Tivoli Distributed Monitoring for Active Directory Reference

Tivoli® Distributed Monitoring for ActiveDirectoryReferenceVersion 3.7

Tivoli® Distributed Monitoring for Active Directory Reference

Copyright Notice

© Copyright IBM Corporation 2001. All rights reserved. May only be used pursuant to a Tivoli Systems Software LicenseAgreement, an IBM Software License Agreement, or Addendum for Tivoli Products to IBM Customer or License Agreement. Nopart of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any computerlanguage, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual, or otherwise, without priorwritten permission of IBM Corporation. IBM Corporation grants you limited permission to make hardcopy or other reproductions ofany machine-readable documentation for your own use, provided that each such reproduction shall carry the IBM Corporationcopyright notice. No other rights under copyright are granted without prior written permission of IBM Corporation. The document isnot intended for production and is furnished “as is” without warranty of any kind. All warranties on this document are herebydisclaimed, including the warranties of merchantability and fitness for a particular purpose.

U.S. Government Users Restricted Rights—Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBMCorporation.

Trademarks

IBM, Tivoli, the Tivoli logo, and Tivoli Enterprise Console are trademarks or registered trademarks of International BusinessMachines Corporation or Tivoli Systems Inc. in the United States, other countries, or both.

Microsoft, Windows, and Windows NT are trademarks of Microsoft Corporation in the United States, other countries, or both.

Other company, product, and service names may be trademarks or service marks of others.Notices

References in this publication to Tivoli Systems or IBM products, programs, or services do not imply that they will be available inall countries in which Tivoli Systems or IBM operates. Any reference to these products, programs, or services is not intended toimply that only Tivoli Systems or IBM products, programs, or services can be used. Subject to valid intellectual property or otherlegally protectable right of Tivoli Systems or IBM, any functionally equivalent product, program, or service can be used instead ofthe referenced product, program, or service. The evaluation and verification of operation in conjunction with other products, exceptthose expressly designated by Tivoli Systems or IBM, are the responsibility of the user. Tivoli Systems or IBM may have patents orpending patent applications covering subject matter in this document. The furnishing of this document does not give you any licenseto these patents. You can send license inquiries, in writing, to the IBM Director of Licensing, IBM Corporation, North Castle Drive,Armonk, New York 10504-1785, U.S.A.

ISO 9001 Certification This product was developed using an ISO 9001 certified quality system. Certification hasbeen awarded by Bureau Veritas Quality International (BVQI)(Certification No. BVQI - 92086 / A). BVQI is a world leader in quality certification and is currently recognized bymore than 20 accreditation bodies.

Contents

Figures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix

Preface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiWho Should Read This Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi

What This Manual Contains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi

Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii

Distributed Monitoring For Active Directory Library . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii

Prerequisite Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii

Related Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

Accessing Publications Online . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

Ordering Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

Providing Feedback about Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

Contacting Customer Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv

Conventions Used in This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv

Typeface Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv

Chapter 1. Introduction to Distributed Monitoring for Active Directory 1Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Key Features and Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Resource Models. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Configuration and Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Chapter 2. Active Directory Resource Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Related Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Active Directory Domain Controller Category . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Domain Controller Availability Resource Model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Domain Controller Performance Resource Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Active Directory Replication Category. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Replication Performance Resource Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Intra-site Replication Resource Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Intra-site Replication Traffic Resource Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Inter-site Replication Resource Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Inter-site Replication Traffic Resource Model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

File Replication Service Resource Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

DNS Category. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Windows 2000 DNS Server Performance Resource Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Active Directory Integrated DNS Resource Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

iiiTivoli Distributed Monitoring for Active Directory Reference

DHCP Category . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Windows 2000 DHCP Server Performance Resource Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Chapter 3. Domain Controller Availability Resource Model . . . . . . . . . . . . . . 11Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Indications and Events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

No RID Master Role in the Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

A Global Catalog Cannot Be Reached in the Forest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Unreachable Replica Partner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

No Domain Naming Master Role in the Forest. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

The Domain Controller Service Is Failing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

No Schema Master Role in the Forest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

The RID Master Role in the Domain Cannot be Reached. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

The Infrastructure Master Role in the Domain Cannot Be Reached. . . . . . . . . . . . . . . . . . . . . . 16

The Domain Controller Service Is Stopped . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

The Service of a FSMO Role Server is Failing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

The Service of a FSMO Role Server is Stopped. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

No Global Catalogs in the Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

The Domain Naming Master Role for the Forest Cannot Be Reached . . . . . . . . . . . . . . . . . . . . 18

All Global Catalogs in the Site Are Unavailable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

No Infrastructure Master Role in the Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

No PDC Master Role in the Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

The Schema Master Role for the Forest Cannot Be Reached . . . . . . . . . . . . . . . . . . . . . . . . . . 20

The PDC Master Role in the Domain Cannot Be Reached . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Chapter 4. Domain Controller Performance Resource Model. . . . . . . . . . . . 23Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24


Small Database Cache Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

High Number of Threads Waiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

High Ticket-Granting Server (TGS) Requests Per Second. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Small Database Table Cache Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

High Log Record Stalls Per Second . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

High Kerberos Authentication Requests Per Second . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Low Value of Cache Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Nonzero Cache Page Fault Stalls Per Second . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

High NTLM Authentication Requests Per Second . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

High Authentication Server (AS) Requests Per Second. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

iv Version 3.7

Thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Chapter 5. Replication Performance Resource Model. . . . . . . . . . . . . . . . . . . . 33Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34


Low Percentage of Inbound Properties Applied . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

High Percentage of Inbound Properties Filtered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

High Percentage of Outbound Objects Filtered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Low Percentage of Inbound Objects Applied . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

High Percentage of Inbound Objects Filtered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Chapter 6. Intra-site Replication Resource Model . . . . . . . . . . . . . . . . . . . . . . . . 39Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40


Intra-site Replication Failure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Chapter 7. Intra-site Replication Traffic Resource Model . . . . . . . . . . . . . . . . 43Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44


High Intra-site Outbound Replication Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

High Intra-site Inbound Replication Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Pending Directory Synchronization Not Processed Not Decreasing . . . . . . . . . . . . . . . . . . . . . . 45

Thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Chapter 8. Inter-site Replication Resource Model . . . . . . . . . . . . . . . . . . . . . . . . 47Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48


Inter-site Replication Failure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

No Bridgehead Servers in the Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

No Replication Partner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Site Link Not Defined . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Chapter 9. Inter-site Replication Traffic Resource Model . . . . . . . . . . . . . . . . 53

vTivoli Distributed Monitoring for Active Directory Reference

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54


High Inter-site Inbound Replication Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

High Inter-site Outbound Replication Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Chapter 10. File Replication Service Performance Resource Model . . . . 59Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60


High Percentage of Change Orders Evaporated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

High Percentage of Packets Sent in Error. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

High Percentage of Directory Service Bindings in Error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

High Percentage of Change Orders Retired . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

High Percentage of Change Orders Morphed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

High Value of Staging Space in Use (KB) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

High Percentage of Files Installed with Error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Persistent High Number of Packets Received . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Number of Files Installed Persistently High . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

High Percentage of Packets Received in Error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

High Usn Records Accepted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

High Percentage of Change Orders Aborted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Low Value of Staging Space Free (KB) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Persistent High Number of Change Orders Sent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Chapter 11. Windows 2000 DNS Server Performance Resource Model 69Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70


The DNS Server Service Is Stopped . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Dynamic Update Failures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

High DNS Response Time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Percentage of Zone Transfer Failures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

The DNS Server Service Is Failing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

vi Version 3.7

Chapter 12. Active Directory Integrated DNS Resource Model . . . . . . . . . . 75Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76


Missing Global Catalog SRV Record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Missing dnsNode Record. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Bad Record Data for Domain Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Missing PDC SRV Record. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Bad Record Data for Global Catalog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Missing Domain Controller SRV Record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Bad Record Data for Primary Domain Controller Emulator . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Chapter 13. Windows 2000 DHCP Server Performance ResourceModel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84


High Rate of Declines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

High Value of Conflict Check Queue Length . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

DHCP Slow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

DHCP Server Service Is Failing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

High Rate of Negative Acknowledgements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

High Increase of Packets Expired Per Second . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Short DHCP Scope Lease Times . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Sudden Decrease in DHCP Scope Lease Times . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

The DHCP Server Service Has Stopped . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

High Value of Active Queue Length . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

Appendix A. Troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91Error Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Error Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

Appendix B. Effective Use of the Parametric Event Log ResourceModel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Active Directory Domain Controller Category . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Active Directory Replication Category . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

DNS Category . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

DHCP Category. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

viiTivoli Distributed Monitoring for Active Directory Reference

Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

viii Version 3.7

Figures

1. Deployment of Active Directory resource models in the Tivoli environment . . . . . . . . . . . . . . . . . . . . 42. Distributed Monitoring for Active Directory in a Windows 2000 domain. . . . . . . . . . . . . . . . . . . . . . . 6

ixTivoli Distributed Monitoring for Active Directory Reference

x Version 3.7

Preface

Tivoli Distributed Monitoring for Active Directory is layered on Tivoli DistributedMonitoring for Windows®. It can be used in both native (Microsoft® Windows 2000 only)and mixed (Windows 2000 and Windows NT) environments.

Active Directory enables you to monitor, tune and manage the security, performance andavailability of Active Directory key resources and services, such as domain controllers;inter-site, intra-site, and file replication; and Microsoft’s predefined performance objects.

For detailed information about how to customize profiles and resource models, distributethem to endpoints, and monitor and log indications and events, refer to the Tivoli DistributedMonitoring for Windows User’s Guide.

Who Should Read This ManualThis manual is for Windows 2000 system administrators who are responsible for managingActive Directory resources.

To make effective use of the product, readers require knowledge as well as practicalexperience of the following:

¶ Installing and managing the Tivoli Management Framework and the Tivoli ManagementEnvironment®

¶ Installing, customizing, and managing Distributed Monitoring for Windows

¶ Windows 2000 system administration

Readers should also be familiar with the Tivoli Enterprise Console® product.

What This Manual ContainsThis manual contains the following sections:

¶ Chapter 1, “Introduction to Distributed Monitoring for Active Directory”

Provides an introduction to Distributed Monitoring for Active Directory, its features andfunctions, and its integration with Distributed Monitoring for Windows.

¶ Chapter 2, “Active Directory Resource Models”

Introduces each of the Active Directory resource models, and explains the key conceptsrequired for the effective customizing of these resource models.

¶ Chapters 3 to 13 inclusive

Provide details of the problems each resource model can highlight, and give informationabout the indications, thresholds and, where applicable, data logging features you canuse to manage your Active Directory environment as follows:

v Chapter 3, “Domain Controller Availability Resource Model”

v Chapter 4, “Domain Controller Performance Resource Model”

v Chapter 5, “Replication Performance Resource Model”

v Chapter 6, “Intra-site Replication Resource Model”

v Chapter 7, “Intra-site Replication Traffic Resource Model”

xiTivoli Distributed Monitoring for Active Directory Reference

v Chapter 8, “Inter-site Replication Resource Model”

v Chapter 9, “Inter-site Replication Traffic Resource Model”

v Chapter 10, “File Replication Service Performance Resource Model”

v Chapter 11, “Windows 2000 DNS Server Performance Resource Model”

v Chapter 12, “Active Directory Integrated DNS Resource Model”

v Chapter 13, “Windows 2000 DHCP Server Performance Resource Model”

¶ Appendix A, “Troubleshooting”

Provides information about possible errors that are the result of incorrectly configuredresource models, missed prerequisites, or an incorrectly configured Active Directoryenvironment.

¶ Appendix B, “Effective Use of the Parametric Event Log Resource Model”

Provides suggestions for event logs and source types to monitor with the parametricevent log resource model for each of the Active Directory resource categories.

PublicationsThis section lists publications in the Tivoli Distributed Monitoring for Active Directorylibrary and any other related documents. It also describes how to access Tivoli publicationsonline, how to order Tivoli publications, and how to make comments on Tivoli publications.

Distributed Monitoring For Active Directory LibraryThe following documents are available in the Tivoli Distributed Monitoring for ActiveDirectory library:

¶ Tivoli Distributed Monitoring for Active Directory Release Notes, GI11-0852

Provides installation instructions and late-breaking information about Tivoli DistributedMonitoring for Active Directory.

¶ Tivoli Distributed Monitoring for Active Directory Reference, SH19-4559

Provides information about events, indications, thresholds and logging metrics providedfor monitoring Active Directory, so that you can customize resource models for theeffective management of business-critical resources.

Prerequisite PublicationsTo be able to use the information in this book effectively, you must have some prerequisiteknowledge, which you can get from the following books:

¶ Tivoli Distributed Monitoring for Active Directory Release Notes, GI11-0852

Provides installation instructions and late-breaking information about Tivoli DistributedMonitoring for Active Directory.

¶ Tivoli Distributed Monitoring for Windows Release Notes, GI11-0843

Provides last-minute information about Distributed Monitoring for Windows 3.7

¶ Tivoli Distributed Monitoring for Windows User’s Guide, GC32-0403

Provides comprehensive instructions for customizing resource models.

You can use these instructions to customize both standard resource models formonitoring the performance and availability of your Windows 2000 systems, and ActiveDirectory specific resource models for monitoring Active Directory.

Preface

xii Version 3.7

Related PublicationsThe following documents also provide useful information related to Tivoli DistributedMonitoring for Active Directory:

¶ Tivoli Distributed Monitoring for Windows Workbench for Windows User’s Guide,GC32-0663

Provides comprehensive instructions for building, testing, packaging and installing yourown resource models.

¶ IBM Redbooks™ Implementing Tivoli Manager for Windows NT, SG24-5519

Provides background information about the architecture and design of DistributedMonitoring for Windows, which used to be called Tivoli Manager for Windows NT.

Accessing Publications OnlineYou can access many Tivoli publications online at the Tivoli Customer Support Web site:

http://www.tivoli.com/support/documents/

These publications are available in PDF or HTML format, or both. Translated documents arealso available for some products.

