Tivoli® Distributed Monitoring for Active Directory Reference
Version3.7
Tivoli® Distributed Monitoring for Active Directory Reference
Version3.7 Tivoli® Distributed Monitoring for Active Directory Reference
Copyright Notice
© Copyright IBM Corporation 2001. All rights reserved. May only be used pursuant to a Tivoli Systems Software License Agreement, an IBM Software License Agreement, or Addendum for Tivoli Products to IBM Customer or License Agreement. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual, or otherwise, without prior written permission of IBM Corporation. IBM Corporation grants you limited permission to make hardcopy or other reproductions of any machine-readable documentation for your own use, provided that each such reproduction shall carry the IBM Corporation copyright notice. No other rights under copyright are granted without prior written permission of IBM Corporation. The document is not intended for production and is furnished “as is” without warranty of any kind. All warranties on this document are hereby disclaimed, including the warranties of merchantability and fitness for a particular purpose.
U.S. Government Users Restricted Rights—Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corporation. Trademarks
IBM, Tivoli, the Tivoli logo, and Tivoli Enterprise Console are trademarks or registered trademarks of International Business Machines Corporation or Tivoli Systems Inc. in the United States, other countries, or both. Microsoft, Windows, and Windows NT are trademarks of Microsoft Corporation in the United States, other countries, or both. Other company, product, and service names may be trademarks or service marks of others. Notices
References in this publication to Tivoli Systems or IBM products, programs, or services do not imply that they will be available in all countries in which Tivoli Systems or IBM operates. Any reference to these products, programs, or services is not intended to imply that only Tivoli Systems or IBM products, programs, or services can be used. Subject to valid intellectual property or other legally protectable right of Tivoli Systems or IBM, any functionally equivalent product, program, or service can be used instead of the referenced product, program, or service. The evaluation and verification of operation in conjunction with other products, except those expressly designated by Tivoli Systems or IBM, are the responsibility of the user. Tivoli Systems or IBM may have patents or pending patent applications covering subject matter in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to the IBM Director of Licensing, IBM Corporation, North Castle Drive, Armonk, New York 10504-1785, U.S.A.
ISO 9001 Certification This product was developed using an ISO 9001 certified quality system. Certification has been awarded by Bureau Veritas Quality International (BVQI) (Certification No. BVQI - 92086 / A). BVQI is a world leader in quality certification and is currently recognized by more than 20 accreditation bodies. Contents Figures...... ix Preface...... xi Who Should Read This Manual ...... xi What This Manual Contains ...... xi Publications ...... xii Distributed Monitoring For Active Directory Library ...... xii Prerequisite Publications ...... xii Related Publications ...... xiii Accessing Publications Online ...... xiii Ordering Publications...... xiii Providing Feedback about Publications ...... xiii Contacting Customer Support ...... xiv Conventions Used in This Book ...... xiv Typeface Conventions...... xiv Chapter 1. Introduction to Distributed Monitoring for Active Directory 1 Overview ...... 1 Key Features and Benefits...... 2 Resource Models...... 3 Configuration and Deployment ...... 4 Chapter 2. Active Directory Resource Models ...... 5 Related Information...... 5 Active Directory Domain Controller Category ...... 6 Domain Controller Availability Resource Model...... 6 Domain Controller Performance Resource Model...... 7 Active Directory Replication Category...... 7 Replication Performance Resource Model ...... 7 Intra-site Replication Resource Model ...... 7 Intra-site Replication Traffic Resource Model ...... 7 Inter-site Replication Resource Model ...... 8 Inter-site Replication Traffic Resource Model...... 8 File Replication Service Resource Model...... 8 DNS Category...... 8 Windows 2000 DNS Server Performance Resource Model ...... 8 Active Directory Integrated DNS Resource Model ...... 9
Tivoli Distributed Monitoring for Active Directory Reference iii DHCP Category ...... 9 Windows 2000 DHCP Server Performance Resource Model...... 9 Chapter 3. Domain Controller Availability Resource Model ...... 11 Overview ...... 12 Indications and Events...... 13 No RID Master Role in the Domain ...... 14 A Global Catalog Cannot Be Reached in the Forest ...... 14 Unreachable Replica Partner ...... 14 No Domain Naming Master Role in the Forest...... 15 The Domain Controller Service Is Failing ...... 15 No Schema Master Role in the Forest ...... 15 The RID Master Role in the Domain Cannot be Reached...... 16 The Infrastructure Master Role in the Domain Cannot Be Reached...... 16 The Domain Controller Service Is Stopped ...... 17 The Service of a FSMO Role Server is Failing ...... 17 The Service of a FSMO Role Server is Stopped...... 18 No Global Catalogs in the Site ...... 18 The Domain Naming Master Role for the Forest Cannot Be Reached...... 18 All Global Catalogs in the Site Are Unavailable...... 19 No Infrastructure Master Role in the Domain...... 19 No PDC Master Role in the Domain ...... 19 The Schema Master Role for the Forest Cannot Be Reached ...... 20 The PDC Master Role in the Domain Cannot Be Reached ...... 20 Logging ...... 22 Chapter 4. Domain Controller Performance Resource Model...... 23 Overview ...... 24 Prerequisites ...... 24 Indications and Events...... 25 Small Database Cache Size ...... 25 High Number of Threads Waiting ...... 25 High Ticket-Granting Server (TGS) Requests Per Second...... 26 Small Database Table Cache Size ...... 26 High Log Record Stalls Per Second ...... 27 High Kerberos Authentication Requests Per Second ...... 27 Low Value of Cache Size ...... 27 Nonzero Cache Page Fault Stalls Per Second ...... 28 High NTLM Authentication Requests Per Second ...... 28 High Authentication Server (AS) Requests Per Second...... 28 iv Version 3.7 Thresholds ...... 29 Logging ...... 30 Chapter 5. Replication Performance Resource Model...... 33 Overview ...... 34 Indications and Events...... 34 Low Percentage of Inbound Properties Applied ...... 34 High Percentage of Inbound Properties Filtered ...... 35 High Percentage of Outbound Objects Filtered...... 35 Low Percentage of Inbound Objects Applied ...... 36 High Percentage of Inbound Objects Filtered ...... 36 Thresholds ...... 37 Logging ...... 38 Chapter 6. Intra-site Replication Resource Model ...... 39 Overview ...... 40 Indications and Events...... 40 Intra-site Replication Failure ...... 40 Logging ...... 41 Chapter 7. Intra-site Replication Traffic Resource Model ...... 43 Overview ...... 44 Indications and Events...... 44 High Intra-site Outbound Replication Traffic ...... 44 High Intra-site Inbound Replication Traffic ...... 45 Pending Directory Synchronization Not Processed Not Decreasing ...... 45 Thresholds ...... 45 Logging ...... 46 Chapter 8. Inter-site Replication Resource Model ...... 47 Overview ...... 48 Prerequisites ...... 48 Indications and Events...... 49 Inter-site Replication Failure ...... 49 No Bridgehead Servers in the Site ...... 50 No Replication Partner ...... 50 Site Link Not Defined ...... 51 Logging ...... 51 Chapter 9. Inter-site Replication Traffic Resource Model ...... 53
Tivoli Distributed Monitoring for Active Directory Reference v Overview ...... 54 Prerequisites ...... 54 Indications and Events...... 55 High Inter-site Inbound Replication Traffic ...... 55 High Inter-site Outbound Replication Traffic ...... 56 Thresholds ...... 56 Logging ...... 57 Chapter 10. File Replication Service Performance Resource Model .... 59 Overview ...... 60 Indications and Events...... 60 High Percentage of Change Orders Evaporated ...... 61 High Percentage of Packets Sent in Error...... 61 High Percentage of Directory Service Bindings in Error...... 61 High Percentage of Change Orders Retired ...... 62 High Percentage of Change Orders Morphed ...... 62 High Value of Staging Space in Use (KB) ...... 62 High Percentage of Files Installed with Error...... 63 Persistent High Number of Packets Received ...... 63 Number of Files Installed Persistently High ...... 63 High Percentage of Packets Received in Error ...... 64 High Usn Records Accepted ...... 64 High Percentage of Change Orders Aborted ...... 64 Low Value of Staging Space Free (KB) ...... 65 Persistent High Number of Change Orders Sent ...... 65 Thresholds ...... 66 Logging ...... 66 Chapter 11. Windows 2000 DNS Server Performance Resource Model 69 Overview ...... 70 Indications and Events...... 70 The DNS Server Service Is Stopped ...... 70 Dynamic Update Failures ...... 71 High DNS Response Time...... 71 Percentage of Zone Transfer Failures ...... 72 The DNS Server Service Is Failing ...... 72 Thresholds ...... 73 Logging ...... 73
vi Version 3.7 Chapter 12. Active Directory Integrated DNS Resource Model ...... 75 Overview ...... 76 Indications and Events...... 76 Missing Global Catalog SRV Record ...... 77 Missing dnsNode Record...... 77 Bad Record Data for Domain Controller ...... 78 Missing PDC SRV Record...... 78 Bad Record Data for Global Catalog ...... 79 Missing Domain Controller SRV Record ...... 79 Bad Record Data for Primary Domain Controller Emulator ...... 80 Logging ...... 81 Chapter 13. Windows 2000 DHCP Server Performance Resource Model...... 83 Overview ...... 84 Indications and Events...... 84 High Rate of Declines ...... 85 High Value of Conflict Check Queue Length ...... 85 DHCP Slow ...... 85 DHCP Server Service Is Failing...... 86 High Rate of Negative Acknowledgements...... 86 High Increase of Packets Expired Per Second ...... 86 Short DHCP Scope Lease Times ...... 87 Sudden Decrease in DHCP Scope Lease Times ...... 87 The DHCP Server Service Has Stopped ...... 87 High Value of Active Queue Length ...... 88 Thresholds ...... 89 Logging ...... 90 Appendix A. Troubleshooting...... 91 Error Handling ...... 91 Error Numbers ...... 92 Appendix B. Effective Use of the Parametric Event Log Resource Model...... 99 Active Directory Domain Controller Category ...... 99 Active Directory Replication Category...... 99 DNS Category...... 100 DHCP Category...... 100
Tivoli Distributed Monitoring for Active Directory Reference vii Glossary ...... 101
viii Version 3.7 Figures
1. Deployment of Active Directory resource models in the Tivoli environment ...... 4 2. Distributed Monitoring for Active Directory in a Windows 2000 domain...... 6
Tivoli Distributed Monitoring for Active Directory Reference ix x Version 3.7 Preface
Tivoli Distributed Monitoring for Active Directory is layered on Tivoli Distributed Monitoring for Windows®. It can be used in both native (Microsoft® Windows 2000 only) and mixed (Windows 2000 and Windows NT) environments.
Active Directory enables you to monitor, tune and manage the security, performance and availability of Active Directory key resources and services, such as domain controllers; inter-site, intra-site, and file replication; and Microsoft’s predefined performance objects.
For detailed information about how to customize profiles and resource models, distribute them to endpoints, and monitor and log indications and events, refer to the Tivoli Distributed Monitoring for Windows User’s Guide.
Who Should Read This Manual This manual is for Windows 2000 system administrators who are responsible for managing Active Directory resources.
To make effective use of the product, readers require knowledge as well as practical experience of the following: ¶ Installing and managing the Tivoli Management Framework and the Tivoli Management Environment® ¶ Installing, customizing, and managing Distributed Monitoring for Windows ¶ Windows 2000 system administration
Readers should also be familiar with the Tivoli Enterprise Console® product.
What This Manual Contains This manual contains the following sections: ¶ Chapter 1, “Introduction to Distributed Monitoring for Active Directory” Provides an introduction to Distributed Monitoring for Active Directory, its features and functions, and its integration with Distributed Monitoring for Windows. ¶ Chapter 2, “Active Directory Resource Models” Introduces each of the Active Directory resource models, and explains the key concepts required for the effective customizing of these resource models. ¶ Chapters 3 to 13 inclusive Provide details of the problems each resource model can highlight, and give information about the indications, thresholds and, where applicable, data logging features you can use to manage your Active Directory environment as follows: v Chapter 3, “Domain Controller Availability Resource Model” v Chapter 4, “Domain Controller Performance Resource Model” v Chapter 5, “Replication Performance Resource Model” v Chapter 6, “Intra-site Replication Resource Model” v Chapter 7, “Intra-site Replication Traffic Resource Model”
Tivoli Distributed Monitoring for Active Directory Reference xi Preface
v Chapter 8, “Inter-site Replication Resource Model” v Chapter 9, “Inter-site Replication Traffic Resource Model” v Chapter 10, “File Replication Service Performance Resource Model” v Chapter 11, “Windows 2000 DNS Server Performance Resource Model” v Chapter 12, “Active Directory Integrated DNS Resource Model” v Chapter 13, “Windows 2000 DHCP Server Performance Resource Model” ¶ Appendix A, “Troubleshooting” Provides information about possible errors that are the result of incorrectly configured resource models, missed prerequisites, or an incorrectly configured Active Directory environment. ¶ Appendix B, “Effective Use of the Parametric Event Log Resource Model” Provides suggestions for event logs and source types to monitor with the parametric event log resource model for each of the Active Directory resource categories.
