Esos informes de mis Windows

How to launch the PAL tool

1. Ensure that the PAL tool and dependency components have been installed from http://www.codeplex.com/PAL .

2. Click Start, Run, and then PAL. This will launch the PAL wizard interface.

How to create a counter log file using PAL

Follow these steps to create a counter log .htm file once the PAL wizard has been launched. Note: This contains very specific counters instead of the full counter set that perfwiz uses, so you can choose how granular you would like to get.

1. Launch PAL.

2. Click the Threshold File Tab.

3. In the Threshold File Title drop down box, select the Threshold File Title version of your choice
clip_image001

4. Click the clip_image002

5. Save the settings to a .htm file. Follow the steps in the Exchange 2007 Perfwiz replacement steps at http://blogs.technet.com/mikelag/archive/2008/05/02/perfwiz-replacement-for-exchange-2007.aspx starting at step 4 to import this .htm file in to Performance monitor.
Note: This export feature only works on Windows 2003 servers since the ability to import htm files in Windows 2008 has changed. I will post an update on how to do this on Windows 2008 servers at a later time.

How to run the PAL wizard

1. Launch PAL. This will bring you to the Welcome Screen. Click Next

2. On the Counter Log tab, select a blg file of your choice. Click Next
clip_image003

3. Select the appropriate threshold file
clip_image001[1]

4. Answer any questions that are listed on that page. The answers to these questions are required so that during the processing of each performance file, we consume this information and pass this in to the tool for proper calculations. Click Next once finished.
clip_image004

5. On the Analysis Interval tab, select the interval that you would like to use. Note: The default of AUTO is recommended as that is the best performance option for running the tool. Any changes to this setting could cause the report generation process to be that much slower, but will allow you to get a little more granular if needed.
clip_image005
Click Next.

6. On the Output Options tab, you can select an Output Directory to store the PAL reports and what format you would like to use. Click Next once you have made your selections.
clip_image006

7. On the Queue tab, you will notice the parameters that will be passed in to the PAL tool for processing. Click Next if this satisfies your needs.
clip_image007

8. On the Execute tab, you can execute what you have just added to the queue or you could add more items to the queue for processing.
clip_image008

9. Click the clip_image009to execute the queued items.

This is a resource intensive application while these perfmon files are being parsed, so I would recommend using your fastest machine to run these reports on. Once PAL has completed processing the queued items, an IE window will open for each report in the queue.

I hope you have found this information useful and if you should have any questions regarding the tools usage, any possible problems that you may run in to or just suggestions to improve the tool, you can email paltool@microsoft.com

Happy reporting!!!

Buscar SID en Directorio Activo

Buscar SID en Directorio Activo.

Siempre nos ha surgido el caso de tener que buscar el objeto S-1-5-xxx-xxxx-xxxxxxxx-xxxxx y en ocasiones nos las hemos visto mas que negras para poder localizarlo.

Pues bien, hace tiempo descubri esta herramienta que la verdad me ha sacado de más de un apuro.

Service Level Dashboard 2.0 para SCOM 2007 R2

El Microsoft Service Level Dashboard (SLD) sirve para tener un panel con el monitoreo y dar seguimiento, gestión y presentación de informes sobre la línea de negocio (LOB) de nuestra empresa. En dicho reporte podemos ver los niveles de servicio de las aplicaciones. Veremos una lista de las mismas, el rendimiento actual y la disponibilidad de las mismas contra los objetivos propuestos al cliente.

Qué significa esto? Cuando nosotros contratamos un servicio, por ejemplo el hosting, nos dice que tendremos arriba nuestro sitio un 99% de uptime. Ese es el objetivo que luego se deberá comparar contra la realidad dependiendo la cantidad de tiempo que estuvo caído. Bueno, el SLD hace dicha comparación en un reporte con interfaz web y obtiene los datos del monitoreo mediante SCOM 2007 R2.

Recordemos que SCOM o System Center Operations Manager es el producto de Microsoft para monitorear el ambiente o plataforma de nuestra empresa. Ahí mediante los Management Packs podemos tener muchísima información de nuestros servidores, eventos centralizados, performance real time, etc. Si adicionamos este producto al SCOM tendremos un panel muy útil para el cliente o para nosotros mismos para poder conocer si estamos cumpiendo el nivel de servicio propuesto o no. Estos niveles de servicio o acuerdos de niveles de servicio suelen llamarse SLA o Service Level Agreement.

Este componente como mencioné antes trabaja gracias a la información que obtiene desde el SCOM y lo publica mediante un Sharepoint en un entorno web. Por eso es que dentro de sus requerimientos se encuentra el Sharepoint. Aquí vamos a repasar los mismos.