To access most of the documentation, you need an ID and password. If necessary, you canobtain these from the following Web site:

http://www.tivoli.com/support/getting/

Ordering PublicationsYou can order many Tivoli publications online at the following Web site:

http://www.ibm.com/shop/publications/order

You can also order by telephone by calling one of these numbers:

¶ In the United States: 800-879-2755

¶ In Canada: 800-426-4968

¶ In other countries, for a list of telephone numbers, see the following Web site:

http://www.tivoli.com/inside/store/lit_order.html

Providing Feedback about PublicationsWe are very interested in hearing about your experience with Tivoli products anddocumentation, and we welcome your suggestions for improvements. If you have commentsor suggestions about our products and documentation, contact us in one of the followingways:

¶ Send an e-mail to [email protected].

¶ Complete our customer feedback survey at the following Web site:

http://www.tivoli.com/support/survey/

Preface

xiiiTivoli Distributed Monitoring for Active Directory Reference

http://www.tivoli.com/support/documents/

http://www.tivoli.com/support/getting/

http://www.ibm.com/shop/publications/order

http://www.tivoli.com/inside/store/lit_order.html

http://www.tivoli.com/support/survey/

Contacting Customer SupportIf you have a problem with any Tivoli product, you can contact Tivoli Customer Support.See the Tivoli Customer Support Handbook at the following Web site:

http://www.tivoli.com/support/handbook/

The handbook provides information about how to contact Tivoli Customer Support,depending on the severity of your problem, and the following information:

¶ Registration and eligibility

¶ Telephone numbers and e-mail addresses, depending on the country you are in

¶ What information you should gather before contacting support

Conventions Used in This BookThis book uses several conventions for special terms and actions, operatingsystem-dependent commands and paths, and margin graphics.

Typeface ConventionsThe following typeface conventions are used in this book:

Bold Lowercase and mixed-case commands, command options, and flags thatappear within text appear like this, in bold type.

Graphical user interface elements (except for titles of windows and dialogs)and names of keys also appear like this, in bold type.

Italic Variables, values you must provide, new terms, and words and phrases thatare emphasized appear like this, in italic type.

Monospace Commands, command options, and flags that appear on a separate line, codeexamples, output, and message text appear like this, in monospace type.

Names of files and directories, text strings you must type, when they appearwithin text, names of Java™ methods and classes, and HTML and XML tagsalso appear like this, in monospace type.

Preface

xiv Version 3.7

http://www.tivoli.com/support/handbook/

Introduction to Distributed Monitoring forActive Directory

This section introduces Tivoli Distributed Monitoring for Active Directory, its key featuresand benefits, its resource models, and its integration with Tivoli Distributed Monitoring forWindows®.

For detailed information about Distributed Monitoring for Windows, refer to the TivoliDistributed Monitoring for Windows User’s Guide.

OverviewDistributed Monitoring for Active Directory is a distributed product that extends the existingmonitoring capabilities of Tivoli Distributed Monitoring for Windows.

Distributed Monitoring for Active Directory enables you to monitor, tune and manage theperformance and availability of Active Directory key resources, objects and services.

Distributed Monitoring for Active Directory is a solution for managing and monitoringActive Directory. It is built on Tivoli Distributed Monitoring for Windows 3.7.

To obtain a comprehensive view of the performance and availability of resources andservices, you can use Active Directory specific resource models on the same Tivoliendpoints with the resource models for system monitoring that are provided with DistributedMonitoring for Windows.

It is also advisable to distribute the parametric event log resource model that is providedwith Tivoli Distributed Monitoring for Windows to all domain controllers.

1

1Tivoli Distributed Monitoring for Active Directory Reference

1.In

trod

uctio

n

Key Features and BenefitsDistributed Monitoring for Active Directory has the following key features and benefits:

Feature Benefit

Integration with Tivoli Framework and DistributedMonitoring for Windows ¶ Tivoli environment and infrastructure

¶ Familiar user-interface

¶ Ability to monitor Windows 2000 domain controllers asTivoli endpoints

¶ Ability to monitor Windows 2000 Domain Name System(DNS) and Dynamic Host Configuration Protocol (DHCP)servers as Tivoli endpoints

¶ Ability to send events to the Tivoli Enterprise Console®

¶ Ability to send events to the Tivoli Business System Managerconsole

¶ Ability to log data for analysis and display

¶ Ability to view online and historical data on the HealthConsole

¶ Ability to set thresholds

¶ Ability to restart Windows services through built-in actions

¶ Ability to use new resource models together with existingDistributed Monitoring for Windows resource models, such asthe System category, such as the Memory, Process, andProcessor resource models, to monitor Windows 2000 systemresources.

Resource models tailored to Active Directory Ability to monitor the performance, availability, and health ofActive Directory key services and objects such as:

¶ Domain controllers

¶ Allocation of Flexible Single Master Operations (FSMO)roles

¶ Replication efficiency within and between multiple sites

¶ DHCP server

¶ DNS server

Error-handling capability Ability to display error messages on the Health Console about thefollowing:

¶ Missing prerequisites on endpoints

¶ The status of resource models

¶ Configuration errors that can cause resource models to stop

2 Version 3.7

Resource ModelsDistributed Monitoring for Active Directory uses out-of-the box, predefined resource models.

Generally you can use the default values and still obtain useful data. However, if necessaryyou can customize the resource models to suit your local requirements.

Different areas of Active Directory require different approaches to monitoring andmanagement. The resource models for Distributed Monitoring for Active Directory aretherefore divided into categories as shown in the following table:

Category Resource Model

Active Directory domain controller Domain controller performance

Domain controller availability

Active Directory replication Replication performance

Intra-site replication

Intra-site replication traffic

Inter-site replication

Inter-site replication traffic

File Replication Service

DHCP Windows 2000 DHCP Server performance

DNS Windows 2000 DNS Server performance

Active Directory Integrated DNS

For a detailed introduction to each of these resource models, see “Active Directory ResourceModels” on page 5.

For listings and descriptions of indications, events, thresholds and logging details for eachresource model, see the appropriate one of chapters 4 to 14.


1.In

trod

uctio

n

Configuration and DeploymentAll resource models for Active Directory are configured and deployed in exactly the sameway as the resource models that are provided with Distributed Monitoring for Windows:

1. You configure the resource models for Active Directory from the Tivoli desktop.

2. You package them into standard Distributed Monitoring for Windows profiles.

3. You use the Tivoli Framework facilities to distribute the profiles.

4. You use the Distributed Monitoring for Windows facilities to start and stop the resourcemodels.

A high-level summary of this process is shown in Figure 1.

For full descriptions of the steps for configuring, packaging and distributing resource modelsto endpoints, refer to the Tivoli Distributed Monitoring for Windows User’s Guide.

GUIDefault Management

< Back Next > Cancel

Bottlenecks Management

Configuration Management

Services Management

Memory leaks management

Processes Management

Finish





Services Management



Finish





Services Management



Finish





Services Management



Finish

Resource

ModelResource

Model

Profile ManagerProfile Manager

ProfileProfile


ProfileProfileResource

ModelResource

Model


ProfileProfile


ProfileProfile

Tivoli Server

Tivoli Environment

Domain Controller

Push

Tivoli ManagementAgent

Distributed Monitoringfor Windows engine

Resource

Domain Controller

Model

Push

Start

Resource

Model

Figure 1. Deployment of Active Directory resource models in the Tivoli environment

4 Version 3.7

Active Directory Resource Models

This section describes the purpose and function of each of the Active Directory resourcemodels.

The following table lists the resource models by category, and where you can find adescription of the resource model:

Category Resource Model See Page

Active Directory domaincontroller

Domain controller availability 6

Domain controller performance 7

Active Directory replication Replication performance 7

Intra-site replication 7

Intra-site replication traffic 7

Inter-site replication 8

Inter-site replication traffic 8

File Replication Service 8

DNS Windows 2000 DNS Server performance 8

Active Directory Integrated DNS 9

DHCP Windows 2000 DHCP Server performance 9

Related InformationThe following table shows where you can find additional information to help you work withthe resource models described in the following sections:

Information See

Listings and descriptions of indications, events,thresholds and logging details for each resource model

The appropriate one of chapters 3 to 13

Diagnosing problems with Distributed Monitoring forActive Directory resource models

“Troubleshooting” on page 91

Definitions of Active Directory and DistributedMonitoring for Windows concepts

The “Glossary” on page 101

Explanations of resource model concepts, andinstructions for configuring and installing resourcemodels

The Tivoli Distributed Monitoring forWindows User’s Guide

2


2.A

ctiveD

irectory

Reso

urce

Mo

dels

Active Directory Domain Controller CategoryThe Active Directory domain controller category contains resource models that must both bedistributed to all domain controllers in a forest. Together they provide a comprehensive viewof critical aspects of the availability and performance of Active Directory domain controllersin the forest.

Figure 2 shows a high-level view of an Active Directory domain where DistributedMonitoring for Active Directory is running on all domain controllers.

Domain Controller Availability Resource ModelIt is critical for Active Directory health that all domain controllers in the forest are available.This resource model checks that key domain controller services are available and stable. Ifsuch a service is in a stopped state, this resource model tries to restart that service.

The resource model also checks if Flexible Single Master Operations (FSMO) roles havebeen assigned to domain controllers, and if it is possible to connect to domain controllersthat are holding the FSMO roles.

It also checks that the domain controller and its replication partners can connect to eachother, and that global catalogs have been defined and can be accessed over the network

Windows 2000 Domain

Domain Controller

Domain Controlle

Domain Controller

Desktop System

Windows 2000 Domain

Domain Controller

Domain Controller

Domain Controller

Desktop System

Desktop System

Distributed Monitoringfor Active Directory



Figure 2. Distributed Monitoring for Active Directory in a Windows 2000 domain

6 Version 3.7

Domain Controller Performance Resource ModelOptimal performance of Active Directory depends on the effective management of the NTDirectory Service (NTDS) and Extensible Storage Engine (ESE) database. This resourcemodel retrieves statistical information about Active Directory, including the following:

¶ The number of Kerberos authentications

¶ The number of NTLM authentications

¶ The number of new users and computers created

Active Directory Replication CategoryThe Active Directory replication category contains resource models that monitor the threetypes of replication that are performed in an Active Directory environment:

Intra-Site replicationIs replication with a ring topology comprising domain controllers in the same site.

Inter-Site ReplicationIs replication among bridgehead servers, which function like gateways to remotesites. Bridgehead servers are the domain controllers that run the inter-site replicationprocess for the site.

File Replication ServiceIs replication of system policies and logon scripts that are stored in SYSVOL, and ofdata for distributed file systems.

Replication Performance Resource ModelThis resource model monitors the efficiency of the Active Directory replication process. Foreach domain controller to which it has been distributed and on which it is running, it checksthe percentage of inbound and outbound replication updates that have been filtered andapplied. These percentages give an indication to what extent Active Directory objects andproperties are dynamic or static. This information can be used to fine-tune the replicationinterval to optimize performance.

Intra-site Replication Resource ModelThis resource model monitors the replication process between domain controllers in thesame site. Because each domain controller in a forest is involved in the intra-site replicationprocess, this resource model should run on all of them.

This resource model retrieves, for the domain controller on which it is running, the intra-sitereplication topology for each directory partition and performs a check against replicationattempt failures for each replication partner and for each replicated directory partition.

If a replication attempt fails, the resource model sends an indication with details of thereplication partner, the directory partition, and the failure reason.

Intra-site Replication Traffic Resource ModelThis resource model should be distributed to all domain controllers in a site.

This resource model measures all incoming and outgoing intra-site replication traffic for thedomain controller on which it is running. It monitors the number of inbound (replicated in)and outbound (replicated out) bytes per second. You can define thresholds for both


2.A

ctiveD

irectory

Reso

urce

Mo

dels

quantities, and enable data logging for both as required. An indication can be sent if thenumber of inbound bytes per second or outbound bytes per second exceeds the threshold.

Inter-site Replication Resource ModelThis resource model should be distributed to one domain controller per site.

This resource model performs a number of tasks for the site in which it is running. Itmonitors the inter-site replication process, checks that a site link has been created, retrievesthe list of domain controllers that are acting as bridgehead servers within the site, andchecks for each bridgehead server that the inter-site replication is functioning efficiently.

Inter-site Replication Traffic Resource ModelThis resource model should be distributed to one domain controller per site.

This resource model performs a number of tasks for the site in which it is running. Itretrieves the list of domain controllers that are acting as bridgehead servers within the site,and retrieves the value of its performance counters related to inter-site replication activity.Inter-site replication traffic is compressed. It is measured by monitoring the number ofinbound (replicated in) and outbound (replicated out) compressed bytes. You can configurethe resource model, so that an indication is sent if the number of inbound bytes per secondor outbound bytes per second exceeds the thresholds.

File Replication Service Resource ModelThis resource model measures the performance of the File Replication Service (FRS).Windows 2000 domain controllers and servers use FRS to replicate system policies andlogin scripts for Windows 2000 and down-level clients.

This resource model should be distributed to all domain controllers.

DNS CategoryThe DNS category contains resource models that monitor Windows 2000 DNS Serverperformance and Active Directory integrated DNS respectively.

Windows 2000 DNS Server Performance Resource ModelThis resource model monitors the activity and performance of the Windows 2000 DNSserver. It monitors zone transfer failures, dynamic update failures, DNS response time, andgeneral problems with DNS.

Note: This resource model must be distributed only to primary DNS servers that runWindows 2000 DNS.

Even if DNS is integrated with Active Directory, a primary DNS server must benominated.

8 Version 3.7

Active Directory Integrated DNS Resource ModelWhen Windows 2000 DNS server runs on a domain controller, that domain controller storesa copy of the corresponding DNS zones. Windows 2000 domain controllers can register oneor more DNS records. These entries are Service Location Records (SRVs) that are used toidentify services that are available on a host.

SRVs enable a client to find the following:

¶ A Windows 2000 domain controller in the domain

¶ The primary domain controller (PDC) emulator

¶ The global catalog server

This resource model monitors and sends an alert if any of these SRVs is inaccurate ormissing. This resource model should be distributed to one domain controller in one of theparent domains in the forest.

DHCP CategoryThe DHCP category contains one resource model.

Windows 2000 DHCP Server Performance Resource ModelThis resource model monitors the performance and general functioning of the DHCP server.It checks if lease times are too short, if the traffic on the DHCP is too heavy, and other keyissues that ensure that the DHCP is in good health.

This resource model should be distributed to the DHCP server but only if it is runningWindows 2000 DHCP.


2.A

ctiveD

irectory

Reso

urce

Mo

dels

10 Version 3.7

Domain Controller Availability ResourceModel

This section describes the domain controller availability resource model.