Publications This section lists publications in the Tivoli Distributed Monitoring for Active Directory library and any other related documents. It also describes how to access Tivoli publications online, how to order Tivoli publications, and how to make comments on Tivoli publications. Distributed Monitoring For Active Directory Library The following documents are available in the Tivoli Distributed Monitoring for Active Directory library: ¶ Tivoli Distributed Monitoring for Active Directory Release Notes, GI11-0852 Provides installation instructions and late-breaking information about Tivoli Distributed Monitoring for Active Directory. ¶ Tivoli Distributed Monitoring for Active Directory Reference, SH19-4559 Provides information about events, indications, thresholds and logging metrics provided for monitoring Active Directory, so that you can customize resource models for the effective management of business-critical resources. Prerequisite Publications To be able to use the information in this book effectively, you must have some prerequisite knowledge, which you can get from the following books: ¶ Tivoli Distributed Monitoring for Active Directory Release Notes, GI11-0852 Provides installation instructions and late-breaking information about Tivoli Distributed Monitoring for Active Directory. ¶ Tivoli Distributed Monitoring for Windows Release Notes, GI11-0843 Provides last-minute information about Distributed Monitoring for Windows 3.7 ¶ Tivoli Distributed Monitoring for Windows User’s Guide, GC32-0403 Provides comprehensive instructions for customizing resource models. You can use these instructions to customize both standard resource models for monitoring the performance and availability of your Windows 2000 systems, and Active Directory specific resource models for monitoring Active Directory.
xii Version 3.7 Preface
Related Publications The following documents also provide useful information related to Tivoli Distributed Monitoring for Active Directory: ¶ Tivoli Distributed Monitoring for Windows Workbench for Windows User’s Guide, GC32-0663 Provides comprehensive instructions for building, testing, packaging and installing your own resource models. ¶ IBM Redbooks™ Implementing Tivoli Manager for Windows NT, SG24-5519 Provides background information about the architecture and design of Distributed Monitoring for Windows, which used to be called Tivoli Manager for Windows NT. Accessing Publications Online You can access many Tivoli publications online at the Tivoli Customer Support Web site:
http://www.tivoli.com/support/documents/
These publications are available in PDF or HTML format, or both. Translated documents are also available for some products.
To access most of the documentation, you need an ID and password. If necessary, you can obtain these from the following Web site:
http://www.tivoli.com/support/getting/ Ordering Publications You can order many Tivoli publications online at the following Web site:
http://www.ibm.com/shop/publications/order
You can also order by telephone by calling one of these numbers: ¶ In the United States: 800-879-2755 ¶ In Canada: 800-426-4968 ¶ In other countries, for a list of telephone numbers, see the following Web site: http://www.tivoli.com/inside/store/lit_order.html Providing Feedback about Publications We are very interested in hearing about your experience with Tivoli products and documentation, and we welcome your suggestions for improvements. If you have comments or suggestions about our products and documentation, contact us in one of the following ways: ¶ Send an e-mail to [email protected]. ¶ Complete our customer feedback survey at the following Web site: http://www.tivoli.com/support/survey/
Tivoli Distributed Monitoring for Active Directory Reference xiii Preface
Contacting Customer Support If you have a problem with any Tivoli product, you can contact Tivoli Customer Support. See the Tivoli Customer Support Handbook at the following Web site:
http://www.tivoli.com/support/handbook/
The handbook provides information about how to contact Tivoli Customer Support, depending on the severity of your problem, and the following information: ¶ Registration and eligibility ¶ Telephone numbers and e-mail addresses, depending on the country you are in ¶ What information you should gather before contacting support
Conventions Used in This Book This book uses several conventions for special terms and actions, operating system-dependent commands and paths, and margin graphics. Typeface Conventions The following typeface conventions are used in this book: Bold Lowercase and mixed-case commands, command options, and flags that appear within text appear like this, in bold type. Graphical user interface elements (except for titles of windows and dialogs) and names of keys also appear like this, in bold type. Italic Variables, values you must provide, new terms, and words and phrases that are emphasized appear like this, in italic type. Monospace Commands, command options, and flags that appear on a separate line, code examples, output, and message text appear like this,inmonospace type. Names of files and directories, text strings you must type, when they appear within text, names of Java™ methods and classes, and HTML and XML tags also appear like this,inmonospace type.
xiv Version 3.7 .Introduction 1. 1 Introduction to Distributed Monitoring for Active Directory
This section introduces Tivoli Distributed Monitoring for Active Directory, its key features and benefits, its resource models, and its integration with Tivoli Distributed Monitoring for Windows®.
For detailed information about Distributed Monitoring for Windows, refer to the Tivoli Distributed Monitoring for Windows User’s Guide.
Overview Distributed Monitoring for Active Directory is a distributed product that extends the existing monitoring capabilities of Tivoli Distributed Monitoring for Windows.
Distributed Monitoring for Active Directory enables you to monitor, tune and manage the performance and availability of Active Directory key resources, objects and services.
Distributed Monitoring for Active Directory is a solution for managing and monitoring Active Directory. It is built on Tivoli Distributed Monitoring for Windows 3.7.
To obtain a comprehensive view of the performance and availability of resources and services, you can use Active Directory specific resource models on the same Tivoli endpoints with the resource models for system monitoring that are provided with Distributed Monitoring for Windows.
It is also advisable to distribute the parametric event log resource model that is provided with Tivoli Distributed Monitoring for Windows to all domain controllers.
Tivoli Distributed Monitoring for Active Directory Reference 1 Key Features and Benefits Distributed Monitoring for Active Directory has the following key features and benefits:
Feature Benefit Integration with Tivoli Framework and Distributed ¶ Monitoring for Windows Tivoli environment and infrastructure ¶ Familiar user-interface ¶ Ability to monitor Windows 2000 domain controllers as Tivoli endpoints ¶ Ability to monitor Windows 2000 Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) servers as Tivoli endpoints ¶ Ability to send events to the Tivoli Enterprise Console® ¶ Ability to send events to the Tivoli Business System Manager console ¶ Ability to log data for analysis and display ¶ Ability to view online and historical data on the Health Console
¶ Ability to set thresholds
¶ Ability to restart Windows services through built-in actions
¶ Ability to use new resource models together with existing Distributed Monitoring for Windows resource models, such as the System category, such as the Memory, Process, and Processor resource models, to monitor Windows 2000 system resources. Resource models tailored to Active Directory Ability to monitor the performance, availability, and health of Active Directory key services and objects such as: ¶ Domain controllers
¶ Allocation of Flexible Single Master Operations (FSMO) roles
¶ Replication efficiency within and between multiple sites
¶ DHCP server
¶ DNS server Error-handling capability Ability to display error messages on the Health Console about the following: ¶ Missing prerequisites on endpoints ¶ The status of resource models ¶ Configuration errors that can cause resource models to stop
2 Version 3.7 .Introduction 1. Resource Models Distributed Monitoring for Active Directory uses out-of-the box, predefined resource models.
Generally you can use the default values and still obtain useful data. However, if necessary you can customize the resource models to suit your local requirements.
Different areas of Active Directory require different approaches to monitoring and management. The resource models for Distributed Monitoring for Active Directory are therefore divided into categories as shown in the following table:
Category Resource Model Active Directory domain controller Domain controller performance Domain controller availability Active Directory replication Replication performance Intra-site replication Intra-site replication traffic Inter-site replication Inter-site replication traffic File Replication Service DHCP Windows 2000 DHCP Server performance DNS Windows 2000 DNS Server performance Active Directory Integrated DNS
For a detailed introduction to each of these resource models, see “Active Directory Resource Models” on page 5.
For listings and descriptions of indications, events, thresholds and logging details for each resource model, see the appropriate one of chapters 4 to 14.
Tivoli Distributed Monitoring for Active Directory Reference 3 Configuration and Deployment All resource models for Active Directory are configured and deployed in exactly the same way as the resource models that are provided with Distributed Monitoring for Windows: 1. You configure the resource models for Active Directory from the Tivoli desktop. 2. You package them into standard Distributed Monitoring for Windows profiles. 3. You use the Tivoli Framework facilities to distribute the profiles. 4. You use the Distributed Monitoring for Windows facilities to start and stop the resource models.
A high-level summary of this process is shown in Figure 1.
For full descriptions of the steps for configuring, packaging and distributing resource models to endpoints, refer to the Tivoli Distributed Monitoring for Windows User’s Guide.
Tivoli Environment
Tivoli Server
GUI Default Management Resource ProfileProfile Bottlenecks Management Resource ProfileProfile Configuration Management Model Services Management Model
Memory leaks management
Processes Management Finish
Push Push
Distributed Monitoring Tivoli Management for Windows engine Agent
Resource Model
DomainDomain Controller Controller Start
Resource Model
Figure 1. Deployment of Active Directory resource models in the Tivoli environment
4 Version 3.7 2 Active Directory Resource Models .Atv Directory Active 2. eoreModels Resource This section describes the purpose and function of each of the Active Directory resource models.
The following table lists the resource models by category, and where you can find a description of the resource model:
Category Resource Model See Page Active Directory domain Domain controller availability 6 controller Domain controller performance 7 Active Directory replication Replication performance 7 Intra-site replication 7 Intra-site replication traffic 7 Inter-site replication 8 Inter-site replication traffic 8 File Replication Service 8 DNS Windows 2000 DNS Server performance 8 Active Directory Integrated DNS 9 DHCP Windows 2000 DHCP Server performance 9
Related Information The following table shows where you can find additional information to help you work with the resource models described in the following sections:
Information See Listings and descriptions of indications, events, The appropriate one of chapters 3 to 13 thresholds and logging details for each resource model Diagnosing problems with Distributed Monitoring for “Troubleshooting” on page 91 Active Directory resource models Definitions of Active Directory and Distributed The “Glossary” on page 101 Monitoring for Windows concepts Explanations of resource model concepts, and The Tivoli Distributed Monitoring for instructions for configuring and installing resource Windows User’s Guide models
Tivoli Distributed Monitoring for Active Directory Reference 5 Active Directory Domain Controller Category The Active Directory domain controller category contains resource models that must both be distributed to all domain controllers in a forest. Together they provide a comprehensive view of critical aspects of the availability and performance of Active Directory domain controllers in the forest.
Figure 2 shows a high-level view of an Active Directory domain where Distributed Monitoring for Active Directory is running on all domain controllers.
Distributed Monitoring for Active Directory
Domain Controller
Distributed Monitoring for Active Directory
Distributed Monitoring for Active Directory Domain Controller
Domain ControlleController
Desktop System
Desktop System
Windows 2000 Domain
Figure 2. Distributed Monitoring for Active Directory in a Windows 2000 domain
Domain Controller Availability Resource Model It is critical for Active Directory health that all domain controllers in the forest are available. This resource model checks that key domain controller services are available and stable. If such a service is in a stopped state, this resource model tries to restart that service.
The resource model also checks if Flexible Single Master Operations (FSMO) roles have been assigned to domain controllers, and if it is possible to connect to domain controllers that are holding the FSMO roles.
