Archive for November, 2009


November 30, 2009 3 comments

Should you use a Gateway even if you don’t have servers in untrusted domains or workgroups? It depends 😉

Gateways are licensed as per Management Servers so they don’t come cheap.

Michael Pearson has mentioned:
“Gateway Servers were never designed to be used to consolidate network traffic from Agents. We did some testing in-house, and discovered that we
can get some compression gains by using a Gateway Server at remote sites. So, this network optimization was some unintended functionality that is very useful in these type of environments.

As far as why this works, here’s a quick summary. Each Agent will compress its data when it sends it up to its parent Health Service (Gateway, Management Server, or Root Management Server that it reports to). You don’t get that much compression since it’s a relatively small amount of data. When you have a Gateway, it collects data from many Agents, and the compresses all of that data before sending to it’s parent Health Service (Management Server, or Root Management Server). So, we get some gains on the compression due to larger volumes of data that we are compressing together.”

Kevin Holman has also cautioned against too many Gateways:
Agents behind a gateway share config update request affinity to the upstream management server, so its very possible that agents behind a GW can take a long time for a config update, and therefore maintenance mode is often slow to take effect because of this.


How to tell which Management Server the agents are using?

November 27, 2009 Leave a comment

Thanks to Kevin Holman for this:

Netstat is the way to go to see which MS you are talking to “right now”.
netstat | findstr 5723
netstat -n | findstr 5723

The first one takes longer – but gives you the servername.
The second runs faster – but gives you the IP address.

The is the best way to determine who you SHOULD be talking to, your Primary. It will also show you a list of everyone the agent COULD fail over to, randomly.

Look in the config files (Goto \Health Service State\Connector Configuration Cache\ and open the xml file. Browse to and look for the management servers which is set to True.


Looking in the registry will only show you who you were assigned to INITIALLY, at time of installation. It might not even be a real live management server anymore, or you might have moved the agent to talk to a different MS as primary.

Categories: Agent Configuration

What if agent can’t access certificate server?

November 21, 2009 Leave a comment

First, it depends whether you are using Windows 2003 CA or Windows 2008:

For windows 2008, expanding on the url above:

The high-level process to obtain a certificate from a stand-alone certification authority (CA) is as follows:

1. Download the Trusted Root (CA) certificate – do this on a machine that has access to the certificate server and then copy to the workgroup machine.

2. Import the Trusted Root (CA) certificate to the workgroup machine.

3. Create a setup information file to use with the CertReq command-line utility – do this on the workgroup machine.

4. Create a request file – do this on the workgroup machine and then copy file to a server that has access to the certificate server

5. Submit a request to the CA using the request file from a server that has access to the certificate server

6. Approve the pending certificate request – from the certificate server

7. Retrieve the certificate from the CA – from a machine that has access to the certificate server

8. Import the certificate into the certificate store – copy certificate to workgroup computer

9. Import the certificate into Operations Manager using MOMCertImport – on workgroup computer.

10. And then install the agent and approve install from opsmgr console

Process Monitoring – extending the authoring template

November 16, 2009 Leave a comment

A question came up on the technet forums about monitoring the handle count of a process. This can of course be done just by a unit monitor but an alternative that may be useful in some situations is to use the Process Monitoring Authoring Template to create some base monitoring (process running) and the relevant process class. And then target the handle count monitor at the class that the authoring template creates. Here is a run through:

Categories: Authoring Templates

Service Monitoring

November 13, 2009 Leave a comment

There have been a number of threads on the forums of late looking at different ways to do Service Monitoring with OpsMgr. I have tried to summarise them here with a walk through of using the Authoring Template:

Event Collection Rule

November 13, 2009 Leave a comment

A question came up on the forum today about how to create an event collection rule and associated view so I screen dumped a solution which you can walk through here:

SQL Database – To Grow or Not to grow

November 13, 2009 Leave a comment

The SQL team have released this guide- – Considerations for the “autogrow” and “autoshrink” settings in SQL Server which is useful reading:

Of course OpsMgr doesn’t monitor database size of databases set to autogrow (except the OpsMgr database itself) – if you need this functionality, you need to copy the monitors \ rules and edit the scripts.