The following table shows the key characteristics of this resource model:

Resource Model at a Glance

Category Active Directory domain controller

Thresholds NO

Parameters NO

Built-in actions YES

Clearing events YES

Default cycle time 300 seconds

3


3.D

om

ainC

on

troller

Availab

ility

Overview

Resource model distributionThis resource model should be distributed to each domain controller in a forest.

This resource model monitors domain controller availability and health. It performs thefollowing availability checks for each domain controller:

¶ Checks the availability and stability of the following domain controller key services, andprovides built-in actions for their automatic recovery:

Service Description

Dnscache DNS client cache

kdc Kerberos Key Distribution Center

lanmanserver Server

lanmanworkstation Workstation

IsmServ Inter-site messaging

Netlogon Net logon

NtFrs Windows NT® File Replication Service

RpcLocator Remote Procedure Call (RPC) Locator

RpcSs Remote Procedure Call (RPC)

TrkSvr Distributed Link Tracking Server

TrkWks Distributed Link Tracking Workstation

W32Time Windows Time

¶ Retrieves the names of the domain controllers holding Flexible Single Master Operation(FSMO) roles, and checks that the roles have been assigned

¶ Checks network connectivity among replica partners by obtaining the replica topologyfor each domain controller

¶ Checks that global catalogs exist and are reachable

12 Version 3.7

Indications and EventsThe following table lists the events that can be generated by the domain controlleravailability resource model, the name of the indication from which each event is generated,the severity of the event, and where you can find a detailed description of the indication:

Event Indication Severity See Page

TMW_RID_notfound No RID master role in the domain Critical 14

TMW_GC_all_unavailable A global catalog cannot be reachedin the forest

Critical 14

TMW_ReplPartner_unreachable Unreachable replica partner Critical 14

TMW_DomNaming_notfound No domain naming master role inthe forest

Critical 15

TMW_DCServ_Failing The domain controller service isfailing

Critical 15

TMW_Schema_notfound No schema master role in theforest

Critical 15

TMW_RID_unreachable The RID master role in the domaincannot be reached

Critical 16

TMW_Infra_unreachable The infrastructure master role inthe domain cannot be reached

Critical 16

TMW_DCServ_Stopped The domain controller servicestopped

Critical 17

TMW_DCServ_Failing_FSMORole The service of a FSMO role serveris failing

Warning 17

TMW_DCServ_Stopped_FSMORole The service of a FSMO role serveris stopped

Warning 18

TMW_GC_NotFoundInSite No global catalogs in the site Minor 18

TMW_DomNaming_unreachable The domain naming master rolefor the forest cannot be reached

Critical 18

TMW_GCInSite_all_unavailable All global catalogs in the site areunavailable

Warning 19

TMW_Infra_notfound No infrastructure master role in thedomain

Critical 19

TMW_PDC_notfound No PDC master role in the domain Critical 19

TMW_Schema_unreachable The schema master role for theforest cannot be reached

Critical 20

TMW_PDC_unreachable The PDC master role in thedomain cannot be reached

Critical 20


3.D

om

ainC

on

troller

Availab

ility

No RID Master Role in the DomainThis indication is sent when no domain controller holds the Relative ID (RID) master role inthe domain.

The RID operations master role holder must be available to supply other servers with RIDs.Assign the RID master role to a domain controller.

The indication has the following attribute:

domain Identifies the name of the domain

The following table shows the default settings for this indication:

Setting Default

Send indications to Tivoli Enterprise Console YES

Occurrences 1

Holes 0

A Global Catalog Cannot Be Reached in the ForestThis indication is sent when a domain controller cannot reach any of the global catalogs inthe entire forest.

This can be the result of connection problems.


forest Identifies the name of the forest


Setting Default


Occurrences 1

Holes 0

Unreachable Replica PartnerThis indication is sent when the server that is being monitored could not contact areplication partner at a specified site. In this case, the intra-site replication process does notrun. This can be the result of connection problems or problems with DNS.

The indication has the following attributes; key attributes are shown like this, in bold:

server Identifies the name of the server

replicationPartnerIdentifies the name of the replication partner that cannot be reached


Setting Default


14 Version 3.7

Setting Default

Occurrences 3

Holes 0

No Domain Naming Master Role in the ForestThis indication is sent when no domain naming master has been assigned to any domaincontroller in the forest. The domain controller holding the domain naming master role is theonly domain controller that can do the following:

¶ Add new domains to the forest

¶ Remove existing domains from the forest

¶ Add or remove cross-reference objects to external directories.

To solve the problem, assign the domain naming master role to a domain controller thatserves the forest.




Setting Default


Occurrences 1

Holes 0

The Domain Controller Service Is FailingThis indication is sent when one of the domain controller key services for Active Directoryhealth is failing.


serviceName Identifies the name of the failing service

serviceStatus Identifies the current status of the service

serviceState Identifies the current state of the service


Setting Default


Occurrences 1

Holes 0

No Schema Master Role in the ForestThis indication is sent when there is no schema master role assigned to any domaincontroller in the forest. The domain controller that holds the schema master role is the onlydomain controller that can perform write operations to the directory schema. Those schema


3.D

om

ainC

on

troller

Availab

ility

updates are replicated from the schema master to all other domain controllers in the forest.To solve the problem, assign the schema master role to a domain controller that serves theforest.




Setting Default


Occurrences 1

Holes 0

The RID Master Role in the Domain Cannot be ReachedThis indication is sent when the domain controller holding the RID master role in thedomain cannot be reached. The Relative ID (RID) operations master role holder must beavailable when a server needs to be supplied RIDs. This indication is sent if the domaincontroller holding the RID master role cannot be reached.

Check why the domain controller cannot be reached and, if necessary, reassign the RIDmaster role to another domain controller.


dcname Identifies the name of the domain controller that is currently holdingthe RID master role



Setting Default


Occurrences 3

Holes 0

The Infrastructure Master Role in the Domain Cannot Be ReachedThis indication is sent when the domain controller holding the infrastructure master rolecannot be reached.

The domain controller that holds the infrastructure master role for the group’s domainupdates the cross-domain group-to-user reference to reflect the user’s new name. Theinfrastructure master updates these references locally and uses replication to bring all otherreplicas of the domain up-to-date. If the infrastructure master is unavailable, these updatesare delayed.

Check why the domain controller cannot be reached and, if necessary, reassign the role ofinfrastructure master to another controller in the domain.


16 Version 3.7

dcname Identifies the name of the domain controller that cannot be reached



Setting Default


Occurrences 3

Holes 0

The Domain Controller Service Is StoppedThis indication is sent when one of the domain controller key services for Active Directoryhealth has stopped.


serviceName Identifies the name of the service that is in a stopped state


The indication contains a built-in action that restarts the service after it has stopped.


Setting Default


Occurrences 1

Holes 0

Restart Service? YES

The Service of a FSMO Role Server is FailingThis indication is sent when one of the key services for Active Directory health of a specificdomain controller is failing and that domain controller holds an FSMO master role. Theindication identifies which FSMO role the domain controller is holding.





fsmoRole Identifies the FSMO master role owned by the domain controller that isissuing the indication


Setting Default


Occurrences 1

Holes 0


3.D

om

ainC

on

troller

Availab

ility

The Service of a FSMO Role Server is StoppedThis indication is sent when one of the key services for Active Directory health of a specificdomain controller has stopped and that domain controller holds an FSMO master role.

The indication contains a built-in action that restarts the service after it has stopped.




fsmoMasterRoleIdentifies the FSMO master role


Setting Default


Occurrences 1

Holes 0


No Global Catalogs in the SiteThis indication is sent if there are no global catalogs serving this site. A global catalogserver is a requirement for logging on to the domain. It is therefore advisable to have atleast one global catalog server in each site. The global catalog also enables searching forActive Directory objects in any domain in the forest without the need for subordinatereferrals, and users can find objects of interest quickly without having to know whichdomain contains the object. To solve the problem, assign at least one domain controller to bea global catalog for the site.


siteName Identifies the name of the site


Setting Default


Occurrences 1

Holes 0

The Domain Naming Master Role for the Forest Cannot Be ReachedThis indication is sent when the domain controller holding the domain-naming master role inthe forest cannot be reached. Only this domain controller can do the following:

¶ Add new domains to the forest

¶ Remove existing domains from the forest

¶ Add or remove cross-reference objects to external directories

18 Version 3.7

To solve the problem, reassign the role to another domain controller.


dcname Identifies the name of the domain controller



Setting Default


Occurrences 3

Holes 0

All Global Catalogs in the Site Are UnavailableThis indication is sent when all global catalogs defined for the specified site are unavailable.




Setting Default


Occurrences 1

Holes 0

No Infrastructure Master Role in the DomainThis indication is sent when no domain controller holds the infrastructure master role for thedomain. Each group’s domain must assign this role so that the cross-domain group-to-userreference is updated with new and changed user names. The infrastructure master updatesthese references locally and uses replication to bring all other replicas of the domainup-to-date. If the infrastructure master is unavailable, these updates are delayed. To shortendelays, assign the role to a domain controller that serves the domain.




Setting Default


Occurrences 1

Holes 0

No PDC Master Role in the DomainThis indication is sent when a primary domain controller (PDC) emulator master role hasnot been assigned to any domain controller in the domain. This is the domain controller that


3.D

om

ainC

on

troller

Availab

ility

is assigned to act as a Windows NT primary domain controller (PDC) to service networkclients that do not have Active Directory client software installed, and to replicate directorychanges to any Windows NT backup domain controllers (BDCs) in the domain. For aWindows 2000 domain operating in native mode, the PDC emulator master receivespreferential replication of password changes performed by other domain controllers in thedomain and handles any password authentication requests that fail at the local domaincontroller. At any time, there can be only one PDC emulator in a particular domain.

Assign the PDC master role to a domain controller that serves the domain.




Setting Default


Occurrences 1

Holes 0

The Schema Master Role for the Forest Cannot Be ReachedThis indication is sent when the domain controller holding the schema master role in theforest cannot be reached. The domain controller that holds the schema master role is theonly domain controller that can perform write operations to the directory schema. Thoseschema updates are replicated from the schema master to all other domain controllers in theforest.

Assign the role to another domain controller that serves the domain.





Setting Default


Occurrences 3

Holes 0

The PDC Master Role in the Domain Cannot Be ReachedThis indication is sent when the domain controller holding the PDC emulator master role inthe domain cannot be reached. The domain controller assigned acts as a Windows NT PDCto service network clients that do not have Active Directory client software installed, and toreplicate directory changes to any Windows NT backup domain controllers (BDCs) in thedomain.

For a Windows 2000 domain operating in native mode, the PDC emulator master receivespreferential replication of password changes performed by other domain controllers in the

20 Version 3.7

domain, and handles any password authentication requests that fail at the local domaincontroller. At any time, there can be only one PDC emulator in a particular domain.

Assign the PDC master role to another domain controller that serves the domain.





Setting Default


Occurrences 3

Holes 0


3.D

om

ainC

on

troller

Availab

ility

LoggingThe following table shows the resource, context and properties for which data can belogged:

Resource Context Properties

Service StatusserverName

Identifies the name ofthe server

serviceNameIdentifies the name ofthe service

state Identifies the state ofthe service

status Identifies the status ofthe service

22 Version 3.7

Domain Controller Performance ResourceModel

This section describes the domain controller performance resource model.



Category Active Directory domain controller

Thresholds YES

Parameters NO

Built-in actions NO

Clearing events YES


4


4.D

om

ainC

on

troller

Perfo

rman

ce

Overview

Resource model distributionThis resource model should be distributed to each domain controller in a forest.

This resource model monitors domain controller performance. It performs the followingperformance checks:

¶ Monitors NT Domain Server (NTDS) counters

¶ Monitors client performance requests, such as LDAP client sessions and the number ofsuccessful Directory Service bindings

¶ Monitors performance aspects of the Extensible Storage Engine (ESE) database, such ascache size and file operations statistics

This resource model can send events when the values of counters exceed defined thresholds.It logs data about client performance requests, database activity, and NTDS activity.

PrerequisitesThis resource model uses performance counters that require the Microsoft databaseperformance object to be installed.

Note: This performance object is not installed by default when you install the Windows2000 software.

For information about installing the database performance object, refer to theWindows 2000 Resource Kit, or to the following web site:

http://www.microsoft.com/TechNet/win2000/win2ksrv/adguide/addch09.asp

24 Version 3.7

|

||

||

||

||

Indications and EventsThe following table lists the events that can be generated by the domain controllerperformance resource model, the name of the indication from which each event is generated,the severity of the event, and where you can find a detailed description of the indication:


TMW_Small_DBCacheSize Small database cache size Warning 25

TMW_High_LogThreadWait High number of threads waiting Warning 25

TMW_High_KdcTGS_Reqs High ticket granting server requests persecond

Critical 26

TMW_LowDBTabCache Small database table cache size Warning 26

TMW_High_LogRecStlsRate High log record stalls per second Warning 27

TMW_High_KerbAuth_Reqs High Kerberos authentication requests persecond

Critical 27

TMW_Low_CacheSize Low value of cache size Warning 27

TMW_High_CachePgStllsRate Nonzero cache page fault stalls per second Warning 28

TMW_High_NTLMAuth_Reqs High NTLM authentication requests persecond

Critical 28

TMW_High_KdcAS_Reqs High authentication server requests persecond

Critical 28

Small Database Cache SizeThis indication is sent if the database cache size is too small. This problem can arise whenone or more of the following performance counters of the database performance object reacha critical value:

¶ Cache % Hit

¶ Cache Page Faults/sec

¶ File Bytes Read/sec

¶ File Bytes Written/sec

¶ File Operations/sec


Setting Default


Occurrences 5

Holes 0

High Number of Threads WaitingThis indication is sent if the number of threads waiting for data to be written to the log tocomplete an update of the database is high. This can indicate a potential bottleneck in thelog.



4.D

om

ainC

on

troller

Perfo

rman

ce

logThreadswaitIdentifies the number of threads waiting


Setting Default

Send indications to Tivoli Enterprise Console NO

Occurrences 3

Holes 0

High Ticket-Granting Server (TGS) Requests Per SecondThis indication is sent if the rate at which the Kerberos Key Distribution Center (KDC)services server requests to grant tickets is high. TGS requests are used by the client to obtaina ticket to a resource.


kdcTGSReqPerSecIdentifies the rate of KDC services server requests


Setting Default


Occurrences 3

Holes 0

Small Database Table Cache SizeThis indication is sent if all of the following are true:

¶ The percentage of database tables opened using cached schema information is low

¶ The rate of database tables opened using cached schema information is low

¶ The rate of database tables opened without using cached schema information is high.