It also checks that the domain controller and its replication partners can connect to each other, and that global catalogs have been defined and can be accessed over the network
6 Version 3.7 Domain Controller Performance Resource Model Optimal performance of Active Directory depends on the effective management of the NT Directory Service (NTDS) and Extensible Storage Engine (ESE) database. This resource model retrieves statistical information about Active Directory, including the following: ¶ The number of Kerberos authentications ¶ The number of NTLM authentications ¶ The number of new users and computers created .Atv Directory Active 2. Active Directory Replication Category Models Resource The Active Directory replication category contains resource models that monitor the three types of replication that are performed in an Active Directory environment: Intra-Site replication Is replication with a ring topology comprising domain controllers in the same site. Inter-Site Replication Is replication among bridgehead servers, which function like gateways to remote sites. Bridgehead servers are the domain controllers that run the inter-site replication process for the site. File Replication Service Is replication of system policies and logon scripts that are stored in SYSVOL, and of data for distributed file systems. Replication Performance Resource Model This resource model monitors the efficiency of the Active Directory replication process. For each domain controller to which it has been distributed and on which it is running, it checks the percentage of inbound and outbound replication updates that have been filtered and applied. These percentages give an indication to what extent Active Directory objects and properties are dynamic or static. This information can be used to fine-tune the replication interval to optimize performance. Intra-site Replication Resource Model This resource model monitors the replication process between domain controllers in the same site. Because each domain controller in a forest is involved in the intra-site replication process, this resource model should run on all of them.
This resource model retrieves, for the domain controller on which it is running, the intra-site replication topology for each directory partition and performs a check against replication attempt failures for each replication partner and for each replicated directory partition.
If a replication attempt fails, the resource model sends an indication with details of the replication partner, the directory partition, and the failure reason. Intra-site Replication Traffic Resource Model This resource model should be distributed to all domain controllers in a site.
This resource model measures all incoming and outgoing intra-site replication traffic for the domain controller on which it is running. It monitors the number of inbound (replicated in) and outbound (replicated out) bytes per second. You can define thresholds for both
Tivoli Distributed Monitoring for Active Directory Reference 7 quantities, and enable data logging for both as required. An indication can be sent if the number of inbound bytes per second or outbound bytes per second exceeds the threshold. Inter-site Replication Resource Model This resource model should be distributed to one domain controller per site.
This resource model performs a number of tasks for the site in which it is running. It monitors the inter-site replication process, checks that a site link has been created, retrieves the list of domain controllers that are acting as bridgehead servers within the site, and checks for each bridgehead server that the inter-site replication is functioning efficiently. Inter-site Replication Traffic Resource Model This resource model should be distributed to one domain controller per site.
This resource model performs a number of tasks for the site in which it is running. It retrieves the list of domain controllers that are acting as bridgehead servers within the site, and retrieves the value of its performance counters related to inter-site replication activity. Inter-site replication traffic is compressed. It is measured by monitoring the number of inbound (replicated in) and outbound (replicated out) compressed bytes. You can configure the resource model, so that an indication is sent if the number of inbound bytes per second or outbound bytes per second exceeds the thresholds. File Replication Service Resource Model This resource model measures the performance of the File Replication Service (FRS). Windows 2000 domain controllers and servers use FRS to replicate system policies and login scripts for Windows 2000 and down-level clients.
This resource model should be distributed to all domain controllers.
DNS Category The DNS category contains resource models that monitor Windows 2000 DNS Server performance and Active Directory integrated DNS respectively. Windows 2000 DNS Server Performance Resource Model This resource model monitors the activity and performance of the Windows 2000 DNS server. It monitors zone transfer failures, dynamic update failures, DNS response time, and general problems with DNS.
Note: This resource model must be distributed only to primary DNS servers that run Windows 2000 DNS.
Even if DNS is integrated with Active Directory, a primary DNS server must be nominated.
8 Version 3.7 Active Directory Integrated DNS Resource Model When Windows 2000 DNS server runs on a domain controller, that domain controller stores a copy of the corresponding DNS zones. Windows 2000 domain controllers can register one or more DNS records. These entries are Service Location Records (SRVs) that are used to identify services that are available on a host.
SRVs enable a client to find the following: ¶ A Windows 2000 domain controller in the domain ¶ The primary domain controller (PDC) emulator .Atv Directory Active 2. eoreModels Resource ¶ The global catalog server This resource model monitors and sends an alert if any of these SRVs is inaccurate or missing. This resource model should be distributed to one domain controller in one of the parent domains in the forest.
DHCP Category The DHCP category contains one resource model. Windows 2000 DHCP Server Performance Resource Model This resource model monitors the performance and general functioning of the DHCP server. It checks if lease times are too short, if the traffic on the DHCP is too heavy, and other key issues that ensure that the DHCP is in good health.
This resource model should be distributed to the DHCP server but only if it is running Windows 2000 DHCP.
Tivoli Distributed Monitoring for Active Directory Reference 9 10 Version 3.7 3 Domain Controller Availability Resource Model
This section describes the domain controller availability resource model.
The following table shows the key characteristics of this resource model:
Resource Model at a Glance Category Active Directory domain controller Thresholds NO
Parameters NO Controller Domain 3. Built-in actions YES
Clearing events YES Availability Default cycle time 300 seconds
Tivoli Distributed Monitoring for Active Directory Reference 11 Overview
Resource model distribution This resource model should be distributed to each domain controller in a forest.
This resource model monitors domain controller availability and health. It performs the following availability checks for each domain controller: ¶ Checks the availability and stability of the following domain controller key services, and provides built-in actions for their automatic recovery:
Service Description Dnscache DNS client cache kdc Kerberos Key Distribution Center lanmanserver Server lanmanworkstation Workstation IsmServ Inter-site messaging Netlogon Net logon NtFrs Windows NT® File Replication Service RpcLocator Remote Procedure Call (RPC) Locator RpcSs Remote Procedure Call (RPC) TrkSvr Distributed Link Tracking Server TrkWks Distributed Link Tracking Workstation W32Time Windows Time
¶ Retrieves the names of the domain controllers holding Flexible Single Master Operation (FSMO) roles, and checks that the roles have been assigned ¶ Checks network connectivity among replica partners by obtaining the replica topology for each domain controller ¶ Checks that global catalogs exist and are reachable
12 Version 3.7 Indications and Events The following table lists the events that can be generated by the domain controller availability resource model, the name of the indication from which each event is generated, the severity of the event, and where you can find a detailed description of the indication:
Event Indication Severity See Page TMW_RID_notfound No RID master role in the domain Critical 14 TMW_GC_all_unavailable A global catalog cannot be reached Critical 14 in the forest TMW_ReplPartner_unreachable Unreachable replica partner Critical 14 TMW_DomNaming_notfound No domain naming master role in Critical 15 the forest TMW_DCServ_Failing The domain controller service is Critical 15 failing TMW_Schema_notfound No schema master role in the Critical 15 forest TMW_RID_unreachable The RID master role in the domain Critical 16 cannot be reached TMW_Infra_unreachable The infrastructure master role in Critical 16 the domain cannot be reached Controller Domain 3. TMW_DCServ_Stopped The domain controller service Critical 17 stopped Availability TMW_DCServ_Failing_FSMORole The service of a FSMO role server Warning 17 is failing TMW_DCServ_Stopped_FSMORole The service of a FSMO role server Warning 18 is stopped TMW_GC_NotFoundInSite No global catalogs in the site Minor 18 TMW_DomNaming_unreachable The domain naming master role Critical 18 for the forest cannot be reached TMW_GCInSite_all_unavailable All global catalogs in the site are Warning 19 unavailable TMW_Infra_notfound No infrastructure master role in the Critical 19 domain TMW_PDC_notfound No PDC master role in the domain Critical 19 TMW_Schema_unreachable The schema master role for the Critical 20 forest cannot be reached TMW_PDC_unreachable The PDC master role in the Critical 20 domain cannot be reached
Tivoli Distributed Monitoring for Active Directory Reference 13 No RID Master Role in the Domain This indication is sent when no domain controller holds the Relative ID (RID) master role in the domain.
The RID operations master role holder must be available to supply other servers with RIDs. Assign the RID master role to a domain controller.
The indication has the following attribute: domain Identifies the name of the domain
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
A Global Catalog Cannot Be Reached in the Forest This indication is sent when a domain controller cannot reach any of the global catalogs in the entire forest.
This can be the result of connection problems.
The indication has the following attribute: forest Identifies the name of the forest
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
Unreachable Replica Partner This indication is sent when the server that is being monitored could not contact a replication partner at a specified site. In this case, the intra-site replication process does not run. This can be the result of connection problems or problems with DNS.
The indication has the following attributes; key attributes are shown like this, in bold: server Identifies the name of the server replicationPartner Identifies the name of the replication partner that cannot be reached
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES
14 Version 3.7 Setting Default Occurrences 3 Holes 0
No Domain Naming Master Role in the Forest This indication is sent when no domain naming master has been assigned to any domain controller in the forest. The domain controller holding the domain naming master role is the only domain controller that can do the following: ¶ Add new domains to the forest ¶ Remove existing domains from the forest ¶ Add or remove cross-reference objects to external directories.
To solve the problem, assign the domain naming master role to a domain controller that serves the forest.
The indication has the following attribute: forest Identifies the name of the forest .Dmi Controller Domain 3. The following table shows the default settings for this indication:
Setting Default Availability Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
The Domain Controller Service Is Failing This indication is sent when one of the domain controller key services for Active Directory health is failing.
The indication has the following attributes; key attributes are shown like this, in bold: serviceName Identifies the name of the failing service serviceStatus Identifies the current status of the service serviceState Identifies the current state of the service
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
No Schema Master Role in the Forest This indication is sent when there is no schema master role assigned to any domain controller in the forest. The domain controller that holds the schema master role is the only domain controller that can perform write operations to the directory schema. Those schema
Tivoli Distributed Monitoring for Active Directory Reference 15 updates are replicated from the schema master to all other domain controllers in the forest. To solve the problem, assign the schema master role to a domain controller that serves the forest.
The indication has the following attribute: forest Identifies the name of the forest
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
The RID Master Role in the Domain Cannot be Reached This indication is sent when the domain controller holding the RID master role in the domain cannot be reached. The Relative ID (RID) operations master role holder must be available when a server needs to be supplied RIDs. This indication is sent if the domain controller holding the RID master role cannot be reached.
Check why the domain controller cannot be reached and, if necessary, reassign the RID master role to another domain controller.
The indication has the following attributes; key attributes are shown like this, in bold: dcname Identifies the name of the domain controller that is currently holding the RID master role domain Identifies the name of the domain
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 3 Holes 0
The Infrastructure Master Role in the Domain Cannot Be Reached This indication is sent when the domain controller holding the infrastructure master role cannot be reached.
The domain controller that holds the infrastructure master role for the group’s domain updates the cross-domain group-to-user reference to reflect the user’s new name. The infrastructure master updates these references locally and uses replication to bring all other replicas of the domain up-to-date. If the infrastructure master is unavailable, these updates are delayed.
Check why the domain controller cannot be reached and, if necessary, reassign the role of infrastructure master to another controller in the domain.
The indication has the following attributes; key attributes are shown like this, in bold:
16 Version 3.7 dcname Identifies the name of the domain controller that cannot be reached domain Identifies the name of the domain
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 3 Holes 0
The Domain Controller Service Is Stopped This indication is sent when one of the domain controller key services for Active Directory health has stopped.
The indication has the following attributes; key attributes are shown like this, in bold: serviceName Identifies the name of the service that is in a stopped state serviceStatus Identifies the current status of the service
The indication contains a built-in action that restarts the service after it has stopped. Controller Domain 3.
The following table shows the default settings for this indication: Availability
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0 Restart Service? YES
The Service of a FSMO Role Server is Failing This indication is sent when one of the key services for Active Directory health of a specific domain controller is failing and that domain controller holds an FSMO master role. The indication identifies which FSMO role the domain controller is holding.
The indication has the following attributes; key attributes are shown like this, in bold: serviceName Identifies the name of the failing service serviceStatus Identifies the current status of the service serviceState Identifies the current state of the service fsmoRole Identifies the FSMO master role owned by the domain controller that is issuing the indication
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
Tivoli Distributed Monitoring for Active Directory Reference 17 The Service of a FSMO Role Server is Stopped This indication is sent when one of the key services for Active Directory health of a specific domain controller has stopped and that domain controller holds an FSMO master role.
The indication contains a built-in action that restarts the service after it has stopped.
The indication has the following attributes; key attributes are shown like this, in bold: serviceName Identifies the name of the failing service serviceStatus Identifies the current status of the service fsmoMasterRole Identifies the FSMO master role
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0 Restart Service? YES
No Global Catalogs in the Site This indication is sent if there are no global catalogs serving this site. A global catalog server is a requirement for logging on to the domain. It is therefore advisable to have at least one global catalog server in each site. The global catalog also enables searching for Active Directory objects in any domain in the forest without the need for subordinate referrals, and users can find objects of interest quickly without having to know which domain contains the object. To solve the problem, assign at least one domain controller to be a global catalog for the site.
