Monday, August 25, 2008

Deep Dive into SBS 2008 Monitoring and Reporting

[This post courtesy of Adrian Maziak, Senior Program Manager]

Poking around the newsgroups, and Windows Small Business Server 2008 support communities, we've seen a lot of confusion regarding the new Monitoring and Alerting infrastructure included with the 2008 version of the product.  Adrian wanted to provide some in-depth deep dive into the solution.

In Windows Small Business Server 2003, the Monitoring and Alerting was provided by a Microsoft product called "Health Monitor" or HealthMon for short.  HealthMon was an extremely old application, rectified in the 2003 timeframe for SBS only, but was beyond the end of its development lifecycle.  Impossible to maintain and improve for future versions.  As a result, HealthMon is not included with the 2008 product.

Network Essentials Summary

So let's focus on what we do have.

The heart and soul of the infrastructure is the Windows SBS Manager Service. This service drives a series of tasks including: Report Generation, WSUS Configuration & Update Approvals, Server Backup, Other alerts (Data collection tasks, domain name provider tasks, certificate expiry tasks, licensing tasks), Internal system maintenance (database clean up), and some ad-hoc things like Anti-Spam Safe List updates, and trimming down the Bad Mail directory.

The service is essentially on a timer for 30 minutes.  Every 30 minutes, it wakes up and looks for tasks to do.  What it does depends on the tasks scheduled time and recurrence.  The service queues tasks, and only allows one task to run at a time, so as to avoid conflicts, and minimize any resource hits on the server as much as possible.

The service also supports the Other Alerts function which has a large set of included alerts with the server.  Other Alerts are extensible by using the Windows Small Business server 2008 SDK.  In fact, as I posted earlier, the MVPs have started an Alert Sharing Web Site over on CodePlex.com.  The scope of Monitoring and Reporting does vary depending on what the host Operating System of the client is, the table below breakouts the level of monitoring and reporting available:

  SBS Server Domain Joined Client 2nd Server & additional Servers
Auto-Start Service Monitoring Yes No No
Key Event Log Entry Monitoring Yes No No
Disk Space Monitoring Yes Yes Yes
Anti-Virus/Anti-Spyware Status Yes Yes No
Host Firewall Status Yes Yes No

The Other Alerts for each computer are displayed on the Computers Tab against each computer, and of course if you specify an e-mail address on the property page of the View Notifications Settings, you will get emailed when an alert fires.

The Other Alerts have two ways to resolve:

  • A Clearing Condition is received
    • For example, Alert ID 1 fires, and shows an alert, if the condition is fixed when Alert ID 2 appears, then the Alert ID 1 is cleared and there is no longer an error
  • A Timeout occurs
    • Many problems are caused by external sources, such as the ISP being down.  So if there is an alert that your DNS record can't be updated, simply waiting until the Internet connection comes back will resolve the alert.  Thus if the Event ID 1 happens once and then never happens again (by default the clearing timeout is 30 minutes, but can be changed alert by alert individually).
  • Note: If you're writing alerts, you cannot use a combination of above.

IMPORTANT: An "Other Alert" created by an Event ID condition may have a latency of up to 30 minutes, based on the Data Collection service runs every 30 minutes.

General Alert Comments

  • Configuring the Alerts to be E-mailed
    • To enable the "Other Alerts" to be directly e-mailed to the administrator, you need to specify the e-mail address(es), simply navigate to the Computers Tab, and click View Notification Settings.  When an "Other Alert" is specified to be an alert, it will be included in the reports and be emailed within the 30 minute window.  Removing an Alert removes it from both as well.
  • An Alert E-Mail may be sent more than once if there is no timestamp for tracking when the condition occurred
    • e.g, service start-ups, disk usage, etc.  These are Windows Management (WMI) based queries and we cannot identify when the condition exactly occurred
    • Items from the Event Log should be generated only once
  • The data for the service is all maintained in a SQL 2005 Express data store.
  • For Troubleshooting, make sure the service is running
    • Additionally check the log files in c:\program files\windows small business server\logs\monitoring\

11 comments:

Unknown said...

Is there a third party software you would recommend to monitor internet usage similar to the old sbs 2003 reports? or maybe more indepth?

I use a watchguard firewall now, but would have to do a lot of back end configuring to get to the same place sbs 2003 would have done out of the box.

Sean Daniel said...

I'm not familiar with any. you really need to look at your firewal products. You can still install Threat Management Gateway (the new name for ISA) and manage it that way. But that's additional cost.

Anonymous said...

Any idea where we can download the SDK you mentioned:
"Windows Small Business server 2008 SDK"

Sean Daniel said...

Yes, the two links you need are:

SBS 2008 SDK documentation - http://msdn.microsoft.com/en-us/library/cc721702(WS.10).aspx

SBS 2008 community written alerts - http://sbs.codeplex.com/

Anonymous said...

Thanks Sean....but that is only a link to the 2008 documentation....

I was looking for the link for the SDK download itself.

Sean Daniel said...

Given that you're only creating XML files to define alerts, there is no downloadable SDK. You can still use the Windows 2008 SDK and those apps will work on SBS 2008 as well.

Anonymous said...

Hmm.

I was hoping to develop an addin for the Console, something that I assume you need the SDK for.

I guess I'll just keep on looking for it....no one seems to know where to get it. Thought you might know since you mentioned it above..

Sean Daniel said...

Well, the SBS 2008 console is not extensible. you can only add items on the security tab, or add health alerts. So there is no add-in model for the dashboard. The add-in model applies to WHSv1, SBS 2011 Essentials (not standard) and WHS 2011. All other Server Solutions Sku do not have extensible consoles.

Anonymous said...

Unfortunately, Microsoft may have decided to remove "public" access to any extensibility features in the Console but it is possible. I've seen examples of it.

And this is just one page of many that mentions the "Windows Small Business Server SDK:
http://msdn.microsoft.com/en-us/library/cc721702(v=WS.10).aspx

You can also do this is earlier versions of the Console and other related versions (as you mentioned the SBS Essential version).

I just was hoping Microsoft would actually have a clearly defined note on this one way ot the other.

Anonymous said...

is Windows SBS Manager Service service configurabile as to how often to wake up and what time of the day. I find that quite freqently my server boggs down because of excessive activitity from SBS Monitoring

Sean Daniel said...

I don't believe it's configurable, but it's a background task and shouldn't bog down your server.