mom: tracking down duplicate notifications

while i was out at teched, a reader sent me an email on how to track down duplicate notifications. this was pretty fresh in memory since i had just gone through the same ordeal explaining to another group here why they received duplicated emails. now that i have the exact details at my disposal, i can relay them here with some manner of lucidity. (i hope anyway. still trying to get back into work mode ... and for some reason, someone brewed the old, nasty corporate coffee instead of the new, aromatic seattle's best. ah well...) the first thing to do is find the alert in the mom console. once you've isolated it, check the history tab of the alert. you might see something similar to this:

Alert is created in management group myMgmtGroup. === 6/01/2006 08:20:03 === The server side response 'notify group: Network Administrators' triggered by rule 'Send notification for any Alerts with a severity of "Error" or Higher' (DF7DA784-D7D8-4FC5-8109-04AB00A1B511) is executed after alert suppression. === 6/01/2006 08:20:03 === The server side response 'notify group: Other Network Administrators' triggered by rule 'Send notification for any Alerts with a severity of "Error" or Higher' (DF7DA784-D7D8-4FC5-8109-04AB00A1B511) is executed after alert suppression.

what's going on here? as you'll notice, two server side responses are executed. so... at least now you know why you have duplicate notifications. where they're coming from is the next logical question. once you know the rule name, they're pretty easy to find. copy off those rule guids above (uhhh, not mine exactly, your own... guid... you know, unique? get your own). issue the following command in sql query analyzer:

select name from processrule where idprocessrule = 'rule-guid'

replace rule-guid with your rule guid. now you can use that name to search for the rule in the administrator console.