The indication has the following attribute: siteName Identifies the name of the site
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
The Domain Naming Master Role for the Forest Cannot Be Reached This indication is sent when the domain controller holding the domain-naming master role in the forest cannot be reached. Only this domain controller can do the following: ¶ Add new domains to the forest ¶ Remove existing domains from the forest ¶ Add or remove cross-reference objects to external directories
18 Version 3.7 To solve the problem, reassign the role to another domain controller.
The indication has the following attributes; key attributes are shown like this, in bold: dcname Identifies the name of the domain controller forest Identifies the name of the forest
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 3 Holes 0
All Global Catalogs in the Site Are Unavailable This indication is sent when all global catalogs defined for the specified site are unavailable.
The indication has the following attribute: siteName Identifies the name of the site .Dmi Controller Domain 3. The following table shows the default settings for this indication: Availability Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
No Infrastructure Master Role in the Domain This indication is sent when no domain controller holds the infrastructure master role for the domain. Each group’s domain must assign this role so that the cross-domain group-to-user reference is updated with new and changed user names. The infrastructure master updates these references locally and uses replication to bring all other replicas of the domain up-to-date. If the infrastructure master is unavailable, these updates are delayed. To shorten delays, assign the role to a domain controller that serves the domain.
The indication has the following attribute: domain Identifies the name of the domain
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
No PDC Master Role in the Domain This indication is sent when a primary domain controller (PDC) emulator master role has not been assigned to any domain controller in the domain. This is the domain controller that
Tivoli Distributed Monitoring for Active Directory Reference 19 is assigned to act as a Windows NT primary domain controller (PDC) to service network clients that do not have Active Directory client software installed, and to replicate directory changes to any Windows NT backup domain controllers (BDCs) in the domain. For a Windows 2000 domain operating in native mode, the PDC emulator master receives preferential replication of password changes performed by other domain controllers in the domain and handles any password authentication requests that fail at the local domain controller. At any time, there can be only one PDC emulator in a particular domain.
Assign the PDC master role to a domain controller that serves the domain.
The indication has the following attribute: domain Identifies the name of the domain
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
The Schema Master Role for the Forest Cannot Be Reached This indication is sent when the domain controller holding the schema master role in the forest cannot be reached. The domain controller that holds the schema master role is the only domain controller that can perform write operations to the directory schema. Those schema updates are replicated from the schema master to all other domain controllers in the forest.
Assign the role to another domain controller that serves the domain.
The indication has the following attributes; key attributes are shown like this, in bold: dcname Identifies the name of the domain controller forest Identifies the name of the forest
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 3 Holes 0
The PDC Master Role in the Domain Cannot Be Reached This indication is sent when the domain controller holding the PDC emulator master role in the domain cannot be reached. The domain controller assigned acts as a Windows NT PDC to service network clients that do not have Active Directory client software installed, and to replicate directory changes to any Windows NT backup domain controllers (BDCs) in the domain.
For a Windows 2000 domain operating in native mode, the PDC emulator master receives preferential replication of password changes performed by other domain controllers in the
20 Version 3.7 domain, and handles any password authentication requests that fail at the local domain controller. At any time, there can be only one PDC emulator in a particular domain.
Assign the PDC master role to another domain controller that serves the domain.
The indication has the following attributes; key attributes are shown like this, in bold: dcname Identifies the name of the domain controller forest Identifies the name of the forest
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 3 Holes 0 .Dmi Controller Domain 3. Availability
Tivoli Distributed Monitoring for Active Directory Reference 21 Logging The following table shows the resource, context and properties for which data can be logged:
Resource Context Properties
Service Status serverName Identifies the name of the server serviceName Identifies the name of the service state Identifies the state of the service status Identifies the status of the service
22 Version 3.7 .Dmi Controller Domain 4. Performance 4 Domain Controller Performance Resource Model
This section describes the domain controller performance resource model.
The following table shows the key characteristics of this resource model:
Resource Model at a Glance Category Active Directory domain controller Thresholds YES Parameters NO Built-in actions NO Clearing events YES Default cycle time 300 seconds
Tivoli Distributed Monitoring for Active Directory Reference 23 Overview
Resource model distribution This resource model should be distributed to each domain controller in a forest.
This resource model monitors domain controller performance. It performs the following performance checks: | ¶ Monitors NT Domain Server (NTDS) counters ¶ Monitors client performance requests, such as LDAP client sessions and the number of successful Directory Service bindings ¶ Monitors performance aspects of the Extensible Storage Engine (ESE) database, such as cache size and file operations statistics
This resource model can send events when the values of counters exceed defined thresholds. It logs data about client performance requests, database activity, and NTDS activity.
Prerequisites | This resource model uses performance counters that require the Microsoft database | performance object to be installed.
| Note: This performance object is not installed by default when you install the Windows | 2000 software.
| For information about installing the database performance object, refer to the | Windows 2000 Resource Kit, or to the following web site:
| http://www.microsoft.com/TechNet/win2000/win2ksrv/adguide/addch09.asp |
24 Version 3.7 .Dmi Controller Domain 4.
Indications and Events Performance The following table lists the events that can be generated by the domain controller performance resource model, the name of the indication from which each event is generated, the severity of the event, and where you can find a detailed description of the indication:
Event Indication Severity See Page TMW_Small_DBCacheSize Small database cache size Warning 25 TMW_High_LogThreadWait High number of threads waiting Warning 25 TMW_High_KdcTGS_Reqs High ticket granting server requests per Critical 26 second TMW_LowDBTabCache Small database table cache size Warning 26 TMW_High_LogRecStlsRate High log record stalls per second Warning 27 TMW_High_KerbAuth_Reqs High Kerberos authentication requests per Critical 27 second TMW_Low_CacheSize Low value of cache size Warning 27 TMW_High_CachePgStllsRate Nonzero cache page fault stalls per second Warning 28 TMW_High_NTLMAuth_Reqs High NTLM authentication requests per Critical 28 second TMW_High_KdcAS_Reqs High authentication server requests per Critical 28 second
Small Database Cache Size This indication is sent if the database cache size is too small. This problem can arise when one or more of the following performance counters of the database performance object reach a critical value: ¶ Cache % Hit ¶ Cache Page Faults/sec ¶ File Bytes Read/sec ¶ File Bytes Written/sec ¶ File Operations/sec
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 5 Holes 0
High Number of Threads Waiting This indication is sent if the number of threads waiting for data to be written to the log to complete an update of the database is high. This can indicate a potential bottleneck in the log.
The indication has the following attribute:
Tivoli Distributed Monitoring for Active Directory Reference 25 logThreadswait Identifies the number of threads waiting
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console NO Occurrences 3 Holes 0
High Ticket-Granting Server (TGS) Requests Per Second This indication is sent if the rate at which the Kerberos Key Distribution Center (KDC) services server requests to grant tickets is high. TGS requests are used by the client to obtain a ticket to a resource.
The indication has the following attribute: kdcTGSReqPerSec Identifies the rate of KDC services server requests
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 3 Holes 0
Small Database Table Cache Size This indication is sent if all of the following are true: ¶ The percentage of database tables opened using cached schema information is low ¶ The rate of database tables opened using cached schema information is low ¶ The rate of database tables opened without using cached schema information is high. The coexistence of these three facts may indicate that the ESE database table cache size is too small.
The indication has the following key attributes: TblOpenCachePercHit Identifies the percentage of database tables opened using cached schema information TblOpenCacheHitsPerSec Identifies the number of database tables opened using cached schema information per second TblOpenMissesPerSec Identifies the number of database tables opened without using cached schema information per second
The following table shows the default settings for this indication:
26 Version 3.7 .Dmi Controller Domain 4.
Setting Default Performance Send indications to Tivoli Enterprise Console YES Occurrences 3 Holes 0
High Log Record Stalls Per Second This indication is sent if the number of log records that cannot be added to the log buffers per second, because they are full, is high for most of the time. The number should be zero. If this is not the case, the log buffer size may be a bottleneck.
The indication has the following attribute: LogRecStallsPerSec Identifies the number of log record stalls per second
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 10 Holes 2
High Kerberos Authentication Requests Per Second This indication is sent if the rate of Kerberos authentication requests on this domain controller is high. This number measures the number of times per second that clients use a ticket to authenticate themselves with the domain controller that is being monitored.
The indication has the following attribute: KerberosAuthReqsPerSec Identifies the rate of Kerberos authentication requests per second
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 3 Holes 0
Low Value of Cache Size This indication is sent if the cache size value is too small and there is no available memory. Increasing memory could better the performance. If there is enough system memory, but the cache database size does not increase, try adding more RAM.
The indication has the following attribute: CacheSize Identifies the value of the cache size
The following table shows the default settings for this indication:
Tivoli Distributed Monitoring for Active Directory Reference 27 Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 2 Holes 0
Nonzero Cache Page Fault Stalls Per Second This indication is sent if the number of page faults per second that cannot be serviced because there are no pages available for allocation from the database cache is high. This number should be zero most of the time. If this value is non-zero most of the time, the clean threshold may be set too low.
The indication has the following attribute: CachePgStallsPerSec Identifies the number of page fault stalls per second
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 10 Holes 2
High NTLM Authentication Requests Per Second This indication is sent if the rate of NTLM authentication requests on this domain controller is high.
The indication has the following attribute: ntlmReqsPerSec Identifies the number of NTLM authentication requests per second
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 3 Holes 0
High Authentication Server (AS) Requests Per Second This indication is sent if the rate of authentication server (AS) requests serviced by the Kerberos Key Distribution Center (KDC) is high. AS requests are used by clients to obtain a ticket-granting ticket.
The indication has the following attribute: kdcASReqPerSec Identifies the number of authentication server (AS) requests serviced by the Kerberos Key Distribution Center (KDC) per second
28 Version 3.7 .Dmi Controller Domain 4.
The following table shows the default settings for this indication: Performance
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 3 Holes 0
Thresholds The following table lists the thresholds that can be set for the domain controller performance resource model. For each threshold it shows the name, a short description, and the default value:
Threshold Description Default KDC Authentication Server This threshold measures the rate of Kerberos Key Distribution 100 requests per second Center (KDC) Authentication Service (AS) requests. Database table open cache %hit This threshold measures the percentage of ESE database tables 20 opened using cached schema information. If this percentage is too low, the table cache size may be too small. File bytes written per second This threshold measures the rate of bytes written to the database 30 (MB per second) file from the database cache per second. If this rate is too high, the database cache size may be too small. File bytes read per second (MB This threshold measures the rate of bytes read from the database 30 per second) file into the database cache per second. If this rate is too high, the database cache size may be too small. Database table open cache This threshold indicates the number of ESE database tables opened 300 misses per second without using cached schema information per second. If this rate is too high, the table cache size may be too small. NTLM authentications requests This threshold measures the number of NT LAN Manager 100 per second (NTLM) authentications per seconds serviced by a particular domain controller. Size of the DB Cache Manager This threshold is relative to the amount of system memory used by 2 (MB) the ESE database cache manager to hold commonly used information from the database files to prevent file operations.
If the database cache size is too small and there is very little memory available on the system, the performance may be poor.
If the available memory is large and the database cache size is not growing beyond a certain point, the database cache size may be capped at an artificially low limit. Percentage of file page requests This threshold measures the percentage of file page requests 20 fulfilled by the database cache without causing a file operation. If this percentage is too low, the database cache size may be too small. Kerberos Authentication This threshold measures the rate of authentication requests coming 100 requests per second from Kerberos. Number of Log threads waiting This threshold measures the number of threads waiting for data to 300 be written to the log to complete an update of the database. If this number is to high, the log may be a bottleneck.
Tivoli Distributed Monitoring for Active Directory Reference 29 Threshold Description Default Database table open cache hits This threshold measures the number of ESE database tables 1000 per second opened using cached schema information per second. If this rate is too low, the table cache size may be too small. File operations This threshold measures the number of file operations per second. 100 If this number is high, the database cache size may be too small. Number of database file page This threshold measures the number of database files that require a 30 requests per second new page per second. If this rate is too high the database cache size may be too small. KDC Ticket Granting Service This threshold measures the rate of Kerberos Key Distribution 100 requests per second Center (KDC) Ticket Granting Service (TGS) requests.
