syscomments

RocketScientist's Miscellaneous Ramblings
posts - 76, comments - 354, trackbacks - 3

Microsoft Operations Manager Setup

Gah.

I spent all day yesterday trying to get MOM to send email.

I set up test rules to watch my local install of SQL Server, and fired over 50 messages into my event log with RAISERROR (by the way, what's with the parenthesis on that command anyway?) and didn't get any emails back. I tweaked the detection rules all day long, thinking I'd screwed something up. It was firing the alerts, but it wasn't doing ANY of the notifications.

Then I went to google and searched, and found this.

A brief history. SMTP originally had no authentication, and allowed anyone to send email from anywhere. Eventually people who send spam figured this out and started using these open relays to send spam, so two different standard methods of stopping open relays were created. The first is to limit relay by restricting which subnets or IP addresses are allowed to use the system as a relay, the second is to require a login (either cleartext or MD5 Challenge/Response) in order to authenticate the user before performing the relay. Typically, clients first attempt to use the relay as an open relay (which will succeed if the relay is really an open relay, or if it's a subnet-restricted relay), and then if that doesn't work they'll notify the user that they need to enter a username and password.

For MOM, Microsoft elected to do two things that made yesterday hell. First, they don't log any errors when an email fails to send. You basically just have to wait 5-10 minutes and then assume it fell in a hole somewhere. The KBase article I linked above mentions a ""Failed to send SMTP message" error". I got no error in any log. That would have been very helpful, because I assumed for most of the day that the problem was that the event wasn't being detected, not that the notification was failing.

The second thing Microsoft did, and the root cause of the problem, is that the SMTP client in MOM authenticates via NTLM by default. There isn't any GUI, short of regedit, to change that setting, and no mention in the docs that an NTLM-authenticating SMTP server is required for notifications. So, the common SMTP authorization methods (by subnet or MD5 challenge/response) don't work, only NTLM works, and if you don't have NTLM, it doesn't give you an error, it just silently fails.

Nothing should EVER silently fail. Any failure in any system, especially in a systems management provider, should fail very noisily. I should be able to hear it fail around the world via my mobile phone.

MOM should have a button on every operator setup screen that says "test messaging to this operator".

On the good news side, at leat MOM 2005 uses SMTP instead of some kind of goofy MAPI-based (*cough* SQLMail Sucks *cough*) implementation that leaks memory like crazy.

Other than that, MOM is a pretty nifty tool. It has a lot of features that NTManage (now Intuit Network Monitor) is lacking, such as good reporting capabilities, the ability to run as a service instead of requiring a console login, easy-to-configure perfmon stats monitoring (NTManage has this, but it's a real pain in the ass to set up), very flexible operator scheduling, and a lot more. I'm going to spend the rest of the day migrating alert setups over and setting up new operators.

Print | posted on Thursday, October 14, 2004 10:36 AM |

Feedback

Gravatar

# re: Microsoft Operations Manager Setup

We use MOM here too. We saw a demo of NetIq the other day. Apparently, MS purchased MOM from NetIq a while back. NetIq claims their products do what MOM does plus much, much more. The demo was pretty impressive.
10/14/2004 4:35 PM | Tara
Gravatar

# re: Microsoft Operations Manager Setup

Yup. NetIQ is very cool stuff. I had it at a previous job and it's great. Does everything but brush your teeth for you. Rock solid reliable.

That said, the guy we had running it was totally top notch, very capable, and did an absolutely fantastic job of setting it up and maintaining it. I think that's the key to using NetIQ: the person who sets it up has to be really tenacious and creative in order to wring the most out of the product. He had the thing checking for everything from locked up IIS processes to low disk space, and I can't think of a single time in over 4 years that it didn't work 100% perfect.
10/14/2004 4:42 PM | rocketscientist
Gravatar

# re: Microsoft Operations Manager Setup

Dude..I wish I would found your article a week ago. I am using MOM2005 and cannot get the notifications to work no matter what I do. Please help.
11/11/2004 2:21 PM | Eric
Gravatar

# re: Microsoft Operations Manager Setup

Here's what I've done when notifications didn't work.

1. Do any emails work at all from the server running MOM? If not, check to see if the notification is being blocked by SMTP authorization problems, SMTP policies, or spam blocking software?

2. Make sure you've either got every error resolved in the MOM operator's console or that you've got duplicate error suppression turned off. If you've got an error in the operator's console and you've got duplicate suppression turned on, you won't get any more emails out of it.

I've found the best way to test this stuff is to create a sql server event with a notification built in that traps a custom error message, and then use RAISERROR to spring the error up.

chris.
11/11/2004 2:36 PM | rocketscientist
Gravatar

# re: Microsoft Operations Manager Setup

I just fixed the problem a little differently in my domain. For me the problem was that our external SMTP address is .ORG, but our internal domain name is .LOCAL. I had to go into the properties of the SMTP Virtual Server in IIS and allow relaying for its own IP.
11/12/2004 6:53 PM | Mike
Gravatar

# re: Microsoft Operations Manager Setup

FYI, the "Test End to End Monitoring" task in the MOM group seems to kick off an e-mail as part of the test. I went in the MOM rule (MOM\Operations Manager 2005\Agents on all MOM roles\Event Rules\MOM End to End Monitoring) to disable Alert Suppression for that particular rule, but outside of that, it worked pretty well for me. I agree though, it'd be much nicer to have a test button with each Operator...
1/3/2006 5:22 PM | Jerry
Gravatar

# re: Microsoft Operations Manager Setup

I'm still having no joy with this and i've spent days trying to figure it out. Can you give me any more guidance with your tip "Do any emails work at all from the server running MOM? If not, check to see if the notification is being blocked by SMTP authorization problems, SMTP policies, or spam blocking software? " Ive made the change recommended by MS to the registry but still no emails! Thanks
8/18/2006 6:56 AM | Finola
Gravatar

# re: Microsoft Operations Manager Setup

Email notfication doesn't work for me too. I'm in investigation but don't see any useful tool for the troubleshooting.
10/6/2006 2:51 AM | Vladislav Artukov
Gravatar

# re: Microsoft Operations Manager Setup

Email notification deos not work for me either. I am running MOM 2005 workgroup edition on my Windows 2003 virtual PC. I will need to devide and conquer by testing sending email independently.
10/17/2006 3:35 PM | John Chanthamontry
Comments have been closed on this topic.

Powered by:
Powered By Subtext Powered By ASP.NET