUS Windows Service Availability Monitor    NT Service: WSUSService

Reporting services point Availability can be monitored through

a) Reporting Service Point Availability Monitor    Registry: HKLM\SOFTWARE\Microsoft\SMS\Operations Management\SMS Server Role\{Role Name}\Availability State.

b) SQL Reporting Service Availability Monitor    NT Service: ReportServer

Application Catalog web service point availability is monitored via following registry and service.

a) IIS Service Availability Monitor on Application Catalog Web Service Point    NT Service: W3SVC
b) Application Catalog Web Service Point Availability Monitor    Registry: HKLM\SOFTWARE\Microsoft\SMS\Operations Management\SMS Server Role\{Role Name}\Availability State
c) Application Catalog Web Service Monitor    Registry: HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_AWEBSVC_CONTROL_MANAGER\ F0128B76-DD22-481D-A65B-270201AED381\ Severity
d) Application Catalog Web Service IIS Configuration Monitor    Registry: HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_AWEBSVC_CONTROL_MANAGER\ 0B543BAC-54C7-463D-BDA5-ADD9F71AEA09\ Severity

Application Catalog website point availability is monitored via following registry and service.

a) IIS Service Availability Monitor on Application Catalog Web Site Point    NT Service: W3SVC
Application Catalog Web Site Point Availability Monitor    Registry: HKLM\SOFTWARE\Microsoft\SMS\Operations Management\SMS Server Role\{Role Name}\Availability State
b) Application Catalog Web Server Monitor    Registry: HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_PORTALWEB_CONTROL_MANAGER\ 0B12B4BA-B838-4927-ADC1-2E9602B076E3\ Severity
c) Application Catalog IIS Configuration Monitor    Registry: HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_PORTALWEB_CONTROL_MANAGER\ 4A06F831-B577-4C10-8643-8C577C2C22B3\ Severity

Database Notification Monitor availability is monitored via Windows Event ID 2420 (Site server fails to execute a maintenance task)

Distribution Manager availability is monitored via Windows Event ID 2323 (i.e Distribution manager fails to access network).

Primary To Central Site Replication monitoring has achieved through following WMI queries. Primary Site To Central Site “Global Data Receiving Status Monitor”, “Global Data Sending Status Monitor” and “Site Data Sending Status Monitor”. Default time interval is 6 minutes.

Central To Primary Site Replication monitoring has achieved through following WMI queries. Central Site to Primary Site Global Data Receiving Status Monitor, Global Data Sending Status Monitor and Site Data Receiving Status Monitor. Default time interval is 6 minutes.

Primary or Standalone site server availability is monitored through Active Directory Configuration Monitor for Device Management Registry key status HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_EN_ADSERVICE_MONITOR\ CAFD8C35-08B6-4772-9101-B1B220CBA044\ Severity. There are loads performance threshold monitoring can also achieved through SCOM.

Site Component Manager availability is monitored via following event IDs, NT service and registry Keys.

a) Windows Event ID 4909 (Site component manager fails to read Active Directory objects)
b) Windows Event ID 4912 (Site component manager fails to update Active Directory objects)
c) Windows Event ID 1037 (Component manager fails to access site system)
d) Site Server Component Service Availability Monitor via NT Service: SMS_SITE_COMPONENT_MANAGER
e) Site Component Manager Availability Monitor via Registry key HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_SITE_COMPONENT_MANAGER\ Availability State

Site Server Role availability is monitors via following registry key. Site Server Connectivity To SQL Database Server Via Registry Key HKLM\SOFTWARE\Microsoft\SMS\Operations Management\SMS Server Role\{Role Name}\Availability State

Site Server availability is ensured via following registry keys and WMI Query.

a) Database Certificate Validity Monitor via Registry key HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_HIERARCHY_MANAGER\ FBCA00DB-7C9D-4d6d-9F84-07C605B31191\ Severity
b) WSUS Synchronization Failed    WMI Query
c) SQL Server Disk Space Monitor via Registry key HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_HIERARCHY_MANAGER\ 6FD0B53A-35DA-4da1-84C9-A9E1B6C12828\ Severity
d) SQL Server Firewall Port Monitor via Registry key HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_HIERARCHY_MANAGER\ 8D5E5CC1-CCF5-4c66-BC8A-527C9066161B\ Severity
e) SQL Server Port Monitor via Registry key HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_HIERARCHY_MANAGER\ B1B669B9-6C11-4b8e-A09A-4E515D20F4F6\ Severity
f) SQL Server Service Broker Certificate Validity Monitor via Registry key HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_HIERARCHY_MANAGER\ 812A1E5F-B31C-45a5-89EE-695460882F38\ Severity
g) SQL Server Service Broker Port Monitor via Registry key HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_HIERARCHY_MANAGER\ D362CF53-926B-4f7d-A4A2-0691D3F177F5\ Severity

WSUS Control Manager Availability is being Monitored via Registry key HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_WSUS_CONTROL_MANAGER\ Availability State

WSUS Synchronization Manager Availability is being Monitored via Registry key HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_WSUS_SYNC_MANAGER\ Availability State

WSUS Configuration Manager availability is being monitored by following event ids and registry key.

a) WSUS Configuration Manager Availability Monitor via Registry key HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_WSUS_CONFIGURATION_MANAGER\ Availability State.
b) Fail to configure proxy setting on WSUS server via Windows Event ID 7000.
c) This rule generates alert when the WSUS configuration manager fails to publish client to the WSUS server via Windows Event ID 6613.
d) Fail to subscribe to or get update categories and classification via Windows Event ID 6603.
e) WSUS version mismatch via Windows Event ID 7004.

Note :- The core information shared in this post is taken from the following document. Download the doc from ConfigMgr_MPGuide_Appendix.docx . Even Kevin’s blog has also inspired from the document OpsMgr_MP_ConfigMgr.docx .

Posted in: ConfigMgr (SCCM), Management Pack, SCOM