Logging The domain controller performance resource model can log data for the following resources: ¶ Client ¶ Database ¶ NTDS
The following table shows for each resource the contexts and properties for which data can be logged:
Resource Context Properties
Client LDAP Sessions servicedBy Identifies the name of the domain controller that is servicing the request numLDAPClientSessions Identifies the number of LDAP client sessions with the domain controller DS Requests servicedBy Identifies the name of the domain controller that is servicing the request numNTDSBinds/sec Identifies the number of NTDS binds requested by clients per second LDAP Requests servicedBy Identifies the name of the domain controller that is servicing the request LDAPBindTime(sec) Identifies the time required to set up an LDAP bind in seconds
30 Version 3.7 .Dmi Controller Domain 4.
Resource Context Properties Performance
Database Operations DBName Identifies the name of the database FileOpsPerSec Identifies the number of file operations per second DBTblOpenCacheHitsPerSec Identifies the number of ESE database tables opened using cached schema information per second DBTblOpenCacheMissesPerSec Identifies the number of ESE database tables opened without using cached schema information per second LogRecsNotAddedPerSec Identifies the number of log records that were not added per second CachePgFaultsStallsPerSec Identifies the number of cache page faults per second that cannot be serviced because there are no pages available for allocation CachePgFaultsPerSec Identifies the total number of cache page faults per second Logs DBName Identifies the name of the database LogThreadWaiting Identifies the number of threads that are waiting for data to be written to the log Caching
Tivoli Distributed Monitoring for Active Directory Reference 31 Resource Context Properties
Database Caching DBName Identifies the name of the database CachePercHit Identifies the number of file page requests fulfilled by the database cache without causing a file operation TableOpenCachePercHit Identifies the percentage of ESE database tables opened using cached schema information Sizing DBName Identifies the name of the database CacheSize(MB) Identifies the size of the database cache in MB NTDS Authentication server Identifies the name of the server requests KerberosAuthentications Identifies the number of Kerberos authentication requests KDC_AS_reqs Identifies the number of authentication requests sent to the Kerberos Key Distribution Center by the Authentication Server KDC_TGS_reqs Identifies the number of of authentication requests sent to the Kerberos Key Distribution Center by the Ticket- Granting Server NTLM_Authentications Identifies the number of NT Lan Manager authentication requests Users and computers server Identifies the name of the server numUsersCreatePerSec Identifies the number of new users created per second numMachineCreatePerSec Identifies the number of new machines created per second
32 Version 3.7 5
Replication Performance Resource Model Performance Replication 5.
This section describes the replication performance resource model.
The following table shows the key characteristics of this resource model:
Resource Model at a Glance Category Active Directory replication Thresholds YES Parameters NO Built-in actions NO Clearing events YES Default cycle time 300 seconds
Tivoli Distributed Monitoring for Active Directory Reference 33 Overview
Resource model distribution This resource model should be distributed to all domain controllers in a site.
This resource model monitors the efficiency of the Active Directory replication process. For each domain controller to which it has been distributed and on which it is running, it checks the percentage of inbound and outbound replication updates that have been filtered and applied. These percentages give an indication of the extent to which Active Directory objects and properties are dynamic or static. This information can be used to fine-tune the replication interval to optimize performance.
Indications and Events The following table lists the events that can be generated by the replication performance resource model, the name of the indication from which each event is generated, the severity of the event, and where you can find a detailed description of the indication:
Event Indication Severity See Page TMW_LowInbPropApplRate Low percentage of inbound properties Minor 34 applied TMW_HighInbPropFiltRate High percentage of inbound properties Minor 35 filtered TMW_HighOutObjFiltRate High percentage of outbound objects Minor 35 filtered TMW_LowInbObjApplRate Low percentage of inbound objects Minor 36 applied TMW_HighInbObjFiltRate High percentage of inbound objects Minor 36 filtered
Low Percentage of Inbound Properties Applied This indication is sent when the percentage of inbound replication properties received from replication partners and applied by the local service directory is low compared to the total number of properties that have been received by means of inbound replication.
The indication has the following attribute: inbPropApplPerc Identifies the percentage of inbound replication properties received from replication partners and applied by the local service directory
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console NO Occurrences 2 Holes 0
34 Version 3.7 High Percentage of Inbound Properties Filtered This indication is sent when the percentage of inbound replication properties received from replication partners that did not contain any updates to be applied is high in relation to the total number of properties received by means of inbound replication.
If this percentage is high (compared to the threshold), properties are very static and the replication frequency could be decreased.
The indication has the following attribute: Performance Replication 5. inbPropFiltPerc Identifies the percentage of inbound replication properties received from replication partners that were filtered out because they did not contain any updates to be applied
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console NO Occurrences 2 Holes 0
High Percentage of Outbound Objects Filtered This indication is sent when the percentage of outbound replication objects that have not yet been received by the outbound partner is high in relation to the total number of objects replicated out.
If this percentage is high (compared to the threshold), objects are very static and the replication frequency could be decreased.
The indication has the following attribute: OutbObjFiltPerc Identifies the percentage of outbound replication objects that were filtered out
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console NO Occurrences 2 Holes 0
Tivoli Distributed Monitoring for Active Directory Reference 35 Low Percentage of Inbound Objects Applied This indication is sent when the percentage of inbound replication objects received from replication partners and applied by the local service directory is low in relation to the total number of objects received by means of inbound replication.
The indication has the following attribute: InbObjApplPerc Identifies the percentage of inbound replication objects received from replication partners and applied by the local service directory
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console NO Occurrences 2 Holes 0
High Percentage of Inbound Objects Filtered This indication is sent when the percentage of inbound replication objects received from replication partners that contained no updates to be applied is high in relation to the total number of objects received by means of inbound replication.
If this percentage is high (compared to the threshold), objects are very static and the replication frequency could be decreased
The indication has the following attribute: percInbObjFilt Identifies the percentage of inbound replication objects received from replication partners that contained no updates to be applied
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console NO Occurrences 2 Holes 0
36 Version 3.7 Thresholds The following table lists the thresholds that can be set for the Replication Performance resource model. For each threshold it shows the name, a short description, and the default value:
Threshold Description Default Percentage of inbound objects This threshold measures the percentage of replication objects 70 applied received from replication partners, and applied by the local directory service. Only changes containing effective updates are Performance Replication 5. applied.
Whenever the percentage of inbound objects filtered is below this threshold value, an indication is sent. Percentage of inbound objects This threshold measures the percentage of replication updates 50 filtered received from replication partners but not applied by the local directory service. Changes are received but not applied when the change is already present on the domain controller.
Whenever the percentage of inbound objects applied is above this threshold value, an indication is sent. Percentage of inbound This threshold measures the percentage of properties changes that 50 properties filtered are received but are filtered, because they do not contain any updates.
Whenever the percentage of inbound properties filtered is above this threshold value, an indication is sent. Percentage of inbound This threshold measures the percentage of properties updates that 70 properties applied are genuine incoming properties changes.
Whenever the percentage of inbound properties applied is below this threshold value, an indication is sent. Percentage of outbound objects This threshold measures the percentage of objects replicated out 50 filtered that do not contain any updates.
Whenever the percentage of outbound objects filtered is above this threshold value, an indication is sent.
Tivoli Distributed Monitoring for Active Directory Reference 37 Logging The following table shows the resource, context and properties for which data can be logged:
Resource Context Properties
DRA Outbound replication serverName data Identifies the name of the server objectFilteredPerc Identifies the percentage of replication objects sent to replication partners that do not contain any updates Inbound replication serverName data Identifies the name of the server objectsAppliedPerc Identifies the percentage of replication objects received from replication partners that have been applied by the local directory service objectsFilteredPerc Identifies the percentage of replication objects received from replication partners that do not contain any updates propertiesAppliedPerc Identifies the percentage of replication properties received from replication partners that have been applied by the local directory service propertiesFilteredPerc Identifies the percentage of replication properties received from replication partners that do not contain any updates
38 Version 3.7 6 Intra-site Replication Resource Model
This section describes the intra-site replication resource model.
The following table shows the key characteristics of this resource model:
Resource Model at a Glance Category Active Directory replication Thresholds NO Parameters NO Built-in actions NO .Itast Replication Intra-site 6. Clearing events YES Default cycle time 300 seconds
Tivoli Distributed Monitoring for Active Directory Reference 39 Overview
Resource model distribution Each domain controller is involved in an intra-site process, therefore this resource model should be distributed to all domain controllers in a site.
This resource model monitors the intra-site replication process. It retrieves, for the domain controller on which it is running, the intra-site replication topology for each directory partition and performs a check against replication attempt failures for each replication partner and for each replicated directory partition.
If a replication attempt fails, the resource model sends an indication with details of the replication partner, the directory partition being replicated, and the failure reason.
Indications and Events The following table lists the event that can be generated by the intra-site replication resource model, the name of the indication from which the event is generated, the severity of the event, and where you can find a detailed description of the indication:
Event Indication Severity See Page TMW_IntraSiteRepl_Failure Intra-site replication failure Critical 40
Intra-site Replication Failure This indication is sent if an intra-site replica process between the server and one of its replication partners has failed. The indication contains a message that identifies the failure reason.
The indication has the following attributes; key attributes are shown like this, in bold: server Identifies the server name replicaPartner Identifies the name of the replication partner directoryPartition Identifies the directory partition that has failed to replicate failures Identifies the number of intra-site replication failures site Identifies the site replMsg Identifies the replication message timeLastAttempt Identifies the time when replication was last attempted timeLastSucc Identifies the time when replication was last successful
40 Version 3.7 The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
Logging The following table shows the resource, context and properties for which data can be logged:
Resource Context Properties
DRA Replication attempt partnerName Identifies the name of the replication partner directoryPartition
Identifies the directory partition Replication Intra-site 6. that has been replicated lastTime Identifies the time when replication was last attempted succTime Identifies the time when replication was last successful
Tivoli Distributed Monitoring for Active Directory Reference 41 42 Version 3.7 .Itast Replication Intra-site 7. 7 Traffic Intra-site Replication Traffic Resource Model
This section describes the intra-site replication traffic resource model.
The following table shows the key characteristics of this resource model:
Resource Model at a Glance Category Active Directory replication Thresholds YES Parameters NO Built-in actions NO Clearing events YES Default cycle time 300 seconds
Tivoli Distributed Monitoring for Active Directory Reference 43 Overview
Resource model distribution This resource model should be distributed to all domain controllers in a site.
This resource model measures all intra-site replication traffic that affects the domain controller on which it is running. It measures intra-site replication traffic by monitoring the number of inbound (replicated in) and outbound (replicated out) bytes. An indication can be sent if the number of inbound bytes per second or outbound bytes per second exceeds the thresholds.
Indications and Events The following table lists the events that can be generated by the intra-site replication traffic resource model, the name of the indication from which each event is generated, the severity of the event, and where you can find a detailed description of the indication:
Event Indication Severity See Page TMW_HighOutbBytes High intra-site outbound replication traffic Harmless 44 TMW_HighInbBytes High intra-site inbound replication traffic Harmless 45 TMW_PendDirSync Pending directory synchronization not Warning 45 processed not decreasing
High Intra-site Outbound Replication Traffic This indication is sent when the outbound bytes per second exceed the threshold for outbound intra-site replication traffic.
The indication has the following attribute: outboundBytesPerSec Identifies the number of outbound bytes per second
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console NO Occurrences 2 Holes 0
44 Version 3.7 .Itast Replication Intra-site 7.
High Intra-site Inbound Replication Traffic This indication is sent when the number of inbound bytes per second exceeds the threshold. Traffic This indication means that intra-site inbound replication traffic is high.
The indication has the following attribute: inboundBytesPerSec Identifies the number of inbound bytes per second
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console NO Occurrences 2 Holes 0
Pending Directory Synchronization Not Processed Not Decreasing This indication is sent when the number of directory synchronizations that are queued for this server but not yet processed does not decrease. This number should normally be zero or close to zero. This indication means that some problem has occurred in the replication process.