SLDObviamente uno de sus requerimientos es SCOM 2007 R2 con los servicios de Reporint y Data Warehouse. Además hace falta los Windows Sharepoint Services 3.0 SP1. SQL Server para la base de datos, .NET Framework 3.5, IIS para el entorno web y el Microsoft Office Compatibiilty Pack. Teniendo estos componentes instalados no vas a tener problemas para instalar el SLD.

Podemos ver el tiempo que demandó reparar el incidente y así sacar estadísticas. Podemos ver el estado de salud de nuestra plataforma TI en cuanto a los SLAs establecidos, y a través de la plataforma Sharepoint podemos compartir la información con las herramientas que ya conocemos.

Un gráfico de Technet muy interesante que nos ayuda a comprender el producto es el siguiente:

SLD Overview
Link | Service Level Dashboard 2.0 for System Center Operations Manager 2007 R2
Link | Service Level Dashboard MP for System Center Operations Manager 2007
Link | Microsoft Technet SLD

¿Cierto?

Tira Ecol

OpsMgr: Master List of Mutual Authentication Related Errors for OpsMgr 2007

Mutual Authentication takes one of two forms in Operations Manager – 1) Kerberos or 2) Certificate Authentication.  This is a list of authentication failures compiled by Pete Zerger based on field experience and his MMS 2008 presentation on Gateway Scenarios in OpsMgr 2007 SP1, which can be downloaded HERE. Having helped many dozens (perhaps hundreds) of OpsMgr administrators troubleshoot mutual authentication issues, I have encountered many different scenarios. Here is a list of event IDs and potential explanations you may find helpful.

 

The following is a list of mutual authentication-related error messages and some general indicators of source cause. Some errors are Kerberos-related issues (like SPN problems) and some are related to certificate authentication. These errors are are also applicable to System Center Essentials 2007

Event ID Description Explanation
20050 Enhanced key usage error Wrong OID specified on the certificate
20057 The OpsMgr Connector could not connect to MSOMHSvc/rms01.local because mutual authentication failed.  Verify the SPN is properly registered Often associated with SPN registration failures. Make sure SPNs are registered (and forest trust in place if separate forest) so Kerberos authentication.
20070 The OpsMgr Connector connected to <server> but the connection was closed immediately after authentication occurred.  The most likely cause of this error is that the agent is not authorized to communicate with the server, or the server has not received configuration.

This and 21016 are general indicators of failed authentication. However, these two events do not provide much insight into source cause. This error will appear when a manually installed agent is in “Pending” status, but for a host of other reasons.
21001 The OpsMgr Connector could not connect to MSOMHSvc/rmsxxx.domain.com because  mutual authentication failed. Verify the SPN is properly registered Often associated with SPN registration failures. Make sure SPNs are registered (and forest trust in place if separate forest) so Kerberos authentication can succeed.
21005 DNS resolution failed Check DNS name resolution on the agent and upstream  gateway or mgmt server.
21006 TCP Connection failed (at TCP level) The OpsMgr Connector could not connect to <server>. The error code is 10061L… Often indicates you have a firewall in the path blocking communication. Try telnet to 5723 from both nodes attempting to communicate.

 

The other instance where I occasionally see this is when the wrong management group name AND management server are entered.

 

21007 Not in a trusted domain Cannot establish a security communication channel to the management server because the correct certificates are not available. Retrace your steps on certificate Configuration (see KB947691)
21008 Untrusted target (usually means untrusted domain or failure to reach DC) Check name resolution and network connectivity.
21016 OpsMgr was unable to set up a communications channel to server and there are no failover hosts. This and 20070 are general indicators of failed authentication. However, these two events do not provide much insight into source cause. This error will appear when a manually installed agent is in “Pending” status, but for a host of other reasons.
21035 SPN registration failed; Kerberos authentication will not work Often associated with SPN registration failures. Make sure SPNs are registered so Kerberos authentication.
21036 The certificate specified in the registry at cannot be used for authentication. Private key is missing from the certificate. Usually see this on export and CLI registration OR when certificate is copied between stores in Certificates snap-in.
20068 Certificates has unusable / no private key Also indication of private key missing
20069 Wrong type of certificate (KEY_SPEC) Wrong OIDs on certificate
20072 Remote certificate not trusted The certificate of the CA (CA chain, root to issuer) of the remote servers certificate must be in the “Trusted Root Certification Authorities” store of the local computer account in the Certificates snap-in
20075 Unable to obtain subject or issuer from certificate Never seen this one in a live environment…Indicates failure to retrieve subject (aka common name) or issuing authority on the certificate
20076 Unable to obtain subject or issuer from remote certificate Never seen this one in a live environment…Indicates failure to retrieve subject (aka common name) or issuing authority on the certificate presented by the other system
20077 Certificates cannot be queried for property info This typically means that no private key was included with the certificate.