Jump to content


gordonf

SCOM 2012 reporting AD query lag, adjust threshold?

Recommended Posts

Good to see a SCOM section here.

 

Started using SCOM 2012 R2 to monitor a domain network. It's complaining that the DCs are lagging in AD queries: "The AD Last Bind latency is above the configured threshold." DCs talking to the PDC emulator are also complaining, "The Op Master PDC Last Bind latency is above the configured threshold."

 

Turning off the Windows Firewall on the DCs stops the lag, but I don't consider that an acceptable solution. Further research told me that a firewall filter named, "Port Scanning Prevention Filter," is responsible. I won't go into the frustration about that filter here.

 

Is there a way to adjust the threshold in the SCOM health monitors for Active Directory so it doesn't complain about this? The lag itself isn't a workflow-stopper, even if it is annoying at times.

--

Share this post


Link to post
Share on other sites

Hey GordonF,

 

Can you give me a little more information? For example, which AD Management pack(s) you have installed (i.e. AD DS, DNS, etc.); maybe a screenshot?

 

I will try to implement something similar in my lab to try to help you.

Share this post


Link to post
Share on other sites

post-13224-0-07242700-1383246576_thumb.png

 

It's the AD DC Last Bind Monitor, in the v6.0.8228.0 version of the Active Directory Server 2008 and above (monitoring) management pack, that's complaining about the DC response time. The screen shot is a graph of the domain controller response time over the past 24 hours.

 

The warning is that the response time is higher than the default warning level of 5 seconds. I determined why this was happening; a port scanning filter included with the Windows Firewall does this.

 

I also found the override setting. When you bring up the Health Explorer for an alert (right click, Open, Health Explorer), you can navigate to what triggered the alert. Bringing up properties for the unhealthy item allowed me to set an override for the threshold warning, and save it in a management pack.

 

post-13224-0-63653600-1383247415_thumb.png

 

This doesn't solve the original problem, but at least I can have SCOM stop complaining about it. I'm asking the firewall folks why this is happening and if I can tune the port scanning filter to not be so paranoid about this.

--

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...