The indication has the following attribute: pendDirSyncNum Identifies the number of pending directory synchronizations
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 6 Holes 0
Thresholds The following table lists the thresholds that can be set for the Intra-site Replication Traffic resource model. For each threshold it shows the name, a short description, and the default value:
Threshold Description Default Outbound bytes per second Number of bytes per second of outbound replication data from the 100 same site Inbound bytes per second Number of bytes per second of inbound replication data from the 100 same site
Tivoli Distributed Monitoring for Active Directory Reference 45 Logging The following table shows the resource, context and properties for which data can be logged:
Resource Context Properties
DRA Outbound replication data serverName Name of the server bytesPerSec Number of bytes per second of outbound replication data from the same site Inbound replication data serverName Name of the server bytesPerSec Number of bytes per second of inbound replication data from the same site
46 Version 3.7 8 Inter-site Replication Resource Model .Itrst Replication Inter-site 8.
This section describes the inter-site replication resource model. Resource The following table shows the key characteristics of this resource model:
Resource Model at a Glance Category Active Directory replication Thresholds NO Parameters NO Built-in actions NO Clearing events YES Default cycle time 300 seconds
Tivoli Distributed Monitoring for Active Directory Reference 47 Overview
Resource model distribution This resource model can run on any domain controller in a domain performing the inter-site replication process. It should be distributed to one or more domain controllers per site as follows: ¶ If one or more specific domain controllers have been designated to act as bridgehead server, distribute this resource model to those machines to optimize performance. In this case, all required resources are accessed locally and there is no need to enable Tivoli to access remote resources through the wlcftap command. ¶ If the Knowledge Consistency Checker (KCC) has been configured to create and maintain the inter-site replication topology, and you do not know which domain controller has been designated to act as bridgehead server, distribute this resource model to a generic domain controller. The controller will contact the bridgehead server to retrieve the required information. In this case, you must run the wlcftap command on all endpoints on which this resource model is running, to enable Tivoli to access remote file systems. For details of the wlcftap command, see Prerequisites.
This resource model performs the following tasks for the site in which it is running: ¶ Checks that a site link has been created ¶ Monitors the inter-site replication process ¶ Locates the domain controllers that are acting as bridgehead servers within the site. These are the domain controllers that control the inter-site replication process for the site. ¶ Checks for each bridgehead server that the inter-site replication is functioning efficiently.
Prerequisites This resource model accesses remote resources of one or more remote domain controllers that are acting as bridgehead server.
If you have not distributed this resource model to one or more domain controllers that are acting as bridgehead servers, you must run the wlcftap command on all the Tivoli endpoints on which the resource model has been distributed. The wlcftap command sets the properties of the TivoliAP.dll (TAP). The TAP enables Tivoli to access remote file systems in the context of a user.
wlcftap -r domain-name\user-name where: user-name Identifies a user member of the Domain Admins group
48 Version 3.7 Indications and Events The following table lists the events that can be generated by the inter-site replication resource model, the name of the indication from which each event is generated, the severity of the event, and where you can find a detailed description of the indication:
Event Indication Severity See Page TMW_InterSiteRepl_Failure Inter-site replication failure Critical 49 TMW_BridgeHead_NotFound No bridgehead servers in the site Warning 50
TMW_NoReplicaPartner No replication partner Warning 50 Replication Inter-site 8. TMW_SiteLink_NotFound Site link not defined Warning 51 Resource Inter-site Replication Failure This indication is sent if an inter-site replication process between the server and its partner in the other site has failed. The indication also describes the reason for the failure, and gives the time of the last replication attempt.
The indication has the following attributes; key attributes are shown like this, in bold: failures Identifies the number of failures since the last successful replication attempt bridgeHeadServer Identifies the bridgehead server serving the site whose inter-site replication process has failed partnerServer Identifies the partner server of the bridgehead server directoryPartition Identifies the directory partition that has failed to replicate replMsg Identifies the text of the reply message that is sent as part of the indication timeLastAttempt Identifies the time of the last replication attempt timeLastSucc Identifies the time of the last successful replication attempt
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
Tivoli Distributed Monitoring for Active Directory Reference 49 No Bridgehead Servers in the Site This indication is sent if no domain controllers have been designated as bridgehead server for the specified site. Bridgehead servers are required in each site to perform site-to-site replication. Bridgehead servers can be designated automatically by the KCC, or they can be assigned manually by an administrator.
The indication has the following attribute: siteName Identifies the name of the site that does not have a designated bridgehead server
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
No Replication Partner This indication is sent when a domain controller that is acting as bridgehead server has no replication partner in an inter-site replication process. No domain controller has been designated in another site to be the replica partner for this domain controller.
Check and change the replication topology to correct this.
The indication has the following attribute: BridgeHeadServer Identifies the name of the bridgehead server that does not have a designated replication partner
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
50 Version 3.7 Site Link Not Defined This indication is sent when no site link has been created for the specified site. If this inter-site connection does not exist, two or more sites cannot replicate with each other.
The indication has the following attribute: siteName Identifies the name of the site
The following table shows the default settings for this indication: .Itrst Replication Inter-site 8. Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Resource Holes 0
Logging The following table shows the resource, context and properties for which data can be logged:
Resource Context Properties
DRA Replication attempt bridgeHeadServer Identifies the bridgehead server that is serving the site whose inter-site replication process has failed partnerName Identifies the partner server of the bridgehead server directoryPartition Identifies the directory partition being replicated lastTime Identifies the time of the last replication attempt succTime Identifies the time of the last successful replication attempt
Tivoli Distributed Monitoring for Active Directory Reference 51 52 Version 3.7 9 Inter-site Replication Traffic Resource Model
This section describes the inter-site replication traffic resource model.
The following table shows the key characteristics of this resource model:
Resource Model at a Glance Category Active Directory Replication Thresholds YES
Parameters NO Replication Inter-site 9. Built-in actions NO Clearing events YES Default cycle time 300 seconds Traffic
Tivoli Distributed Monitoring for Active Directory Reference 53 Overview
Resource model distribution This resource model can run on any domain controller in a domain performing the inter-site replication process. It should be distributed to one or more domain controllers per site as follows: ¶ If one or more specific domain controllers have been designated to act as bridgehead server, distribute this resource model to those machines to optimize performance. In this case, all required resources are accessed locally and there is no need to enable Tivoli to access remote resources through the wlcftap command. ¶ If the Knowledge Consistency Checker (KCC) has been configured to create and maintain the inter-site replication topology, and you do not know which domain controller has been designated to act as bridgehead server, distribute this resource model to a generic domain controller. The controller will contact the bridgehead server to retrieve the required information. In this case, you must run the wlcftap command on all endpoints on which this resource model is running, to enable Tivoli to access remote file systems. For details of the wlcftap command, see Prerequisites.
This resource model performs the following tasks for the site in which it is running: ¶ Locates the domain controllers that are acting as bridgehead servers within the site. These are the domain controllers that control the inter-site replication process for the site. ¶ Retrieves the value of its performance counters related to inter-site replication activity. Inter-site replication traffic is compressed. It is measured by monitoring the inbound (replicated in) and outbound (replicated out) compressed bytes. ¶ An indication can be sent if the amount of inbound bytes per second or outbound bytes per second exceeds the thresholds.
Prerequisites This resource model accesses remote resources of one or more remote domain controllers that are acting as bridgehead server.
If you have not distributed this resource model to one or more domain controllers that are acting as bridgehead servers, you must run the wlcftap command on all the Tivoli endpoints on which the resource model has been distributed. The wlcftap command sets the properties of the TivoliAP.dll (TAP). The TAP enables Tivoli to access remote file systems in the context of a user.
wlcftap -r domain-name\user-name where: user-name Identifies a user member of the Domain Admins group.
54 Version 3.7 Indications and Events The following table lists the events that can be generated by the inter-site replication traffic resource model, the name of the indication from which each event is generated, the severity of the event, and where you can find a detailed description of the indication:
Event Indication Severity See Page TMW_HighCompInbBytes High inter-site inbound replication Warning 55 traffic TMW_HighCompOutbBytes High inter-site outbound replication Warning 56 traffic
High Inter-site Inbound Replication Traffic This indication is sent when the number of inbound bytes per second exceeds the threshold. It indicates a high rate of inter-site inbound replication traffic.
The indication has the following attributes; key attributes are shown like this, in bold: bridgeHeadserver Identifies the name of the bridgehead server that is receiving a high rate of
inter-site replication traffic Replication Inter-site 9. inbBytesCompPerSec Identifies the number of compressed inbound bytes of replication traffic per
second Traffic
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console NO Occurrences 2 Holes 0
Tivoli Distributed Monitoring for Active Directory Reference 55 High Inter-site Outbound Replication Traffic This indication is sent when the number of outbound bytes per second exceeds the threshold. It indicates a high rate of inter-site outbound replication traffic.
The indication has the following attributes; key attributes are shown like this, in bold: bridgeHeadserver Identifies the name of the bridgehead server that is sending a high rate of inter-site replication traffic outbBytesCompPerSec Identifies the number of compressed outbound bytes of replication traffic per second
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console NO Occurrences 2 Holes 0
Thresholds The following table lists the thresholds that can be set for the inter-site replication traffic resource model. For each threshold it shows the name, a short description, and the default value:
Threshold Description Default Outbound bytes per second Number of bytes per second of outbound replication data to other 100 sites. Inbound bytes per second Number of bytes per second of inbound replication data from other 100 sites.
Note: Inter-site replication data uses compression. These thresholds apply to the number of bytes replicated in or out before compression.
56 Version 3.7 Logging The following table shows the resource, context and properties for which data can be logged:
Resource Context Properties
DRA Outbound replication data bridgeHeadServer Name of the bridgehead server sending outbound replication data comprBytes(beforeCompr)PerSec Number of bytes of outbound replication data before compression per second comprBytes(afterCompr)PerSec Number of bytes of outbound replication data after compression per second Inbound replication data bridgeHeadServer Name of the bridgehead server receiving inbound replication data Replication Inter-site 9. comprBytes(beforeCompr)PerSec Number of bytes of inbound replication data before
compression per second Traffic comprBytes(afterCompr)PerSec Number of bytes of inbound replication data after compression per second
Tivoli Distributed Monitoring for Active Directory Reference 57 58 Version 3.7 evc Performance Service 0 ieReplication File 10. 10 File Replication Service Performance Resource Model
This section describes the File Replication Service performance resource model.
The following table shows the key characteristics of this resource model:
Resource Model at a Glance Category Active Directory replication Thresholds YES Parameters NO Built-in actions NO Clearing events YES Default cycle time 120 seconds
Tivoli Distributed Monitoring for Active Directory Reference 59 Overview
Resource model distribution This resource model should be distributed to all domain controllers in a site.
This resource model measures the performance of the File Replication Service (FRS). Windows 2000 domain controllers and servers use FRS to replicate system policies and login scripts for Windows 2000 and down-level clients.
Indications and Events The following table lists the events that can be generated by the File Replication Service resource model, the name of the indication from which each event is generated, the severity of the event, and where you can find a detailed description of the indication:
Event Indication Severity See Page TMW_HighPerc_ChgOrdEvaporated High percentage of change orders Warning 61 evaporated TMW_HighPerc_PackSentErr High percentage of packets sent Warning 61 in error TMW_HighPerc_DSBindErr High percentage of Directory Warning 61 Service bindings in error TMW_HighPerc_ChgOrdRetired High percentage of change orders Warning 62 retired TMW_HighPerc_ChgOrdMorphed High percentage of change orders Warning 62 morphed TMW_High_KBStagSpUse High value of staging space in Warning 62 use (KB) TMW_HighPerc_FilesInstdErr High percentage of files installed Warning 63 with error TMW_High_PacksRecvd Persistent high number of packets Warning 63 received TMW_High_NumFilesInst Number of files installed Warning 63 persistently high TMW_HighPerc_PackRecvdErr High percentage of packets Warning 64 received in error TMW_High_USNRecAcceptd High Usn records accepted Warning 64 TMW_HighPerc_ChgOrdAborted High percentage of change orders Warning 64 aborted TMW_Low_KBStagSpFree Low value of staging space free Warning 65 (KB) TMW_High_NumChgOrdSent Persistent high number of change Warning 65 orders sent
60 Version 3.7 evc Performance Service 0 ieReplication File 10. High Percentage of Change Orders Evaporated This indication is sent when the percentage of change orders that have evaporated is high compared to the total number of change orders received from inbound partners. Evaporated change orders refer to the number of local file updates that were never processed because the file was deleted before the updates could be processed.
The indication has the following attribute: percChgEvaporated Identifies the percentage of change orders that have evaporated
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
High Percentage of Packets Sent in Error This indication is sent when the percentage of packets sent in error is high compared to the total number of packets sent.
