[This post courtesy of Adrian Maziak, Senior Program Manager]
Poking around the newsgroups, and Windows Small Business Server 2008 support communities, we've seen a lot of confusion regarding the new Monitoring and Alerting infrastructure included with the 2008 version of the product. Adrian wanted to provide some in-depth deep dive into the solution.
In Windows Small Business Server 2003, the Monitoring and Alerting was provided by a Microsoft product called "Health Monitor" or HealthMon for short. HealthMon was an extremely old application, rectified in the 2003 timeframe for SBS only, but was beyond the end of its development lifecycle. Impossible to maintain and improve for future versions. As a result, HealthMon is not included with the 2008 product.
So let's focus on what we do have.
The heart and soul of the infrastructure is the Windows SBS Manager Service. This service drives a series of tasks including: Report Generation, WSUS Configuration & Update Approvals, Server Backup, Other alerts (Data collection tasks, domain name provider tasks, certificate expiry tasks, licensing tasks), Internal system maintenance (database clean up), and some ad-hoc things like Anti-Spam Safe List updates, and trimming down the Bad Mail directory.
The service is essentially on a timer for 30 minutes. Every 30 minutes, it wakes up and looks for tasks to do. What it does depends on the tasks scheduled time and recurrence. The service queues tasks, and only allows one task to run at a time, so as to avoid conflicts, and minimize any resource hits on the server as much as possible.
The service also supports the Other Alerts function which has a large set of included alerts with the server. Other Alerts are extensible by using the Windows Small Business server 2008 SDK. In fact, as I posted earlier, the MVPs have started an Alert Sharing Web Site over on CodePlex.com. The scope of Monitoring and Reporting does vary depending on what the host Operating System of the client is, the table below breakouts the level of monitoring and reporting available:
|SBS Server||Domain Joined Client||2nd Server & additional Servers|
|Auto-Start Service Monitoring||Yes||No||No|
|Key Event Log Entry Monitoring||Yes||No||No|
|Disk Space Monitoring||Yes||Yes||Yes|
|Host Firewall Status||Yes||Yes||No|
The Other Alerts for each computer are displayed on the Computers Tab against each computer, and of course if you specify an e-mail address on the property page of the View Notifications Settings, you will get emailed when an alert fires.
The Other Alerts have two ways to resolve:
- A Clearing Condition is received
- For example, Alert ID 1 fires, and shows an alert, if the condition is fixed when Alert ID 2 appears, then the Alert ID 1 is cleared and there is no longer an error
- A Timeout occurs
- Many problems are caused by external sources, such as the ISP being down. So if there is an alert that your DNS record can't be updated, simply waiting until the Internet connection comes back will resolve the alert. Thus if the Event ID 1 happens once and then never happens again (by default the clearing timeout is 30 minutes, but can be changed alert by alert individually).
- Note: If you're writing alerts, you cannot use a combination of above.
IMPORTANT: An "Other Alert" created by an Event ID condition may have a latency of up to 30 minutes, based on the Data Collection service runs every 30 minutes.
General Alert Comments
- Configuring the Alerts to be E-mailed
- To enable the "Other Alerts" to be directly e-mailed to the administrator, you need to specify the e-mail address(es), simply navigate to the Computers Tab, and click View Notification Settings. When an "Other Alert" is specified to be an alert, it will be included in the reports and be emailed within the 30 minute window. Removing an Alert removes it from both as well.
- An Alert E-Mail may be sent more than once if there is no timestamp for tracking when the condition occurred
- e.g, service start-ups, disk usage, etc. These are Windows Management (WMI) based queries and we cannot identify when the condition exactly occurred
- Items from the Event Log should be generated only once
- The data for the service is all maintained in a SQL 2005 Express data store.
- For Troubleshooting, make sure the service is running
- Additionally check the log files in c:\program files\windows small business server\logs\monitoring\