Archive

Archive for August, 2005

MOM issues as a result of W32.Esbot.C

August 24, 2005 1 comment
Had an issue that started yesterday on my MOM 2000 SP1 server.  The MMC would not launch, it was getting Access Denied.  Here is a sample event that I was seeing in the System Log:
 
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10006
Date:  8/24/2005
Time:  4:56:16 PM
User:  Domain\MOMAccount
Computer: MYSERVER
Description:
DCOM got error "Class not registered " from the computer MYMOMSQLSERVER when attempting to activate the server:
{65A21944-E16D-11D2-A445-00A0C9AFE040}
This was happening every 30 seconds in the System Log.  This of course is because the DAS is trying to connect every 30 seconds (since losing connection to the SQL DB).  I was not aware that my servers were infected.  When I did notice the SAV alerts for my management server we patched and cleaned it.  The SQL server was infected but SAV was not detecting it.  So we cleaned that today.
 
When I tried to launch the MOM MMC I got these events in the Application Log:
 
Onepoint Operations: 25100 (DAS identity is one cause, the other is DCOM not enabled, please document that MSFT), 21126, 21155.
 
I checked COM + Components for MOM to make sure the DAS account/identity was correct.  I checked the client config to make sure named pipes and TCPIP was being used.  I checked the ODBC connection, SQL server remote access, etc.  I ran DCOMCNFG (on the Management server only).  DCOM was enabled.
 
Called PSS and opened a Crit Sit case.  After trying various things, I emailed our AD team who also uses MOM, and they replied with the fix.
 
W32.Esbot.C changes a reg key.  The reg key that enabled DCOM.  It changes it from Y to N.  Had I done the DCOMCNFG on my SQL server I would have realized DCOM was disabled. 
 
So what I learned was:
 
1) MSFT should document these events a little bit better (Access denied can also mean DCOM could be disabled – There are no KB’s on this).
2) I should not assume my machines have been cleaned, but should verify this on my own.
3) Improve communication between internal support teams using similar products and tools.
Categories: MOM

MOMAnswers is back online

August 12, 2005 2 comments

 
The MOM Community/Information web site MOMANSWERS is finally back on line.  Go check it out!
Categories: MOM

MOM 2005 Sizer

August 6, 2005 Leave a comment
MOM 2005 sizer has been released.  I understand this will also calculate the size of your reporting server:
 
Categories: MOM

MOM 2005 SP1 Released

August 1, 2005 Leave a comment
MOM SP1 released today:
 
 
Brief summary:
 

Microsoft Operations Manager (MOM) 2005 with Service Pack 1 (SP1) offers the latest security enhancements and features, including:

 

Broader OS and database support, including Windows Server 2003 SP1 and SQL 2000 SP4, which enables you to leverage the latest Windows Server System software.

Support for x64 platforms which allows MOM 2005 to run on and monitor the latest high performance hardware.

License usage alerting which enables you to receive alerts when product usage exceeds the configured threshold of licensed OMLs.

Many customer-requested enhancements to better support enterprise scenarios:

Support for disjoint namespaces with mutual authentication

Support for NETBIOS names containing dot

Improved robustness of heart beating and Microsoft Connector Framework

Categories: MOM