The indication has the following attribute: percPackSentErr Identifies the percentage of packets sent in error
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
High Percentage of Directory Service Bindings in Error This indication is sent if the percentage of Directory Service (DS) bindings in error is high compared to the total number of DS bindings.
The indication has the following attribute: percDSBindErr Identifies the percentage of DS bindings in error
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
Tivoli Distributed Monitoring for Active Directory Reference 61 High Percentage of Change Orders Retired This indication is sent if the percentage of change orders that have been retired is high compared to the total number of change orders received from inbound partners.
The indication has the following attribute: percChgOrdRetired Identifies the percentage of change orders that have been retired
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
High Percentage of Change Orders Morphed This indication is sent if the percentage of change orders morphed is high compared to the total number of change orders received from inbound partners. Morphed change orders are file updates that have encountered a name space collision on the replica set member.
This counter indicates network problems with DNS, a duplicate computer name and errors of that nature.
The indication has the following attribute: percChgOrdMorphed Identifies the percentage of change orders morphed
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
High Value of Staging Space in Use (KB) This indication is sent when almost all available space in the staging directory is currently in use. If the staging directory runs out of space, replication stops.
The indication has the following attribute: StagingSpaceInUse Identifies the amount of staging space in use in kilobytes
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
62 Version 3.7 evc Performance Service 0 ieReplication File 10.
High Percentage of Files Installed with Error This indication is sent if the percentage of files installed with error is high compared to the total number of files installed.
The indication has the following attribute: percFilesInstdErr Identifies the percentage of files installed with error
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
Persistent High Number of Packets Received This indication is sent when the number of packets received has been different from zero for a while. This number should be zero in an idle state, unless a computer is having problems joining other computers in the replica set.
The indication has the following attribute: numPackRecvd Identifies the number of packets received
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 5 Holes 0
Number of Files Installed Persistently High This indication is sent if the number of files installed locally has been greater than zero for a while. In an idle state this number should be zero.
The indication has the following attribute: numFilesInstd Identifies the number of files installed locally
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 5 Holes 0
Tivoli Distributed Monitoring for Active Directory Reference 63 High Percentage of Packets Received in Error This indication is sent when the percentage of packets received in error is high compared to the total number of packets received.
The indication has the following attribute: percPackRecvdErr Identifies the percentage of packets received in error
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
High Usn Records Accepted This indication is sent if the Usn Records Accepted counter of the FileReplicaSet performance object is high. A high value indicates possible heavy replication traffic and can result in replication latency.
The indication has the following attribute: UsnRecAccptd Identifies the value of the Usn Records Accepted counter
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 5 Holes 0
High Percentage of Change Orders Aborted This indication is sent when the percentage of aborted change orders is high in comparison to the total number of change orders received from inbound partners. Change orders aborted refer to the number of file updates that were aborted on the replicaset member. A high value of this counter can indicate a replication problem.
The indication has the following attribute: percChgOrdAborted Identifies the percentage of aborted change orders
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
64 Version 3.7 evc Performance Service 0 ieReplication File 10. Low Value of Staging Space Free (KB) This indication is sent when the amount of free space in the staging directory used by FRS to temporarily store files before they are replicated is below the default value in idle state. The default staging space in the idle state is 660 MB.
The indication has the following attribute: StagingSpaceFree Identifies the amount of free space in KB
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
Persistent High Number of Change Orders Sent This indication is sent if the number of change orders sent to outbound replication partners has been greater than zero for a while. A high value could indicate heavy replication traffic. In the idle state, when no replication is taking place, this number should be zero.
The indication has the following attribute: NumChgOrdSent Identifies the number of change orders sent to outbound replication partners
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 5 Holes 0
Tivoli Distributed Monitoring for Active Directory Reference 65 Thresholds The following table lists the thresholds that can be set for the File Replication Service resource model. For each threshold it shows the name, a short description, and the default value:
Threshold Description Default KB of staging space Free (KB) This threshold measures the amount of free space in the staging 660000 directory used by FRS to temporarily store files before they are replicated. The default staging space is 660 MB. Percentage of change orders This threshold measures the percentage of change orders morphed 30 morphed compared to the total number of change orders received from inbound partners. It should be below 30 percent. Percentage of files installed This threshold measures the percentage of files installed with error 30 with error compared to the total number of files installed. It should be below 30 percent. USN record accepted threshold This threshold measures the number of USN records accepted. A 40 high value of this counter indicates heavy replication traffic. KB of staging space in use This threshold measures the amount of space in the staging 600000 (KB) directory currently in use. If the staging directory runs out of space, replication stops. Percentage of packets received This threshold measures the percentage of packets received with 30 with errors errors compared to the total number of packets received. It should be below 30 percent. Percentage of change orders This threshold measures the percentage of change orders 30 evaporated evaporated compared to the total number of change orders received from inbound partners. It should be below 30 percent. Percentage of change orders This threshold measures the percentage of change orders retired 30 retired compared to the total number of change orders received from inbound partners. It should be below 30 percent. Percentage of change orders This threshold measures the percentage of change orders aborted 30 aborted compared to the total number of change orders received from inbound partners. It should be below 30 percent. Percentage of packets sent with This threshold measures the percentage of packets sent with errors 30 errors compared to the total number of packets sent. It should be below 30 percent. Percentage of DS bindings with This threshold measures the percentage of DS bindings with errors 30 errors compared to the total number of DS bindings. It should be below 30 percent.
Logging The following table shows the resource, context and properties for which data can be logged:
66 Version 3.7 evc Performance Service 0 ieReplication File 10.
Resource Context Properties
FRS FRS Replication server Identifies the name of server USNRecAccptd Identifies the number of USN records accepted DSBindings Identifies the total number of DS bindings DSBindingsErr Identifies the percentage of DS bindings with errors Staging Space server Identifies the name of server StagingSpaceFree(KB) Identifies the amount of space in KB in the staging directory currently free StagingSpaceUse(KB) Identifies the amount of space in KB in the staging directory currently in use File Updates server Identifies the name of server ChgOrdRecvd Identifies the number of change orders received ChgOrdAbortd Identifies the number of change orders aborted ChgOrdEvaptd Identifies the number of change orders evaporated ChgOrdMorphd Identifies the number of change orders morphed ChgOrdRetired Identifies the number of change orders retired FilesInstd Identifies the number of files installed FilesInstdErr Identifies the number of files installed with errors FRS File ReplicaSet Data server Identifies the name of server PacktRecvd Identifies the number of packets received PackRecvdErr Identifies the number of packets received with errors PackSent Identifies the number of packets sent PackSentErr Identifies the number of packets sent with errors
Tivoli Distributed Monitoring for Active Directory Reference 67 68 Version 3.7 11 Windows 2000 DNS Server Performance Resource Model 1 N Server DNS 11. Performance
This section describes the Windows 2000 DNS server performance resource model.
The following table shows the key characteristics of this resource model:
Resource Model at a Glance Category DNS Thresholds YES Parameters NO Built-in actions YES Clearing events YES Default cycle time 10 seconds
Note: It is recommended that the cycle time is not set above 20 seconds. Some of the counters vary quickly, and must therefore be retrieved quickly to obtain useful statistical data.
Tivoli Distributed Monitoring for Active Directory Reference 69 Overview
Resource model distribution This resource model must be distributed only to primary DNS servers that run Windows 2000 DNS.
Even if DNS is integrated with Active Directory, a primary DNS server must be nominated.
This resource model monitors the activity and performance of the Windows 2000 DNS server in general and of the DNS service in particular. It monitors the following: ¶ Zone transfer failures ¶ Dynamic update failures ¶ DNS response time ¶ General problems with DNS
The resource model also provides a built-in action for the automatic recovery of the DNS service.
Indications and Events The following table lists the events that can be generated by the Windows 2000 DNS server performance resource model, the name of the indication from which each event is generated, the severity of the event, and where you can find a detailed description of the indication:
Event Indication Severity See Page TMW_DNS_Server_Service_Stopped The DNS Server service is Critical 70 stopped TMW_TotDynUpdfailures Dynamic updates failures Warning 71 TMW_High_DNSResponse_time High DNS response time Critical 71 TMW_ZoneTrasferPercFailures Percentage of zone transfer Critical 72 failures TMW_DNS_Server_Service_Failing The DNS Server service is failing Critical 72
The DNS Server Service Is Stopped This indication is sent when the DNS server that is running on this endpoint has stopped. The indication contains a built-in action that restarts the DNS server service if it is in a stopped state.
The indication has the following attributes; key attributes are shown like this, in bold: serviceName Identifies the name of the service serviceStatus Identifies the current status of the DNS server service
70 Version 3.7 The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0 Restart service? YES
Dynamic Update Failures
This indication is sent when the number of total dynamic updates failures, due to rejection Server DNS 11. and timeouts, is high. Performance
The indication has the following attributes: PercTotDynUpdtFail Identifies the percentage of dynamic update failures PercRej Identifies the percentage of dynamic updates that have been rejected PercTimeOuts Identifies the percentage of dynamic updates that have timed out
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 2 Holes 0
High DNS Response Time This indication is sent if the DNS response time exceeds the specified threshold. The time required by DNS to resolve incoming queries should not be too high. If DNS takes a long time to resolve queries, this could adversely affect the general performance of Active Directory.
The indication has the following attributes: ResponseTime Identifies the response time NumQueryProcessed Identifies the number of queries that have been processed
Tivoli Distributed Monitoring for Active Directory Reference 71 The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 3 Holes 3
Note: It is recommended that the number of holes is always a multiple of 3. This is because some of the counters that are used to calculate the response time vary only every 3 cycle times. Percentage of Zone Transfer Failures This indication is sent when the percentage of zone transfer failures is high.
The indication has the following attribute: TransfFailuresPerc Identifies the percentage of zone transfer failures
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
The DNS Server Service Is Failing This indication is sent when the DNS server service does not have a status of OK.
The indication has the following attributes; key attributes are shown like this, in bold: serviceName Identifies the name of the DNS server service that is failing serviceStatus Identifies the current status of the service serviceState Identifies the current state of the service
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
72 Version 3.7 Thresholds The following table lists the thresholds that can be set for the Windows 2000 DNS server performance resource model. For each threshold it shows the name, a short description, and the default value:
Threshold Description Default Total dynamic update failures This thresholds measures the percentage of total dynamic update 30 failures, due to timeouts and rejection. DNS response time in seconds This threshold measures the time taken by DNS to resolve 3 incoming queries. 1 N Server DNS 11.
Percentage of zone transfer This threshold measures the percentage of zone transfer failures 30 Performance failures compared to the total number of zone transfers.
Logging The following table shows the resource, context and properties for which data can be logged:
Resource Context Properties
DNS Response time DNSServer Identifies the name of the DNS server ResponseTime(sec) Identifies the response time per second of the DNS server Server traffic DNSServer Identifies the name of the DNS server DynamicUpdtRecvd Identifies the total number of dynamic updates received DynamicUpdtReject Identifies the total number of dynamic updates that have been rejected DynamicUpdtTimeOuts Identifies the total number of dynamic updates that have timed out ZoneTransfRecvd Identifies the total number of zone transfer requests received ZoneTransfFail Identifies the total number of zone transfer failures TotQueryRecvd Identifies the total number of requests received TotRespSent Identifies the total number of responses sent
Tivoli Distributed Monitoring for Active Directory Reference 73 74 Version 3.7 12 Active Directory Integrated DNS Resource Model
This section describes the Active Directory integrated DNS resource model.
The following table shows the key characteristics of this resource model:
Resource Model at a Glance Category DNS Thresholds NO Parameters NO 2 cieDirectory Active 12.
Built-in actions NO DNS Integrated Clearing events YES Default cycle time 300 seconds
Tivoli Distributed Monitoring for Active Directory Reference 75 Overview
Resource model distribution If you are using Active Directory-integrated DNS, distribute this resource model to one domain controller in the same domain where the DNS server is located.
If there is more than one DNS server servicing your forest, distribute this resource model to one domain controller for each domain where a DNS server is located.
When Windows 2000 DNS server runs on a domain controller, that domain controller stores a copy of the corresponding DNS zone. Windows 2000 domain controllers can register one or more DNS records in the Active Directory. These entries are Service Location Records (SRV) that are used to identify services that are available on a host.