The coexistence of these three facts may indicate that the ESE database table cache size istoo small.

The indication has the following key attributes:

TblOpenCachePercHitIdentifies the percentage of database tables opened using cached schemainformation

TblOpenCacheHitsPerSecIdentifies the number of database tables opened using cached schemainformation per second

TblOpenMissesPerSecIdentifies the number of database tables opened without using cachedschema information per second


26 Version 3.7

Setting Default


Occurrences 3

Holes 0

High Log Record Stalls Per SecondThis indication is sent if the number of log records that cannot be added to the log buffersper second, because they are full, is high for most of the time. The number should be zero.If this is not the case, the log buffer size may be a bottleneck.


LogRecStallsPerSecIdentifies the number of log record stalls per second


Setting Default


Occurrences 10

Holes 2

High Kerberos Authentication Requests Per SecondThis indication is sent if the rate of Kerberos authentication requests on this domaincontroller is high. This number measures the number of times per second that clients use aticket to authenticate themselves with the domain controller that is being monitored.


KerberosAuthReqsPerSecIdentifies the rate of Kerberos authentication requests per second


Setting Default


Occurrences 3

Holes 0

Low Value of Cache SizeThis indication is sent if the cache size value is too small and there is no available memory.Increasing memory could better the performance. If there is enough system memory, but thecache database size does not increase, try adding more RAM.


CacheSize Identifies the value of the cache size



4.D

om

ainC

on

troller

Perfo

rman

ce

Setting Default


Occurrences 2

Holes 0

Nonzero Cache Page Fault Stalls Per SecondThis indication is sent if the number of page faults per second that cannot be servicedbecause there are no pages available for allocation from the database cache is high. Thisnumber should be zero most of the time. If this value is non-zero most of the time, the cleanthreshold may be set too low.


CachePgStallsPerSecIdentifies the number of page fault stalls per second


Setting Default


Occurrences 10

Holes 2

High NTLM Authentication Requests Per SecondThis indication is sent if the rate of NTLM authentication requests on this domain controlleris high.


ntlmReqsPerSecIdentifies the number of NTLM authentication requests per second


Setting Default


Occurrences 3

Holes 0

High Authentication Server (AS) Requests Per SecondThis indication is sent if the rate of authentication server (AS) requests serviced by theKerberos Key Distribution Center (KDC) is high. AS requests are used by clients to obtain aticket-granting ticket.


kdcASReqPerSecIdentifies the number of authentication server (AS) requests serviced by theKerberos Key Distribution Center (KDC) per second

28 Version 3.7


Setting Default


Occurrences 3

Holes 0

ThresholdsThe following table lists the thresholds that can be set for the domain controller performanceresource model. For each threshold it shows the name, a short description, and the defaultvalue:

Threshold Description Default

KDC Authentication Serverrequests per second

This threshold measures the rate of Kerberos Key DistributionCenter (KDC) Authentication Service (AS) requests.

100

Database table open cache %hit This threshold measures the percentage of ESE database tablesopened using cached schema information. If this percentage is toolow, the table cache size may be too small.

20

File bytes written per second(MB per second)

This threshold measures the rate of bytes written to the databasefile from the database cache per second. If this rate is too high, thedatabase cache size may be too small.

30

File bytes read per second (MBper second)

This threshold measures the rate of bytes read from the databasefile into the database cache per second. If this rate is too high, thedatabase cache size may be too small.

30

Database table open cachemisses per second

This threshold indicates the number of ESE database tables openedwithout using cached schema information per second. If this rate istoo high, the table cache size may be too small.

300

NTLM authentications requestsper second

This threshold measures the number of NT LAN Manager(NTLM) authentications per seconds serviced by a particulardomain controller.

100

Size of the DB Cache Manager(MB)

This threshold is relative to the amount of system memory used bythe ESE database cache manager to hold commonly usedinformation from the database files to prevent file operations.

If the database cache size is too small and there is very littlememory available on the system, the performance may be poor.

If the available memory is large and the database cache size is notgrowing beyond a certain point, the database cache size may becapped at an artificially low limit.

2

Percentage of file page requests This threshold measures the percentage of file page requestsfulfilled by the database cache without causing a file operation. Ifthis percentage is too low, the database cache size may be toosmall.

20

Kerberos Authenticationrequests per second

This threshold measures the rate of authentication requests comingfrom Kerberos.

100

Number of Log threads waiting This threshold measures the number of threads waiting for data tobe written to the log to complete an update of the database. If thisnumber is to high, the log may be a bottleneck.

300


4.D

om

ainC

on

troller

Perfo

rman

ce


Database table open cache hitsper second

This threshold measures the number of ESE database tablesopened using cached schema information per second. If this rate istoo low, the table cache size may be too small.

1000

File operations This threshold measures the number of file operations per second.If this number is high, the database cache size may be too small.

100

Number of database file pagerequests per second

This threshold measures the number of database files that require anew page per second. If this rate is too high the database cachesize may be too small.

30

KDC Ticket Granting Servicerequests per second

This threshold measures the rate of Kerberos Key DistributionCenter (KDC) Ticket Granting Service (TGS) requests.

100

LoggingThe domain controller performance resource model can log data for the following resources:

¶ Client

¶ Database

¶ NTDS

The following table shows for each resource the contexts and properties for which data canbe logged:


Client LDAP SessionsservicedBy

Identifies the name of the domaincontroller that is servicing the request

numLDAPClientSessionsIdentifies the number of LDAP clientsessions with the domain controller

DS RequestsservicedBy


numNTDSBinds/secIdentifies the number of NTDS bindsrequested by clients per second

LDAP RequestsservicedBy


LDAPBindTime(sec)Identifies the time required to set upan LDAP bind in seconds

30 Version 3.7


Database OperationsDBName

Identifies the name of the database

FileOpsPerSecIdentifies the number of fileoperations per second

DBTblOpenCacheHitsPerSecIdentifies the number of ESEdatabase tables opened using cachedschema information per second

DBTblOpenCacheMissesPerSecIdentifies the number of ESEdatabase tables opened without usingcached schema information persecond

LogRecsNotAddedPerSecIdentifies the number of log recordsthat were not added per second

CachePgFaultsStallsPerSecIdentifies the number of cache pagefaults per second that cannot beserviced because there are no pagesavailable for allocation

CachePgFaultsPerSecIdentifies the total number of cachepage faults per second

LogsDBName


LogThreadWaitingIdentifies the number of threads thatare waiting for data to be written tothe log

Caching


4.D

om

ainC

on

troller

Perfo

rman

ce


Database CachingDBName


CachePercHitIdentifies the number of file pagerequests fulfilled by the databasecache without causing a file operation

TableOpenCachePercHitIdentifies the percentage of ESEdatabase tables opened using cachedschema information

SizingDBName


CacheSize(MB)Identifies the size of the databasecache in MB

NTDS Authenticationrequests

server Identifies the name of the server

KerberosAuthenticationsIdentifies the number of Kerberosauthentication requests

KDC_AS_reqsIdentifies the number ofauthentication requests sent to theKerberos Key Distribution Center bythe Authentication Server

KDC_TGS_reqsIdentifies the number of ofauthentication requests sent to theKerberos Key Distribution Center bythe Ticket- Granting Server

NTLM_AuthenticationsIdentifies the number of NT LanManager authentication requests

Users and computersserver Identifies the name of the server

numUsersCreatePerSecIdentifies the number of new userscreated per second

numMachineCreatePerSecIdentifies the number of newmachines created per second

32 Version 3.7

Replication Performance Resource Model

This section describes the replication performance resource model.



Category Active Directory replication

Thresholds YES

Parameters NO

Built-in actions NO

Clearing events YES


5


5.R

eplicatio

nP

erform

ance

Overview

Resource model distributionThis resource model should be distributed to all domain controllers in a site.

This resource model monitors the efficiency of the Active Directory replication process. Foreach domain controller to which it has been distributed and on which it is running, it checksthe percentage of inbound and outbound replication updates that have been filtered andapplied. These percentages give an indication of the extent to which Active Directory objectsand properties are dynamic or static. This information can be used to fine-tune thereplication interval to optimize performance.

Indications and EventsThe following table lists the events that can be generated by the replication performanceresource model, the name of the indication from which each event is generated, the severityof the event, and where you can find a detailed description of the indication:


TMW_LowInbPropApplRate Low percentage of inbound propertiesapplied

Minor 34

TMW_HighInbPropFiltRate High percentage of inbound propertiesfiltered

Minor 35

TMW_HighOutObjFiltRate High percentage of outbound objectsfiltered

Minor 35

TMW_LowInbObjApplRate Low percentage of inbound objectsapplied

Minor 36

TMW_HighInbObjFiltRate High percentage of inbound objectsfiltered

Minor 36

Low Percentage of Inbound Properties AppliedThis indication is sent when the percentage of inbound replication properties received fromreplication partners and applied by the local service directory is low compared to the totalnumber of properties that have been received by means of inbound replication.


inbPropApplPercIdentifies the percentage of inbound replication properties received fromreplication partners and applied by the local service directory


Setting Default


Occurrences 2

Holes 0

34 Version 3.7

High Percentage of Inbound Properties FilteredThis indication is sent when the percentage of inbound replication properties received fromreplication partners that did not contain any updates to be applied is high in relation to thetotal number of properties received by means of inbound replication.

If this percentage is high (compared to the threshold), properties are very static and thereplication frequency could be decreased.


inbPropFiltPercIdentifies the percentage of inbound replication properties received fromreplication partners that were filtered out because they did not contain anyupdates to be applied


Setting Default


Occurrences 2

Holes 0

High Percentage of Outbound Objects FilteredThis indication is sent when the percentage of outbound replication objects that have not yetbeen received by the outbound partner is high in relation to the total number of objectsreplicated out.

If this percentage is high (compared to the threshold), objects are very static and thereplication frequency could be decreased.


OutbObjFiltPercIdentifies the percentage of outbound replication objects that were filteredout


Setting Default


Occurrences 2

Holes 0


5.R

eplicatio

nP

erform

ance

Low Percentage of Inbound Objects AppliedThis indication is sent when the percentage of inbound replication objects received fromreplication partners and applied by the local service directory is low in relation to the totalnumber of objects received by means of inbound replication.


InbObjApplPercIdentifies the percentage of inbound replication objects received fromreplication partners and applied by the local service directory


Setting Default


Occurrences 2

Holes 0

High Percentage of Inbound Objects FilteredThis indication is sent when the percentage of inbound replication objects received fromreplication partners that contained no updates to be applied is high in relation to the totalnumber of objects received by means of inbound replication.

If this percentage is high (compared to the threshold), objects are very static and thereplication frequency could be decreased


percInbObjFiltIdentifies the percentage of inbound replication objects received fromreplication partners that contained no updates to be applied


Setting Default


Occurrences 2

Holes 0

36 Version 3.7

ThresholdsThe following table lists the thresholds that can be set for the Replication Performanceresource model. For each threshold it shows the name, a short description, and the defaultvalue:


Percentage of inbound objectsapplied

This threshold measures the percentage of replication objectsreceived from replication partners, and applied by the localdirectory service. Only changes containing effective updates areapplied.

Whenever the percentage of inbound objects filtered is below thisthreshold value, an indication is sent.

70

Percentage of inbound objectsfiltered

This threshold measures the percentage of replication updatesreceived from replication partners but not applied by the localdirectory service. Changes are received but not applied when thechange is already present on the domain controller.

Whenever the percentage of inbound objects applied is above thisthreshold value, an indication is sent.

50

Percentage of inboundproperties filtered

This threshold measures the percentage of properties changes thatare received but are filtered, because they do not contain anyupdates.

Whenever the percentage of inbound properties filtered is abovethis threshold value, an indication is sent.

50

Percentage of inboundproperties applied

This threshold measures the percentage of properties updates thatare genuine incoming properties changes.

Whenever the percentage of inbound properties applied is belowthis threshold value, an indication is sent.

70

Percentage of outbound objectsfiltered

This threshold measures the percentage of objects replicated outthat do not contain any updates.

Whenever the percentage of outbound objects filtered is above thisthreshold value, an indication is sent.

50


5.R

eplicatio

nP

erform

ance



DRA Outbound replicationdata

serverNameIdentifies the name of the server

objectFilteredPercIdentifies the percentage ofreplication objects sent to replicationpartners that do not contain anyupdates

Inbound replicationdata

serverNameIdentifies the name of the server

objectsAppliedPercIdentifies the percentage ofreplication objects received fromreplication partners that have beenapplied by the local directory service

objectsFilteredPercIdentifies the percentage ofreplication objects received fromreplication partners that do notcontain any updates

propertiesAppliedPercIdentifies the percentage ofreplication properties received fromreplication partners that have beenapplied by the local directory service

propertiesFilteredPercIdentifies the percentage ofreplication properties received fromreplication partners that do notcontain any updates

38 Version 3.7

Intra-site Replication Resource Model

This section describes the intra-site replication resource model.




Thresholds NO

Parameters NO

Built-in actions NO

Clearing events YES


6


6.In

tra-siteR

eplicatio

n

Overview

Resource model distributionEach domain controller is involved in an intra-site process, therefore this resourcemodel should be distributed to all domain controllers in a site.

This resource model monitors the intra-site replication process. It retrieves, for the domaincontroller on which it is running, the intra-site replication topology for each directorypartition and performs a check against replication attempt failures for each replicationpartner and for each replicated directory partition.

If a replication attempt fails, the resource model sends an indication with details of thereplication partner, the directory partition being replicated, and the failure reason.

