Skip to main content

Posts

Showing posts from July, 2010

opalis: log files and locations

folder path file name description \opalis software\opalis integration server\action server\logs opalisactionservice*.log policymodule*.log exceptions generated by the action server service (connection errors, etc) note that failures in modules are logged in the policymodule logs. valuable if you're tracking down additional information during run failures. \opalis software\opalis integration server\client\logs oisclient*.log log of client launch capturing configuration state at the time of launch (computer name, user name, etc) \opalis software\opalis integration server\management service\logs actionserverwatchdog*.log opalismanagementservice*.log exceptions generated by the action server (useful for finding environmental problems e.g. database connect failures) enabling the default location of trace logging creates log files in this location \opalis software\opalis integration server\management service\components\logs *actionserver*.log *foundationobjects*.log

granting remote wmi permissions

realizing that this information being embedded in an opalis blog post may prove obscure and difficult to locate, I'm reproducing it here.  this is basically a summary of how I managed to grant rights to the opalis action server account in order for it to have wmi query access to a windows server 2003 sp2 server.   dcom permissions adjustment (on the sccm server) launch dcomcnfg. navigate to component services \ computers \ my computer.  right-click my computer, choose properties. under the com security tab, click edit limits in both sections. grant the following rights to the ois action account: remote access remote launch remote activation navigate to the dcom config section under my computer , locate windows management instrumentation .  right-click windows management instruction , choose properties.  under the security tab, click edit under the launch and activation permissions section. grant the ois action account the following permissions: remote launch r

scom: overloading the consolidation module (and how to avoid it)

in a previous post titled using repeat count to detect a problem in a window of time I described a process whereby you can using consolidation settings, you can detect something happening in a window of time.  for example, event id 529 equals "bad password" basically.  if we alerted on every bad password, that'd be problematic.  however, if we looked at every one and then alerted whenever the count of bad passwords for a single user exceeded a threshold, that might be useful. apparently there's this concept called a "consolidation module".  this module has a limit of 128k.  if you go beyond this limit, you tend to overload the module and cause the event scraping to backlog.  on very active domain controllers, using a large sliding window, it's very easy to overrun this limit.  it results in odd errors like this: (event id 11105) The Microsoft Operations Manager Condolidator Module failed to save the state after processing and might loose data. Error:

new url for opsmgr management pack catalog

this was just released.  if you’re familiar with microsoft pinpoint (affectionately dubbed pain point by some), then you know how horribly difficult it was to use.  well guess what?  they just revamped the site and have released it.  it promises a much easier, sortable method for finding the management pack you’re looking for.  time will tell.  here’s the link: http://pinpoint.microsoft.com/en-US/systemcenter .