Indications and EventsThe following table lists the event that can be generated by the intra-site replication resourcemodel, the name of the indication from which the event is generated, the severity of theevent, and where you can find a detailed description of the indication:


TMW_IntraSiteRepl_Failure Intra-site replication failure Critical 40

Intra-site Replication FailureThis indication is sent if an intra-site replica process between the server and one of itsreplication partners has failed. The indication contains a message that identifies the failurereason.


server Identifies the server name

replicaPartnerIdentifies the name of the replication partner

directoryPartitionIdentifies the directory partition that has failed to replicate

failuresIdentifies the number of intra-site replication failures

site Identifies the site

replMsgIdentifies the replication message

timeLastAttemptIdentifies the time when replication was last attempted

timeLastSuccIdentifies the time when replication was last successful

40 Version 3.7


Setting Default


Occurrences 1

Holes 0



DRA Replication attemptpartnerName Identifies the name of the

replication partner

directoryPartitionIdentifies the directory partitionthat has been replicated

lastTime Identifies the time when replicationwas last attempted

succTime Identifies the time when replicationwas last successful


6.In

tra-siteR

eplicatio

n

42 Version 3.7

Intra-site Replication Traffic ResourceModel

This section describes the intra-site replication traffic resource model.




Thresholds YES

Parameters NO

Built-in actions NO

Clearing events YES


7


7.In

tra-siteR

eplicatio

nTraffic

Overview


This resource model measures all intra-site replication traffic that affects the domaincontroller on which it is running. It measures intra-site replication traffic by monitoring thenumber of inbound (replicated in) and outbound (replicated out) bytes. An indication can besent if the number of inbound bytes per second or outbound bytes per second exceeds thethresholds.

Indications and EventsThe following table lists the events that can be generated by the intra-site replication trafficresource model, the name of the indication from which each event is generated, the severityof the event, and where you can find a detailed description of the indication:


TMW_HighOutbBytes High intra-site outbound replication traffic Harmless 44

TMW_HighInbBytes High intra-site inbound replication traffic Harmless 45

TMW_PendDirSync Pending directory synchronization notprocessed not decreasing

Warning 45

High Intra-site Outbound Replication TrafficThis indication is sent when the outbound bytes per second exceed the threshold foroutbound intra-site replication traffic.


outboundBytesPerSecIdentifies the number of outbound bytes per second


Setting Default


Occurrences 2

Holes 0

44 Version 3.7

High Intra-site Inbound Replication TrafficThis indication is sent when the number of inbound bytes per second exceeds the threshold.This indication means that intra-site inbound replication traffic is high.


inboundBytesPerSecIdentifies the number of inbound bytes per second


Setting Default


Occurrences 2

Holes 0

Pending Directory Synchronization Not Processed Not DecreasingThis indication is sent when the number of directory synchronizations that are queued forthis server but not yet processed does not decrease. This number should normally be zero orclose to zero. This indication means that some problem has occurred in the replicationprocess.


pendDirSyncNumIdentifies the number of pending directory synchronizations


Setting Default


Occurrences 6

Holes 0

ThresholdsThe following table lists the thresholds that can be set for the Intra-site Replication Trafficresource model. For each threshold it shows the name, a short description, and the defaultvalue:


Outbound bytes per second Number of bytes per second of outbound replication data from thesame site

100

Inbound bytes per second Number of bytes per second of inbound replication data from thesame site

100


7.In

tra-siteR

eplicatio

nTraffic



DRA Outbound replication dataserverName Name of the server

bytesPerSec Number of bytes per second ofoutbound replication data from thesame site

Inbound replication dataserverName Name of the server

bytesPerSec Number of bytes per second ofinbound replication data from thesame site

46 Version 3.7

Inter-site Replication Resource Model

This section describes the inter-site replication resource model.




Thresholds NO

Parameters NO

Built-in actions NO

Clearing events YES


8


8.In

ter-siteR

eplicatio

nR

esou

rce

Overview

Resource model distributionThis resource model can run on any domain controller in a domain performing theinter-site replication process. It should be distributed to one or more domain controllersper site as follows:

¶ If one or more specific domain controllers have been designated to act asbridgehead server, distribute this resource model to those machines to optimizeperformance.

In this case, all required resources are accessed locally and there is no need toenable Tivoli to access remote resources through the wlcftap command.

¶ If the Knowledge Consistency Checker (KCC) has been configured to create andmaintain the inter-site replication topology, and you do not know which domaincontroller has been designated to act as bridgehead server, distribute this resourcemodel to a generic domain controller.

The controller will contact the bridgehead server to retrieve the requiredinformation.

In this case, you must run the wlcftap command on all endpoints on which thisresource model is running, to enable Tivoli to access remote file systems. Fordetails of the wlcftap command, see Prerequisites.

This resource model performs the following tasks for the site in which it is running:

¶ Checks that a site link has been created

¶ Monitors the inter-site replication process

¶ Locates the domain controllers that are acting as bridgehead servers within the site.These are the domain controllers that control the inter-site replication process for thesite.

¶ Checks for each bridgehead server that the inter-site replication is functioning efficiently.

PrerequisitesThis resource model accesses remote resources of one or more remote domain controllersthat are acting as bridgehead server.

If you have not distributed this resource model to one or more domain controllers that areacting as bridgehead servers, you must run the wlcftap command on all the Tivoli endpointson which the resource model has been distributed. The wlcftap command sets the propertiesof the TivoliAP.dll (TAP). The TAP enables Tivoli to access remote file systems in thecontext of a user.

wlcftap -r domain-name\user-namewhere:

user-nameIdentifies a user member of the Domain Admins group

48 Version 3.7

Indications and EventsThe following table lists the events that can be generated by the inter-site replicationresource model, the name of the indication from which each event is generated, the severityof the event, and where you can find a detailed description of the indication:


TMW_InterSiteRepl_Failure Inter-site replication failure Critical 49

TMW_BridgeHead_NotFound No bridgehead servers in the site Warning 50

TMW_NoReplicaPartner No replication partner Warning 50

TMW_SiteLink_NotFound Site link not defined Warning 51

Inter-site Replication FailureThis indication is sent if an inter-site replication process between the server and its partnerin the other site has failed. The indication also describes the reason for the failure, and givesthe time of the last replication attempt.


failuresIdentifies the number of failures since the last successful replication attempt

bridgeHeadServerIdentifies the bridgehead server serving the site whose inter-site replicationprocess has failed

partnerServerIdentifies the partner server of the bridgehead server

directoryPartitionIdentifies the directory partition that has failed to replicate

replMsgIdentifies the text of the reply message that is sent as part of the indication

timeLastAttemptIdentifies the time of the last replication attempt

timeLastSuccIdentifies the time of the last successful replication attempt


Setting Default


Occurrences 1

Holes 0


8.In

ter-siteR

eplicatio

nR

esou

rce

No Bridgehead Servers in the SiteThis indication is sent if no domain controllers have been designated as bridgehead serverfor the specified site. Bridgehead servers are required in each site to perform site-to-sitereplication. Bridgehead servers can be designated automatically by the KCC, or they can beassigned manually by an administrator.


siteName Identifies the name of the site that does not have a designated bridgeheadserver


Setting Default


Occurrences 1

Holes 0

No Replication PartnerThis indication is sent when a domain controller that is acting as bridgehead server has noreplication partner in an inter-site replication process. No domain controller has beendesignated in another site to be the replica partner for this domain controller.

Check and change the replication topology to correct this.


BridgeHeadServerIdentifies the name of the bridgehead server that does not have a designatedreplication partner


Setting Default


Occurrences 1

Holes 0

50 Version 3.7

Site Link Not DefinedThis indication is sent when no site link has been created for the specified site. If thisinter-site connection does not exist, two or more sites cannot replicate with each other.




Setting Default


Occurrences 1

Holes 0



DRA Replication attemptbridgeHeadServer

Identifies the bridgehead server that isserving the site whose inter-sitereplication process has failed

partnerName Identifies the partner server of thebridgehead server

directoryPartitionIdentifies the directory partition beingreplicated

lastTime Identifies the time of the last replicationattempt

succTime Identifies the time of the last successfulreplication attempt


8.In

ter-siteR

eplicatio

nR

esou

rce

52 Version 3.7

Inter-site Replication Traffic ResourceModel

This section describes the inter-site replication traffic resource model.



Category Active Directory Replication

Thresholds YES

Parameters NO

Built-in actions NO

Clearing events YES


9


9.In

ter-siteR

eplicatio

nTraffic

Overview

Resource model distributionThis resource model can run on any domain controller in a domain performing theinter-site replication process. It should be distributed to one or more domain controllersper site as follows:

¶ If one or more specific domain controllers have been designated to act asbridgehead server, distribute this resource model to those machines to optimizeperformance.

In this case, all required resources are accessed locally and there is no need toenable Tivoli to access remote resources through the wlcftap command.

¶ If the Knowledge Consistency Checker (KCC) has been configured to create andmaintain the inter-site replication topology, and you do not know which domaincontroller has been designated to act as bridgehead server, distribute this resourcemodel to a generic domain controller.

The controller will contact the bridgehead server to retrieve the requiredinformation.

In this case, you must run the wlcftap command on all endpoints on which thisresource model is running, to enable Tivoli to access remote file systems. Fordetails of the wlcftap command, see Prerequisites.

This resource model performs the following tasks for the site in which it is running:

¶ Locates the domain controllers that are acting as bridgehead servers within the site.These are the domain controllers that control the inter-site replication process for thesite.

¶ Retrieves the value of its performance counters related to inter-site replication activity.

Inter-site replication traffic is compressed. It is measured by monitoring the inbound(replicated in) and outbound (replicated out) compressed bytes.

¶ An indication can be sent if the amount of inbound bytes per second or outbound bytesper second exceeds the thresholds.

PrerequisitesThis resource model accesses remote resources of one or more remote domain controllersthat are acting as bridgehead server.

If you have not distributed this resource model to one or more domain controllers that areacting as bridgehead servers, you must run the wlcftap command on all the Tivoli endpointson which the resource model has been distributed. The wlcftap command sets the propertiesof the TivoliAP.dll (TAP). The TAP enables Tivoli to access remote file systems in thecontext of a user.

wlcftap -r domain-name\user-namewhere:

user-nameIdentifies a user member of the Domain Admins group.

54 Version 3.7

Indications and EventsThe following table lists the events that can be generated by the inter-site replication trafficresource model, the name of the indication from which each event is generated, the severityof the event, and where you can find a detailed description of the indication:


TMW_HighCompInbBytes High inter-site inbound replicationtraffic

Warning 55

TMW_HighCompOutbBytes High inter-site outbound replicationtraffic

Warning 56

High Inter-site Inbound Replication TrafficThis indication is sent when the number of inbound bytes per second exceeds the threshold.It indicates a high rate of inter-site inbound replication traffic.


bridgeHeadserverIdentifies the name of the bridgehead server that is receiving a high rate ofinter-site replication traffic

inbBytesCompPerSecIdentifies the number of compressed inbound bytes of replication traffic persecond


Setting Default


Occurrences 2

Holes 0


9.In

ter-siteR

eplicatio

nTraffic

High Inter-site Outbound Replication TrafficThis indication is sent when the number of outbound bytes per second exceeds the threshold.It indicates a high rate of inter-site outbound replication traffic.


bridgeHeadserverIdentifies the name of the bridgehead server that is sending a high rate ofinter-site replication traffic

outbBytesCompPerSecIdentifies the number of compressed outbound bytes of replication traffic persecond


Setting Default


Occurrences 2

Holes 0

ThresholdsThe following table lists the thresholds that can be set for the inter-site replication trafficresource model. For each threshold it shows the name, a short description, and the defaultvalue:


Outbound bytes per second Number of bytes per second of outbound replication data to othersites.

100

Inbound bytes per second Number of bytes per second of inbound replication data from othersites.

100

Note: Inter-site replication data uses compression. These thresholds apply to the number ofbytes replicated in or out before compression.

56 Version 3.7



DRA Outbound replication databridgeHeadServer

Name of the bridgehead server sending outboundreplication data

comprBytes(beforeCompr)PerSecNumber of bytes of outbound replication databefore compression per second

comprBytes(afterCompr)PerSecNumber of bytes of outbound replication data aftercompression per second

Inbound replication databridgeHeadServer

Name of the bridgehead server receiving inboundreplication data

comprBytes(beforeCompr)PerSecNumber of bytes of inbound replication data beforecompression per second

comprBytes(afterCompr)PerSecNumber of bytes of inbound replication data aftercompression per second


9.In

ter-siteR

eplicatio

nTraffic

58 Version 3.7

File Replication Service PerformanceResource Model

This section describes the File Replication Service performance resource model.




Thresholds YES

Parameters NO

Built-in actions NO

Clearing events YES


10


10.F

ileR

eplicatio

nS

erviceP

erform

ance

Overview


This resource model measures the performance of the File Replication Service (FRS).Windows 2000 domain controllers and servers use FRS to replicate system policies andlogin scripts for Windows 2000 and down-level clients.

Indications and EventsThe following table lists the events that can be generated by the File Replication Serviceresource model, the name of the indication from which each event is generated, the severityof the event, and where you can find a detailed description of the indication:


TMW_HighPerc_ChgOrdEvaporated High percentage of change ordersevaporated

Warning 61

TMW_HighPerc_PackSentErr High percentage of packets sentin error

Warning 61

TMW_HighPerc_DSBindErr High percentage of DirectoryService bindings in error

Warning 61

TMW_HighPerc_ChgOrdRetired High percentage of change ordersretired

Warning 62

TMW_HighPerc_ChgOrdMorphed High percentage of change ordersmorphed

Warning 62

TMW_High_KBStagSpUse High value of staging space inuse (KB)

Warning 62

TMW_HighPerc_FilesInstdErr High percentage of files installedwith error

Warning 63

TMW_High_PacksRecvd Persistent high number of packetsreceived

Warning 63

TMW_High_NumFilesInst Number of files installedpersistently high

Warning 63

TMW_HighPerc_PackRecvdErr High percentage of packetsreceived in error

Warning 64

TMW_High_USNRecAcceptd High Usn records accepted Warning 64

TMW_HighPerc_ChgOrdAborted High percentage of change ordersaborted

Warning 64

TMW_Low_KBStagSpFree Low value of staging space free(KB)

Warning 65

TMW_High_NumChgOrdSent Persistent high number of changeorders sent

Warning 65

60 Version 3.7

High Percentage of Change Orders EvaporatedThis indication is sent when the percentage of change orders that have evaporated is highcompared to the total number of change orders received from inbound partners. Evaporatedchange orders refer to the number of local file updates that were never processed becausethe file was deleted before the updates could be processed.


percChgEvaporatedIdentifies the percentage of change orders that have evaporated


Setting Default


Occurrences 1

Holes 0

High Percentage of Packets Sent in ErrorThis indication is sent when the percentage of packets sent in error is high compared to thetotal number of packets sent.


percPackSentErrIdentifies the percentage of packets sent in error


Setting Default


Occurrences 1

Holes 0

High Percentage of Directory Service Bindings in ErrorThis indication is sent if the percentage of Directory Service (DS) bindings in error is highcompared to the total number of DS bindings.


percDSBindErrIdentifies the percentage of DS bindings in error


Setting Default


Occurrences 1

Holes 0


10.F

ileR

eplicatio

nS

erviceP

erform

ance

High Percentage of Change Orders RetiredThis indication is sent if the percentage of change orders that have been retired is highcompared to the total number of change orders received from inbound partners.


percChgOrdRetiredIdentifies the percentage of change orders that have been retired


Setting Default


Occurrences 1

Holes 0

High Percentage of Change Orders MorphedThis indication is sent if the percentage of change orders morphed is high compared to thetotal number of change orders received from inbound partners. Morphed change orders arefile updates that have encountered a name space collision on the replica set member.

This counter indicates network problems with DNS, a duplicate computer name and errors ofthat nature.


percChgOrdMorphedIdentifies the percentage of change orders morphed


Setting Default


Occurrences 1

Holes 0

High Value of Staging Space in Use (KB)This indication is sent when almost all available space in the staging directory is currently inuse. If the staging directory runs out of space, replication stops.


StagingSpaceInUseIdentifies the amount of staging space in use in kilobytes


Setting Default


Occurrences 1

Holes 0

62 Version 3.7

High Percentage of Files Installed with ErrorThis indication is sent if the percentage of files installed with error is high compared to thetotal number of files installed.


percFilesInstdErrIdentifies the percentage of files installed with error


Setting Default


Occurrences 1

Holes 0

Persistent High Number of Packets ReceivedThis indication is sent when the number of packets received has been different from zero fora while. This number should be zero in an idle state, unless a computer is having problemsjoining other computers in the replica set.


numPackRecvdIdentifies the number of packets received


Setting Default


Occurrences 5

Holes 0

Number of Files Installed Persistently HighThis indication is sent if the number of files installed locally has been greater than zero for awhile. In an idle state this number should be zero.


numFilesInstdIdentifies the number of files installed locally


Setting Default


Occurrences 5

Holes 0


10.F

ileR

eplicatio

nS

erviceP

erform

ance

High Percentage of Packets Received in ErrorThis indication is sent when the percentage of packets received in error is high compared tothe total number of packets received.


percPackRecvdErrIdentifies the percentage of packets received in error


Setting Default


Occurrences 1

Holes 0

High Usn Records AcceptedThis indication is sent if the Usn Records Accepted counter of the FileReplicaSetperformance object is high. A high value indicates possible heavy replication traffic and canresult in replication latency.


UsnRecAccptdIdentifies the value of the Usn Records Accepted counter


Setting Default


Occurrences 5

Holes 0

High Percentage of Change Orders AbortedThis indication is sent when the percentage of aborted change orders is high in comparisonto the total number of change orders received from inbound partners. Change orders abortedrefer to the number of file updates that were aborted on the replicaset member. A high valueof this counter can indicate a replication problem.


percChgOrdAbortedIdentifies the percentage of aborted change orders


Setting Default


Occurrences 1

Holes 0

64 Version 3.7

Low Value of Staging Space Free (KB)This indication is sent when the amount of free space in the staging directory used by FRSto temporarily store files before they are replicated is below the default value in idle state.The default staging space in the idle state is 660 MB.


StagingSpaceFreeIdentifies the amount of free space in KB


Setting Default


Occurrences 1

Holes 0

Persistent High Number of Change Orders SentThis indication is sent if the number of change orders sent to outbound replication partnershas been greater than zero for a while. A high value could indicate heavy replication traffic.In the idle state, when no replication is taking place, this number should be zero.


NumChgOrdSentIdentifies the number of change orders sent to outbound replication partners


Setting Default


Occurrences 5

Holes 0


10.F

ileR

eplicatio

nS

erviceP

erform

ance

ThresholdsThe following table lists the thresholds that can be set for the File Replication Serviceresource model. For each threshold it shows the name, a short description, and the defaultvalue:


KB of staging space Free (KB) This threshold measures the amount of free space in the stagingdirectory used by FRS to temporarily store files before they arereplicated. The default staging space is 660 MB.

660000

Percentage of change ordersmorphed

This threshold measures the percentage of change orders morphedcompared to the total number of change orders received frominbound partners. It should be below 30 percent.

30

Percentage of files installedwith error

This threshold measures the percentage of files installed with errorcompared to the total number of files installed. It should be below30 percent.

30

USN record accepted threshold This threshold measures the number of USN records accepted. Ahigh value of this counter indicates heavy replication traffic.

40

KB of staging space in use(KB)

This threshold measures the amount of space in the stagingdirectory currently in use. If the staging directory runs out ofspace, replication stops.

600000

Percentage of packets receivedwith errors

This threshold measures the percentage of packets received witherrors compared to the total number of packets received. It shouldbe below 30 percent.

30

Percentage of change ordersevaporated

This threshold measures the percentage of change ordersevaporated compared to the total number of change ordersreceived from inbound partners. It should be below 30 percent.

30

Percentage of change ordersretired

This threshold measures the percentage of change orders retiredcompared to the total number of change orders received frominbound partners. It should be below 30 percent.

30

Percentage of change ordersaborted

This threshold measures the percentage of change orders abortedcompared to the total number of change orders received frominbound partners. It should be below 30 percent.

30

Percentage of packets sent witherrors

This threshold measures the percentage of packets sent with errorscompared to the total number of packets sent. It should be below30 percent.

30

Percentage of DS bindings witherrors

This threshold measures the percentage of DS bindings with errorscompared to the total number of DS bindings. It should be below30 percent.

30


66 Version 3.7


FRS FRS Replicationserver Identifies the name of server

USNRecAccptdIdentifies the number of USN records accepted

DSBindingsIdentifies the total number of DS bindings

DSBindingsErrIdentifies the percentage of DS bindings with errors

Staging Spaceserver Identifies the name of server

StagingSpaceFree(KB)Identifies the amount of space in KB in the staging directorycurrently free

StagingSpaceUse(KB)Identifies the amount of space in KB in the staging directorycurrently in use

File Updatesserver Identifies the name of server

ChgOrdRecvdIdentifies the number of change orders received

ChgOrdAbortdIdentifies the number of change orders aborted

ChgOrdEvaptdIdentifies the number of change orders evaporated

ChgOrdMorphdIdentifies the number of change orders morphed

ChgOrdRetiredIdentifies the number of change orders retired

FilesInstdIdentifies the number of files installed

FilesInstdErrIdentifies the number of files installed with errors

FRS File ReplicaSet Dataserver Identifies the name of server

PacktRecvdIdentifies the number of packets received

PackRecvdErrIdentifies the number of packets received with errors

PackSentIdentifies the number of packets sent

PackSentErrIdentifies the number of packets sent with errors


10.F

ileR

eplicatio

nS

erviceP

erform

ance

68 Version 3.7

Windows 2000 DNS Server PerformanceResource Model

This section describes the Windows 2000 DNS server performance resource model.



Category DNS

Thresholds YES

Parameters NO


Clearing events YES


Note: It is recommended that the cycle time is not set above 20 seconds. Some of thecounters vary quickly, and must therefore be retrieved quickly to obtain usefulstatistical data.

11


11.D

NS

Server

Perfo

rman

ce

Overview

Resource model distributionThis resource model must be distributed only to primary DNS servers that runWindows 2000 DNS.

Even if DNS is integrated with Active Directory, a primary DNS server must benominated.

This resource model monitors the activity and performance of the Windows 2000 DNSserver in general and of the DNS service in particular. It monitors the following:

¶ Zone transfer failures

¶ Dynamic update failures

¶ DNS response time

¶ General problems with DNS

The resource model also provides a built-in action for the automatic recovery of the DNSservice.

Indications and EventsThe following table lists the events that can be generated by the Windows 2000 DNS serverperformance resource model, the name of the indication from which each event is generated,the severity of the event, and where you can find a detailed description of the indication:


TMW_DNS_Server_Service_Stopped The DNS Server service isstopped

Critical 70

TMW_TotDynUpdfailures Dynamic updates failures Warning 71

TMW_High_DNSResponse_time High DNS response time Critical 71

TMW_ZoneTrasferPercFailures Percentage of zone transferfailures

Critical 72

TMW_DNS_Server_Service_Failing The DNS Server service is failing Critical 72

The DNS Server Service Is StoppedThis indication is sent when the DNS server that is running on this endpoint has stopped.The indication contains a built-in action that restarts the DNS server service if it is in astopped state.


serviceName Identifies the name of the service

serviceStatus Identifies the current status of the DNS server service

70 Version 3.7


Setting Default


Occurrences 1

Holes 0

Restart service? YES

Dynamic Update FailuresThis indication is sent when the number of total dynamic updates failures, due to rejectionand timeouts, is high.

The indication has the following attributes:

PercTotDynUpdtFailIdentifies the percentage of dynamic update failures

PercRej Identifies the percentage of dynamic updates that have been rejected

PercTimeOutsIdentifies the percentage of dynamic updates that have timed out


Setting Default


Occurrences 2

Holes 0

High DNS Response TimeThis indication is sent if the DNS response time exceeds the specified threshold. The timerequired by DNS to resolve incoming queries should not be too high. If DNS takes a longtime to resolve queries, this could adversely affect the general performance of ActiveDirectory.

The indication has the following attributes:

ResponseTimeIdentifies the response time

NumQueryProcessedIdentifies the number of queries that have been processed


11.D

NS

Server

Perfo

rman

ce


Setting Default


Occurrences 3

Holes 3

Note: It is recommended that the number of holes is always a multiple of 3. This is becausesome of the counters that are used to calculate the response time vary only every 3cycle times.

Percentage of Zone Transfer FailuresThis indication is sent when the percentage of zone transfer failures is high.


TransfFailuresPercIdentifies the percentage of zone transfer failures


Setting Default


Occurrences 1

Holes 0

The DNS Server Service Is FailingThis indication is sent when the DNS server service does not have a status of OK.


serviceName Identifies the name of the DNS server service that is failing




Setting Default


Occurrences 1

Holes 0

72 Version 3.7

ThresholdsThe following table lists the thresholds that can be set for the Windows 2000 DNS serverperformance resource model. For each threshold it shows the name, a short description, andthe default value:


Total dynamic update failures This thresholds measures the percentage of total dynamic updatefailures, due to timeouts and rejection.

30

DNS response time in seconds This threshold measures the time taken by DNS to resolveincoming queries.

3

Percentage of zone transferfailures

This threshold measures the percentage of zone transfer failurescompared to the total number of zone transfers.

30



DNS Response timeDNSServer

Identifies the name of the DNS server

ResponseTime(sec)Identifies the response time per second of the DNSserver

Server trafficDNSServer

Identifies the name of the DNS server

DynamicUpdtRecvdIdentifies the total number of dynamic updatesreceived

DynamicUpdtRejectIdentifies the total number of dynamic updates thathave been rejected

DynamicUpdtTimeOutsIdentifies the total number of dynamic updates thathave timed out

ZoneTransfRecvdIdentifies the total number of zone transferrequests received

ZoneTransfFailIdentifies the total number of zone transfer failures

TotQueryRecvdIdentifies the total number of requests received

TotRespSentIdentifies the total number of responses sent


11.D

NS

Server

Perfo

rman

ce

74 Version 3.7

Active Directory Integrated DNS ResourceModel

This section describes the Active Directory integrated DNS resource model.



Category DNS

Thresholds NO

Parameters NO

Built-in actions NO

Clearing events YES


12


12.A

ctiveD

irectory

Integ

ratedD

NS

Overview

Resource model distributionIf you are using Active Directory-integrated DNS, distribute this resource model to onedomain controller in the same domain where the DNS server is located.

If there is more than one DNS server servicing your forest, distribute this resourcemodel to one domain controller for each domain where a DNS server is located.

When Windows 2000 DNS server runs on a domain controller, that domain controller storesa copy of the corresponding DNS zone. Windows 2000 domain controllers can register oneor more DNS records in the Active Directory. These entries are Service Location Records(SRV) that are used to identify services that are available on a host.

SRVs enable a client to find the following:

¶ A Windows 2000 domain controller in the domain

¶ The primary domain controller (PDC) emulator

¶ The global catalog server

This resource model monitors the server under investigation and sends an alert if any SRV isinaccurate or missing.

Indications and EventsThe following table lists the events that can be generated by the DNS server performanceresource model, the name of the indication from which each event is generated, the severityof the event, and where you can find a detailed description of the indication:


TMW_Missing_GC_SRV_Records Missing global catalog SRVrecord

Warning 77

TMW_Missing_DNSNode_Record Missing dnsNode record Critical 77

TMW_Bad_DC_SRV_Records Bad record data for domaincontroller

Warning 78

TMW_Missing_PDC_SRV_Record Missing PDC SRV record Warning 78

TMW_Bad_GC_SRV_Records Bad record data for GlobalCatalog

Warning 79

TMW_Missing_DC_SRV_Record Missing domain controller SRVrecord

Warning 79

TMW_Bad_PDC_SRV_Records Bad record data for PrimaryDomain Controller emulator

Warning 80

76 Version 3.7

Missing Global Catalog SRV RecordThis indication is sent when one of the global catalog SRV records is missing from the copyof the zone stored on the specified server.


server Identifies the server under investigation

rootZoneCopyIdentifies the copy of the zone

MissingGC Identifies the global catalog whose SRV record is missing from the copy ofthe zone



Setting Default


Occurrences 1

Holes 0

Missing dnsNode RecordThis indication is sent if one of the following is missing from the copy of the zone that isstored on the specified server:

¶ A DNS node record for a global catalog

¶ A primary domain controller emulator or domain controller for a particular domain



zoneCopy Identifies the copy of the zone

dnsNodeRecTypeIdentifies the type of DNS node record that is missing

domain Identifies the domain whose DNS node record is missing from the copy


Setting Default


Occurrences 1

Holes 0


12.A

ctiveD

irectory

Integ

ratedD

NS

Bad Record Data for Domain ControllerThis indication is sent when the copy of the zone stored on the specified server contains anSRV record for a domain controller that does not correspond to any of the known domaincontrollers that serve the domain covered by this zone.




correctDC Identifies the name of the correct domain controller for this domain

domain Identifies the domain


Setting Default


Occurrences 1

Holes 0

Missing PDC SRV RecordThis indication is sent when the PDC SRV record for the specified domain is missing fromthe copy of the zone stored in the specified server.

The names of the missing PDC and the domain can both be retrieved from the eventmessage.


server Identifies the server


MissingPDC Identifies the name of the primary domain controller whose SRV record ismissing



Setting Default


Occurrences 1

Holes 0

78 Version 3.7

Bad Record Data for Global CatalogThis indication is sent if the copy of the zone stored on the specified server contains an SRVrecord for a global catalog that does not correspond with any of the known global catalogsthat serve the forest.



rootZoneCopyIdentifies the copy of the zone

correctGC Identifies the name of the correct global catalog for this domain



Setting Default


Occurrences 1

Holes 0

Missing Domain Controller SRV RecordThis indication is sent when one of the domain controller SRV records is missing from thecopy of the zone stored on the specified server. The names of the missing domain controllerand the domain can both be retrieved from the event message.




MissingDC Identifies the name of the missing primary domain controller for this domain



Setting Default


Occurrences 1

Holes 0


12.A

ctiveD

irectory

Integ

ratedD

NS

Bad Record Data for Primary Domain Controller EmulatorThis indication is sent when the copy of the zone stored on the specified server contains anSRV record for a primary domain controller that does not correspond with the knownprimary domain controller that serves a specified domain.




correctPDC Identifies the correct primary domain controller for this domain



Setting Default


Occurrences 1

Holes 0

80 Version 3.7



SRV records DC recordsServerMonitored

Identifies the name of the server that isbeing monitored

DomainName Identifies the name of the domain towhich the server belongs

NumMissingRecsIdentifies the number of missing domaincontroller records

NumBadRecs Identifies the number of incorrect domaincontroller records

PDC recordsServerMonitored


DomainName Identifies the name of the domain towhich the server belongs

NumMissingRecsIdentifies the number of missing primarydomain controller records

NumBadRecs Identifies the number of incorrectprimary domain controller records

SRV records GC recordsServerMonitored


RootZoneCopy Identifies the copy of the zone

NumMissingRecsIdentifies the number of missing globalcatalog records

NumBadRecs Identifies the number of incorrect globalcatalog records


12.A

ctiveD

irectory

Integ

ratedD

NS

82 Version 3.7

Windows 2000 DHCP Server PerformanceResource Model

This section describes the Windows 2000 DHCP server performance resource model.



Category DHCP

Thresholds YES

Parameters NO


Clearing events YES


13


13.D

HC

PP

erform

ance

Overview

Resource model distributionThis resource model should be distributed to the DHCP server, but only if it is runningWindows 2000 DHCP.

This resource model monitors the performance and general functioning of the DHCP server.It checks if lease times are too short, if the traffic on the DHCP is too heavy and other keyissues that ensure that the DHCP is in health.

The resource model also provides a built-in action for the automatic recovery of theDHCPServer service.

Indications and EventsThe following table lists the events that can be generated by the Windows 2000 DHCPServer performance resource model, the name of the indication from which each event isgenerated, the severity of the event, and where you can find a detailed description of theindication:


TMW_DHCPHighDecRate High rate of declines Warning 85

TMW_DHCPConflictQL High value of conflict checkqueue length

Warning 85

TMW_DHCPHighDupDropsRate DHCP slow Warning 85

TMW_DHCP_Server_Service_Failing DHCP Server service is failing Critical 86

TMW_DHCPHigh_NacksRate High rate of negativeacknowledgements

Warning 86

TMW_DHCPHighPacksExpiredRate High increase of packets expiredper second

Warning 86

TMW_DHCPCounters_SuddenInc DHCP scope lease times suddenlyshort

Warning 87

TMW_DHCPCounters_AbnormalInc Sudden decrease in DHCP scopelease times

Warning 87

TMW_DHCP_Server_Service_Stopped The DHCP server service hasstopped

Critical 87

TMW_DHCP_High_ActiveQL High value of active queue length Warning 88

84 Version 3.7

High Rate of DeclinesThis indication is sent if the rate at which the DHCP server receives declines is high. Thisoccurs when there are address conflicts between many clients. It can indicate possiblenetwork problems.


declinePerSec Identifies the number of declines per second that have been received by theDHCP server


Setting Default


Occurrences 3

Holes 0

High Value of Conflict Check Queue LengthThis indication is sent when the conflict check queue length is high. It may indicate thatConflict Detection attempts have been set too high, or that there is heavy traffic on theDHCP server.


conflictQueueLenIdentifies the number of packets in the conflict queue of the DHCP server


Setting Default


Occurrences 2

Holes 0

DHCP SlowThis indication is sent if the rate at which the DHCP server receives duplicate packets ishigh. This may indicate that DHCP is not responding very fast or that clients are timing outtoo fast.


dupsDroppedPerSecIdentifies the number of duplicate packets dropped by the DHCP server persecond


Setting Default


Occurrences 3


13.D

HC

PP

erform

ance

Setting Default

Holes 0

DHCP Server Service Is FailingThis indication is sent when the DHCP server service is in a status different from OK.


serviceName Identifies name of the DHCP server service

serviceStatus Identifies the current status of the DHCP server service

serviceState Identifies the current state of the DHCP server service


Setting Default


Occurrences 1

Holes 0

High Rate of Negative AcknowledgementsThis indication is sent if the rate at which the DHCP server sends negativeacknowledgements is high. A high value can indicate possible network problems.


nacksPerSec Identifies the number of negative acknowledgements sent by the DHCPserver per second


Setting Default


Occurrences 3

Holes 0

High Increase of Packets Expired Per SecondThis indication is sent if the number of packets expired per second is high. A high valueindicates that the server is taking too long to process packets or that the traffic on thenetwork is too high for the DHCP to handle. This can suggest a disk or memory bottleneck.


packsexpiredPerSecIdentifies the number of packets expired per second


Setting Default


86 Version 3.7

Setting Default

Occurrences 3

Holes 0

Short DHCP Scope Lease TimesThis indication is sent when the rate of acknowledgements or the rate of requests increasesabnormally over a period of time. If these numbers increase abnormally over time, this couldbe because the length of DHCP lease times has been set too short.

The indication has the following attributes, the key attribute is shown like this, in bold:

counter Identifies the name of the counter whose rate has suddenly increased

percIncrease Identifies the percentage by which the counter has increased over time


Setting Default


Occurrences 5

Holes 0

Sudden Decrease in DHCP Scope Lease TimesThis indication is sent when the rate of acknowledgements or the rate of requests increasesabnormally. If these numbers increase suddenly, this could be because the length of scopelease times has been set too short.


counter Identifies the name of the counter whose rate has suddenly increased

percIncrease Identifies the percentage by which the counter has suddenly increased


Setting Default


Occurrences 1

Holes 0

The DHCP Server Service Has StoppedThis indication is sent when the DHCP server that is running on this endpoint is stopped.The indication also contains a built-in action that restarts the service if it is in a stoppedstate.


serviceName Identifies name of the DHCP server service

serviceStatus Identifies the current status of the DHCP server service



13.D

HC

PP

erform

ance

Setting Default


Occurrences 1

Holes 0


High Value of Active Queue LengthThis indication is sent when the active queue length is high. This could be because of heavytraffic on the DHCP server.


activeQueueLenIdentifies the number of packets in the processing queue


Setting Default


Occurrences 2

Holes 0

88 Version 3.7

ThresholdsThe following table lists the thresholds that can be set for the Windows 2000 DHCP Serverperformance resource model. For each threshold it shows the name, a short description, andthe default value:


Percentage increase of requestsper second

This threshold measures the percentage increase of the number ofrequests received by this DHCP server. This value should notincrease very much over time. If it does, then the length of thelease times could be set too short.

5

Negative acknowledgements persecond

This threshold measures the rate at which the DHCP server sendsnegative acknowledgements. A very high value could indicatenetwork problems.

100

Declines per second This threshold measures the rate at which declines have beenreceived by the DHCP server. A high value could indicate networkproblems.

100

Packets expired per second This threshold measures the rate at which the packets receivedexpire. A high value indicates that the server is taking too long toprocess packets, or that the traffic on the network is too high forthe DHCP to handle. This could indicate a disk or memorybottleneck.

100

Sudden percentage increase ofcounter values

This threshold measures the sudden percentage increase in thenumber of requests per second and number of acknowledgementsper second received by the DHCP server. If the values of thosetwo counters increase suddenly, this could be due to lease timesbeing set too short. If the percentage increase of those twocounters is above the threshold provided, an indication of suddenshort lease times is sent.

When this threshold is exceeded, an indication of short lease timeis sent. You may need to adjust this threshold to your ownenvironment.

25

Duplicates dropped per second This threshold measures the rate at which the DHCP serverreceives duplicate packets. A high value indicates that clients aretiming out too fast or that the DHCP server is not responding fastenough.

100

Active queue length This threshold measures the number of packets in the processingqueue of the DHCP server. A large value may indicate heavyserver traffic.

100

Conflict Check queue length This threshold measures the number of packets waiting in theDHCP server queue due to conflict detection. A high value mayindicate that the Conflict detection attempts property has been settoo high, or that there is heavy lease traffic on the server.

100

Percentage increase ofacknowledgements per second

This threshold measures the percentage increase of the rate atwhich acknowledgements have been sent by the DHCP server.This value should not increase too much over the time. If thishappens, it may indicate that lease times are too short.

5


13.D

HC

PP

erform

ance



DHCP Server trafficDHCPServer Identifies the name of the DHCP server

DeclinesPerSec Identifies the number of declines persecond

DupsDroppedPersecIdentifies the number of duplicatepackets dropped per second

NegativeAcksPerSecIdentifies the number of negativeacknowledgements sent per second

PacksExpiredPerSecIdentifies the number of packets expiredper second

AcksPerSec Identifies the number ofacknowledgements that have been sentby the DHCP server per second

RequestsPerSecIdentifies the number of requests thathave been received by the DHCP serverper second

Message queuesDHCPServer Identifies the name of the DHCP server

ConflictChkQueueLenIdentifies the number of packets waitingin the DHCP server queue due to conflictdetection

ActiveQueueLenIdentifies the length of the active queue

90 Version 3.7

Troubleshooting

This section provides information about possible errors that are the result of incorrectlyconfigured resource models, missed prerequisites, or an incorrectly configured ActiveDirectory environment.

Error HandlingA resource model cannot function properly or at all, if it is distributed to an endpoint that ismissing a prerequisite, or that is running a Windows platform that is not supported. When aresource model is distributed to such an endpoint, an error will be displayed in the ResourceModel Status field of the Health Console. Each error is identified by a number. Dependingon the severity of the error, the resource model running on the endpoint will either stoprunning, or attempt an automatic recovery.

The following table shows the resource model status displayed on the Health Console, andthe behavior of the resource model on the endpoint:

Resource model status on Health Console Resource model behavior on endpoint

Error Stopped

Missed Prereq Stopped

Not Compiled Stopped

Failed (ErrorNumber) Stopped

Failing (ErrorNumber) Recovery is attempted every time this resourcemodel is polled

Retrying (ErrorNumber) Recovery is attempted for a fixed number of timesbefore the resource model status changes to Failed,or the problem is solved

Unable to start (ErrorNumber) Stopped

For more detailed information about an error, check the Tmw2k.log on the endpoint wherethe resource model has reported the error.

The log is located in the following directory:

<Tivoli-resource models-dir>\lcf\dat\1\LCF\Tmw2kwhere:

<Tivoli-resource models-dir>Identifies the directory where resource models for Distributed Monitoring for ActiveDirectory are located

A


A.

Trou

blesh

oo

ting

Error NumbersThe following sections describe the error numbers that can be shown on the Health Consolein case of resource model errors. The errors are listed by number, and for each error number,the following information is provided:

¶ A description that includes the possible cause of the error

¶ One or more user responses for resolving the cause of the error

Error Number 1

Explanation: The operating system on which the resource model is running is not a Windows 2000 system.

User Response: Check that the endpoint on which the resource model is running is a Windows 2000 Server, orAdvanced Server.

The error message in the Tmw2k.log file on the endpoint includes the Windows version level.

Error Number 2

Explanation: Binding to rootDSE object failed.

User Response: Check that the endpoint on which the resource model is running is a Windows 2000 Server, orAdvanced Server where Active Directory is running.

Error Number 3

Explanation: Error loading IADsTools DLL. Distributed Monitoring for Active Directory resource models usethe IADsTools COM object that is provided in the Windows 2000 Support Tools Component.

User Response: Check that the Windows 2000 Support Tools Component is installed on the domain controllerto which the resource model has been distributed.

Error Number 4

Explanation: Performance counters cannot be loaded.

The cause of the problem might be one of the following:

¶ The performance object is not defined on the machine where the resource model is running.

¶ If the resource model accesses remote resources, it does not have enough authority to access performancecounters of a remote machine.

User Response:

¶ If the resource model is the Domain Controller performance resource model, check that you have installedthe Database Performance Object correctly.

¶ If the application log of the Event Viewer contains a warning message with Event ID 2003, refer toMicrosoft article Q267831, which describes a workaround for this problem.

Note: This problem is solved by Windows 2000 Service Pack 2.

¶ If the resource model is the Inter-site Replication traffic resource model and you have distributed it to adomain controller endpoint that is not a bridgehead server, you must run the wlcftap command to enableTivoli to access the remote resources.

For information about running the wlcftap command, see “Prerequisites” on page 48.

92 Version 3.7

Error Number 5

Explanation: The call DsGetSiteName, for retrieving the site name of the domain controller, failed. Thisproblem is mainly caused by a bad Domain Name System (DNS) naming resolution of the domain controllerwhere the resource model is running.

User Response: Check that the DNS server configuration is correct.

Error Number 6

Explanation: The call InitPerformanceData, for loading the performance counters, failed.

User Response: Try to restart the resource model on the endpoint by stopping and re-starting the DistributedMonitoring for Windows engine.

Error Number 7

Explanation: The call PerfCounterValue, for retrieving the value of a certain performance counter, failed.

User Response: Try to restart the resource model on the endpoint by stopping and re-starting the DistributedMonitoring for Windows engine.

Error Number 8

Explanation: The call GetDefaultNamingContext, for retrieving the default naming context of the domaincontroller where the resource model is running, failed. This problem can be caused by an incorrect configurationof the domain controller where the resource model is running, and indicate possible problems with the ActiveDirectory setup. It could also be caused by problems with the DNS naming resolution.

User Response:

¶ Check that the DNS server configuration is correct.

¶ Check the configuration of Active Directory on the domain controller where the resource model is running.

¶ Check if the Directory Service log has logged any errors on the event viewer.

Error Number 9

Explanation: The call GetNamingContext, for retrieving the naming context of the domain controller on whichthe resource model is running, failed. This problem can be caused by an incorrect configuration of the domaincontroller where the resource model is running, and indicate possible problems with the Active Directory setup. Itcould also be caused by problems with the DNS naming resolution.

User Response:




Error Number 10

Explanation: The call GetPartialNamingContext, for retrieving the default naming context of the domaincontroller on which the resource model is running, failed. This problem can be caused by an incorrectconfiguration of the domain controller where the resource model is running, and indicate possible problems withthe Active Directory setup. It could also be caused by problems with the DNS naming resolution.

User Response:





A.

Trou

blesh

oo

ting

Error Number 11

Explanation: This error is issued by the Domain Controller availability resource model because of problemswith the DNS naming resolution.

User Response:

¶ Check that the DNS is properly configured.

¶ Check that nslookup can correctly resolve names when run on the domain controller where the resourcemodel is running.

Error Number 12

Explanation: The call GetSiteLinks, for retrieving the number of site links in the site where the domaincontroller is placed, failed. This problem can be caused by an incorrect configuration of the domain controllerwhere the resource model is running, and indicate possible problems with the Active Directory setup. It couldalso be caused by problems with the DNS naming resolution.

User Response:




Error Number 13

Explanation: The call GetBridgeHeadsInSite, for retrieving the number of bridgehead servers in the sitewhere the domain controller is placed, failed. This problem can be caused by an incorrect configuration of thedomain controller where the resource model is running, and indicate possible problems with the Active Directorysetup. It could also be caused by problems with the DNS naming resolution.

User Response:




Error Number 14

Explanation: The call GetSiteLinks, for retrieving the number of site links in the site where the domaincontroller is placed, returned zero. This means that there are no domain controllers acting as bridgehead serversin that site.

User Response: Check that at least one bridgehead server has been defined for the site where the resourcemodel is running, and that this server is up and running.

Error Number 15

Explanation: This error might be issued by the Inter-site replication resource model if there is no authorizationto read the requested replication state.

User Response: If the resource model is the Inter-site replication resource model and you have distributed theresource model to a domain controller endpoint which is not a bridgehead server, you must run the wlcftapcommand to enable Tivoli to access the remote resources.

For information about running the wlcftap command, see “Prerequisites” on page 48.

Alternatively, you can distribute this resource model to any domain controller acting as bridgehead server in yourdomain.

94 Version 3.7

Error Number 16

Explanation: The call GetDirectPartnersEx, for retrieving the number of replication partners of the server,failed. This problem can be caused by an incorrect configuration of the domain controller where the resourcemodel is running, and indicate possible problems with the Active Directory setup. It could also be caused byproblems with the DNS naming resolution.

User Response:




Error Number 17

Explanation: This error might be issued by the DNS Active Directory integrated resource model if a binding tothe Global Catalog object and a binding to the Configuration Container return a different number of domains inthe forest. This problem can be caused by an incorrect configuration of the domain controller where the resourcemodel is running, and indicate possible problems with the Active Directory setup. It could also be caused byproblems with the DNS naming resolution.

User Response:




Error Number 18

Explanation: This error might be issued by the Inter-site replication resource model if the domain controllerdesignated to act as bridgehead server, does not have any replication partner in other sites. This problem can becaused by an incorrect configuration of the domain controller where the resource model is running, and indicatepossible problems with the Active Directory setup. It could also be caused by problems with the DNS namingresolution.

User Response:




Error Number 19

Explanation: This error might be issued by the DNS Active Directory integrated resource model if the domaincontroller to which you have distributed the resource model, does not store a copy the DNS zones in its ActiveDirectory.

This problem can occur because you distributed the resource model to the wrong domain controller. If thedomain controller is the correct one, then this can be caused by an incorrect configuration of the DNS integratedwith Active Directory.

User Response:

¶ Check that you have distributed the resource model to the correct domain controller.

¶ Check the configuration of the DNS server and the Active Directory integrated zones.


A.

Trou

blesh

oo

ting

Error Number 20

Explanation: This error is issued if an Active Directory Service Interfaces (ADSI) query to the domaincontroller where the resource model is running failed. This can be due to problems in the Active Directoryconfiguration or in the DNS naming resolution.

User Response:



Error Number 21

Explanation: The call GetGCList, for retrieving the list of global catalogs defined in the forest, failed. Thisproblem can be due to different causes:

¶ Failure in binding the Directory Service of the Domain Controller where the Resource model is running.

¶ Service Advertisement Records for locating the Global Catalog are not registered on the DNS.

¶ Network problems.

User Response:


¶ Check that you can connect to the Directory Service of the domain controller on which the resource model isrunning.

Error Number 22

Explanation: The call GCName, for retrieving the name of a Global Catalog, failed.

This problem can occur because the Global Catalog has not been correctly registered, either in the DNS or in theDirectory Service copy stored on the domain controller.

User Response:

¶ Check the DNS configuration.

¶ Check if the Directory Service Log in the event viewer has logged any errors or warning events of thecategory Global Catalog.

Error Number 23

Explanation: The call GetSiteList, for retrieving the list of sites in the forest, failed.

This problem can occur because of a failure to bind the domain controller on which the resource model isrunning, or because of an incorrect DNS configuration.

User Response:


¶ Check that you can successfully connect to the Directory Service on this domain controller.

96 Version 3.7

Error Number 24

Explanation: The call SiteEntryName, to retrieve the name of sites enumerated by means of GetSiteList,failed.

This problem can occur because the data stored in the Directory Service copy is not correct, or because of anincorrect DNS configuration.

User Response:


¶ Check if the Directory Service log in the event viewer has logged any events from any of the following:

v NTDS Database

v NTDS General Source

v NTDS Replication

v NTDS KCC.

Error Number 25

Explanation: The call GetServersInSite, to retrieve the list of servers on a specific site, failed.


User Response:



Error Number 26

Explanation: The call ServerInSiteEntryName, to retrieve the name of the servers enumerated by means ofGetServersInSite, failed.

This problem can occur because the data stored in the Directory Service copy are not correct, or because of anincorrect DNS configuration.

User Response: Check the DNS configuration.

Error Number 27

Explanation: This error is issued by the Domain Controller availability resource model, because the callGetDSAConnections, to get the list of the replication partners of the domain controller where the resource modelis running, failed.

This problem can occur because of a failure to bind the domain controller on which the resource model isrunning, a failure to bind the configuration container, or because of an incorrect DNS configuration.

User Response:




A.

Trou

blesh

oo

ting

Error Number 28

Explanation: This error might be issued by the DNS Active Directory integrated resource model if the callGetPDCFSMO, to get the domain controller that owns the PDC emulator FSMO role for a domain, failed.


User Response:



Error Number 29

Explanation: This error might be issued by the DNS Active Directory integrated resource model if the call toDsGetDcList, to get the list of domain controller servicing a domain, failed.

This problem can occur because the domain controller where the resource model is running failed to bind thedomain controller from which it is trying to retrieve the information. This can be the result of bad DNS namingresolution, or because of configuration problems of the queried domain controller.

User Response:



¶ Check that you can successfully bind the queried domain controller.

¶ Check that you can successfully retrieve information from other domain controllers.

98 Version 3.7

Effective Use of the Parametric Event LogResource Model

This section provides suggestions for event logs and source types to monitor with theparametric event log resource model for each of the Active Directory resource categories:

¶ Active Directory domain controller

¶ Active Directory replication

¶ DNS

¶ DHCP

Active Directory Domain Controller CategoryTo supplement the information available from the Active Directory Domain Controllercategory of resource models, you should select the Directory Service log from the Windows2000 Logs parameter. All events coming from the following sources can be used to monitorspecific problems with the ESE database and Active Directory in general:

¶ NTDS ISAM

¶ NTDS Database

¶ NTDS General

Active Directory Replication CategoryTo supplement the information available from the Active Directory Replication category ofresource models, you should select the Directory Service log from the Windows 2000 Logsparameter. You can use event collected from the following sources to monitor problemscoming from the replica process, intra-site and inter-site ones and from the KnowledgeConsistency Checker:

¶ NTDS Replication,

¶ NTDS Inter-site Messaging

¶ NTDS KCC

Alternatively, to monitor specific events for the File Replication service, you can use the FileReplication Service log of the Windows 2000 Logs parameter.

B


B.

Param

etricE

vent

Lo

gR

esou

rceM

od

el

DNS CategoryTo supplement the information available from the DNS category of resource models, youshould distribute the parametric event log resource model to the server that runs Windows2000 DNS. Then you should enable the DNS Server log to monitor events from theWindows 2000 DNS server.

DHCP CategoryTo supplement the information available from the DHCP category of resource models, youshould monitor events coming from the source DHCP Server in the System log file. Inparticular, check if there are any events with ID 1014 logged from the DHCP server. Thisevent indicates a possible DHCP database corruption. If such an event has been logged, areconciliation of the DHCP database is recommended. Event with ID 1051 coming from thesame source can indicate that there are unauthorized DHCP servers running on one or moredomain controllers.

100 Version 3.7

Glossary

E

endpointIn a Tivoli environment, a Tivoli client that is the ultimate recipient for any type of Tivoli operation.

event(1) In the Tivoli environment, any significant change in the state of a system resource, network resource, ornetwork application. An event can be generated for a problem, for the resolution of a problem, or for thesuccessful completion of a task. Examples of events are: the normal starting and stopping of a process, theabnormal termination of a process, and the malfunctioning of a server. (2) In Tivoli Distributed Monitoring forActive Directory, an event is generated for a particular resource (or set of resources) when a specified number ofindications are received within a specified number of cycles, as defined by the aggregation rule for that event.See also indication.

G

gatewayIn a Tivoli environment, software running on a managed node that provides all communication services betweena group of endpoints and the rest of the Tivoli environment. This gateway includes the multiplexed distribution(MDist) function, enabling it to act as the fanout point for distributions to many endpoints.

H

Health ConsoleA component of Distributed Monitoring for Windows that displays real-time and historical data for any resourcemodel at any endpoint. Using the graphical user interface, users can locate individual problems associated withone or more resources. The status is displayed as a value between 0 (representing an identified problem, that is,an event) and 100 (representing no recent indications) See also event and indication.

I

indicationAn entity triggered by the occurrence of a problem in an endpoint relating to one or more resources. Indicationsare consolidated into events within the endpoint being monitored. See also event.

P

profileIn a Tivoli environment, a container for application-specific information about a particular type of resource. ATivoli application specifies the template for its profiles; the template includes information about the resources thatcan be managed by that Tivoli application. A profile is created in the context of a profile manager; the profilemanager links a profile to the Tivoli resource (for example, a managed node) that uses the information containedin the profile. A profile does not have any direct subscribers.

profile managerIn a Tivoli environment, a container for profiles that links the profiles to a set of resources, called subscribers.Tivoli administrators use profile managers to organize and distribute profiles. A profile manager is created in thecontext of a policy region and is a managed resource in a policy region.


Glo

ssary

R

resource modelIn Tivoli Distributed Monitoring for Windows, an object that models a related set of resources on an individualworkstation, which must be a Tivoli endpoint. At runtime, the resource model accesses the status of theunderlying resources by using the Windows Management Interface (WMI). It then makes this informationavailable to the Health Console. Resource models are predefined and target a specific resource area, such as thelogical disk, or TCP/IP. For any resource model users can specify individual thresholds and event aggregationrules. See also event.

T

Tivoli Business System ManagerA Tivoli product that allows system administrators to graphically monitor, control, and configure applicationsresiding in distributed and host (S/390) environments and to use the concept of business systems management toorganize related components, thereby providing a business perspective for management decisions. Tivoli BusinessSystem Manager gives information technology staff a logical view of the computing environment; this viewshows, at a glance, the status of the multiple applications that comprise the enterprise’s business system,including application components, the relationships among and between components, and the flow of databetween the applications. By providing this view from a business perspective, Tivoli Business System Managerenables system administrators to quickly make determinations about the business impact of any componentfailure. Addressing technology problems from the business perspective greatly improves the effectiveness ofsystem administrators and provides a higher level of service to users.

Tivoli Distributed Monitoring for WindowsA Tivoli product that extends the suite of monitoring capabilities to Windows NT and Windows 2000. TivoliDistributed Monitoring for Windows has three main components: (1) a server component that is used to createand distribute profiles that model workstation resources (2) an endpoint component that at runtime collects andanalyzes resource data in real time (3) the Health Console, which displays both real-time and historicalperformance and availability data.

Tivoli Enterprise ConsoleA Tivoli product that collects, processes, and automatically initiates corrective actions for system, application,network, and database events; it is the central control point for events from all sources. The Tivoli EnterpriseConsole provides a centralized, global view of the network computing environment; it uses distributed eventmonitors to collect information, a central event server to process information, and distributed event consoles topresent information to system administrators.

Tivoli environmentThe Tivoli applications, based upon the Tivoli Management Framework, that are installed at a specific customerlocation and that address network computing management issues across many platforms. In a Tivoli environment,a system administrator can distribute software, manage user configurations, change access privileges, automateoperations, monitor resources, and schedule jobs.

Tivoli Management Agent (TMAIn the Tivoli environment, an agent that securely performs administrative operations.

Tivoli Management FrameworkThe base software that is required to run the applications in the Tivoli product suite. This software infrastructureenables the integration of systems management applications from Tivoli Systems Inc. and the Tivoli Partners.In a Tivoli environment, the Tivoli Management Framework is installed on every client and server; however, theTMR server is the only server that holds the full object database.

102 Version 3.7

Printed in the United States of Americaon recycled paper containing 10%recovered post-consumer fiber.

SH19-4559-00

Tivoli Distributed Monitoring for Active Directory Reference

Documents

Transcript of Tivoli Distributed Monitoring for Active Directory Reference