SRVs enable a client to find the following: ¶ A Windows 2000 domain controller in the domain ¶ The primary domain controller (PDC) emulator ¶ The global catalog server This resource model monitors the server under investigation and sends an alert if any SRV is inaccurate or missing.
Indications and Events The following table lists the events that can be generated by the DNS server performance resource model, the name of the indication from which each event is generated, the severity of the event, and where you can find a detailed description of the indication:
Event Indication Severity See Page TMW_Missing_GC_SRV_Records Missing global catalog SRV Warning 77 record TMW_Missing_DNSNode_Record Missing dnsNode record Critical 77 TMW_Bad_DC_SRV_Records Bad record data for domain Warning 78 controller TMW_Missing_PDC_SRV_Record Missing PDC SRV record Warning 78 TMW_Bad_GC_SRV_Records Bad record data for Global Warning 79 Catalog TMW_Missing_DC_SRV_Record Missing domain controller SRV Warning 79 record TMW_Bad_PDC_SRV_Records Bad record data for Primary Warning 80 Domain Controller emulator
76 Version 3.7 Missing Global Catalog SRV Record This indication is sent when one of the global catalog SRV records is missing from the copy of the zone stored on the specified server.
The indication has the following attributes; key attributes are shown like this, in bold: server Identifies the server under investigation rootZoneCopy Identifies the copy of the zone MissingGC Identifies the global catalog whose SRV record is missing from the copy of the zone forest Identifies the name of the forest
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0 2 cieDirectory Active 12.
Missing dnsNode Record DNS Integrated This indication is sent if one of the following is missing from the copy of the zone that is stored on the specified server: ¶ A DNS node record for a global catalog ¶ A primary domain controller emulator or domain controller for a particular domain
The indication has the following attributes; key attributes are shown like this, in bold: server Identifies the server under investigation zoneCopy Identifies the copy of the zone dnsNodeRecType Identifies the type of DNS node record that is missing domain Identifies the domain whose DNS node record is missing from the copy
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
Tivoli Distributed Monitoring for Active Directory Reference 77 Bad Record Data for Domain Controller This indication is sent when the copy of the zone stored on the specified server contains an SRV record for a domain controller that does not correspond to any of the known domain controllers that serve the domain covered by this zone.
The indication has the following attributes; key attributes are shown like this, in bold: server Identifies the server under investigation zoneCopy Identifies the copy of the zone correctDC Identifies the name of the correct domain controller for this domain domain Identifies the domain
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
Missing PDC SRV Record This indication is sent when the PDC SRV record for the specified domain is missing from the copy of the zone stored in the specified server.
The names of the missing PDC and the domain can both be retrieved from the event message.
The indication has the following attributes; key attributes are shown like this, in bold: server Identifies the server zoneCopy Identifies the copy of the zone MissingPDC Identifies the name of the primary domain controller whose SRV record is missing domain Identifies the domain
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
78 Version 3.7 Bad Record Data for Global Catalog This indication is sent if the copy of the zone stored on the specified server contains an SRV record for a global catalog that does not correspond with any of the known global catalogs that serve the forest.
The indication has the following attributes; key attributes are shown like this, in bold: server Identifies the server rootZoneCopy Identifies the copy of the zone correctGC Identifies the name of the correct global catalog for this domain domain Identifies the domain
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0 2 cieDirectory Active 12.
Missing Domain Controller SRV Record DNS Integrated This indication is sent when one of the domain controller SRV records is missing from the copy of the zone stored on the specified server. The names of the missing domain controller and the domain can both be retrieved from the event message.
The indication has the following attributes; key attributes are shown like this, in bold: server Identifies the server zoneCopy Identifies the copy of the zone MissingDC Identifies the name of the missing primary domain controller for this domain domain Identifies the domain
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
Tivoli Distributed Monitoring for Active Directory Reference 79 Bad Record Data for Primary Domain Controller Emulator This indication is sent when the copy of the zone stored on the specified server contains an SRV record for a primary domain controller that does not correspond with the known primary domain controller that serves a specified domain.
The indication has the following attributes; key attributes are shown like this, in bold: server Identifies the server zoneCopy Identifies the copy of the zone correctPDC Identifies the correct primary domain controller for this domain domain Identifies the domain
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
80 Version 3.7 Logging The following table shows the resource, context and properties for which data can be logged:
Resource Context Properties
SRV records DC records ServerMonitored Identifies the name of the server that is being monitored DomainName Identifies the name of the domain to which the server belongs NumMissingRecs Identifies the number of missing domain controller records NumBadRecs Identifies the number of incorrect domain controller records PDC records ServerMonitored
Identifies the name of the server that is Directory Active 12.
being monitored DNS Integrated DomainName Identifies the name of the domain to which the server belongs NumMissingRecs Identifies the number of missing primary domain controller records NumBadRecs Identifies the number of incorrect primary domain controller records SRV records GC records ServerMonitored Identifies the name of the server that is being monitored RootZoneCopy Identifies the copy of the zone NumMissingRecs Identifies the number of missing global catalog records NumBadRecs Identifies the number of incorrect global catalog records
Tivoli Distributed Monitoring for Active Directory Reference 81 82 Version 3.7 3 HPPerformance DHCP 13. 13 Windows 2000 DHCP Server Performance Resource Model
This section describes the Windows 2000 DHCP server performance resource model.
The following table shows the key characteristics of this resource model:
Resource Model at a Glance Category DHCP Thresholds YES Parameters NO Built-in actions YES Clearing events YES Default cycle time 120 seconds
Tivoli Distributed Monitoring for Active Directory Reference 83 Overview
Resource model distribution This resource model should be distributed to the DHCP server, but only if it is running Windows 2000 DHCP.
This resource model monitors the performance and general functioning of the DHCP server. It checks if lease times are too short, if the traffic on the DHCP is too heavy and other key issues that ensure that the DHCP is in health.
The resource model also provides a built-in action for the automatic recovery of the DHCPServer service.
Indications and Events The following table lists the events that can be generated by the Windows 2000 DHCP Server performance resource model, the name of the indication from which each event is generated, the severity of the event, and where you can find a detailed description of the indication:
Event Indication Severity See Page TMW_DHCPHighDecRate High rate of declines Warning 85 TMW_DHCPConflictQL High value of conflict check Warning 85 queue length TMW_DHCPHighDupDropsRate DHCP slow Warning 85 TMW_DHCP_Server_Service_Failing DHCP Server service is failing Critical 86 TMW_DHCPHigh_NacksRate High rate of negative Warning 86 acknowledgements TMW_DHCPHighPacksExpiredRate High increase of packets expired Warning 86 per second TMW_DHCPCounters_SuddenInc DHCP scope lease times suddenly Warning 87 short TMW_DHCPCounters_AbnormalInc Sudden decrease in DHCP scope Warning 87 lease times TMW_DHCP_Server_Service_Stopped The DHCP server service has Critical 87 stopped TMW_DHCP_High_ActiveQL High value of active queue length Warning 88
84 Version 3.7 3 HPPerformance DHCP 13.
High Rate of Declines This indication is sent if the rate at which the DHCP server receives declines is high. This occurs when there are address conflicts between many clients. It can indicate possible network problems.
The indication has the following attribute: declinePerSec Identifies the number of declines per second that have been received by the DHCP server
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 3 Holes 0
High Value of Conflict Check Queue Length This indication is sent when the conflict check queue length is high. It may indicate that Conflict Detection attempts have been set too high, or that there is heavy traffic on the DHCP server.
The indication has the following attribute: conflictQueueLen Identifies the number of packets in the conflict queue of the DHCP server
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 2 Holes 0
DHCP Slow This indication is sent if the rate at which the DHCP server receives duplicate packets is high. This may indicate that DHCP is not responding very fast or that clients are timing out too fast.
The indication has the following attribute: dupsDroppedPerSec Identifies the number of duplicate packets dropped by the DHCP server per second
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 3
Tivoli Distributed Monitoring for Active Directory Reference 85 Setting Default Holes 0
DHCP Server Service Is Failing This indication is sent when the DHCP server service is in a status different from OK.
The indication has the following attributes; key attributes are shown like this, in bold: serviceName Identifies name of the DHCP server service serviceStatus Identifies the current status of the DHCP server service serviceState Identifies the current state of the DHCP server service
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
High Rate of Negative Acknowledgements This indication is sent if the rate at which the DHCP server sends negative acknowledgements is high. A high value can indicate possible network problems.
The indication has the following attribute: nacksPerSec Identifies the number of negative acknowledgements sent by the DHCP server per second
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console NO Occurrences 3 Holes 0
High Increase of Packets Expired Per Second This indication is sent if the number of packets expired per second is high. A high value indicates that the server is taking too long to process packets or that the traffic on the network is too high for the DHCP to handle. This can suggest a disk or memory bottleneck.
The indication has the following attribute: packsexpiredPerSec Identifies the number of packets expired per second
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES
86 Version 3.7 3 HPPerformance DHCP 13.
Setting Default Occurrences 3 Holes 0
Short DHCP Scope Lease Times This indication is sent when the rate of acknowledgements or the rate of requests increases abnormally over a period of time. If these numbers increase abnormally over time, this could be because the length of DHCP lease times has been set too short.
The indication has the following attributes, the key attribute is shown like this, in bold: counter Identifies the name of the counter whose rate has suddenly increased percIncrease Identifies the percentage by which the counter has increased over time
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 5 Holes 0
Sudden Decrease in DHCP Scope Lease Times This indication is sent when the rate of acknowledgements or the rate of requests increases abnormally. If these numbers increase suddenly, this could be because the length of scope lease times has been set too short.
The indication has the following attributes, the key attribute is shown like this, in bold: counter Identifies the name of the counter whose rate has suddenly increased percIncrease Identifies the percentage by which the counter has suddenly increased
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0
The DHCP Server Service Has Stopped This indication is sent when the DHCP server that is running on this endpoint is stopped. The indication also contains a built-in action that restarts the service if it is in a stopped state.
The indication has the following attributes, the key attribute is shown like this, in bold: serviceName Identifies name of the DHCP server service serviceStatus Identifies the current status of the DHCP server service
The following table shows the default settings for this indication:
Tivoli Distributed Monitoring for Active Directory Reference 87 Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 1 Holes 0 Restart Service? YES
High Value of Active Queue Length This indication is sent when the active queue length is high. This could be because of heavy traffic on the DHCP server.
The indication has the following attribute: activeQueueLen Identifies the number of packets in the processing queue
The following table shows the default settings for this indication:
Setting Default Send indications to Tivoli Enterprise Console YES Occurrences 2 Holes 0
88 Version 3.7 3 HPPerformance DHCP 13.
Thresholds The following table lists the thresholds that can be set for the Windows 2000 DHCP Server performance resource model. For each threshold it shows the name, a short description, and the default value:
Threshold Description Default Percentage increase of requests This threshold measures the percentage increase of the number of 5 per second requests received by this DHCP server. This value should not increase very much over time. If it does, then the length of the lease times could be set too short. Negative acknowledgements per This threshold measures the rate at which the DHCP server sends 100 second negative acknowledgements. A very high value could indicate network problems. Declines per second This threshold measures the rate at which declines have been 100 received by the DHCP server. A high value could indicate network problems. Packets expired per second This threshold measures the rate at which the packets received 100 expire. A high value indicates that the server is taking too long to process packets, or that the traffic on the network is too high for the DHCP to handle. This could indicate a disk or memory bottleneck. Sudden percentage increase of This threshold measures the sudden percentage increase in the 25 counter values number of requests per second and number of acknowledgements per second received by the DHCP server. If the values of those two counters increase suddenly, this could be due to lease times being set too short. If the percentage increase of those two counters is above the threshold provided, an indication of sudden short lease times is sent.
When this threshold is exceeded, an indication of short lease time is sent. You may need to adjust this threshold to your own environment. Duplicates dropped per second This threshold measures the rate at which the DHCP server 100 receives duplicate packets. A high value indicates that clients are timing out too fast or that the DHCP server is not responding fast enough. Active queue length This threshold measures the number of packets in the processing 100 queue of the DHCP server. A large value may indicate heavy server traffic. Conflict Check queue length This threshold measures the number of packets waiting in the 100 DHCP server queue due to conflict detection. A high value may indicate that the Conflict detection attempts property has been set too high, or that there is heavy lease traffic on the server. Percentage increase of This threshold measures the percentage increase of the rate at 5 acknowledgements per second which acknowledgements have been sent by the DHCP server. This value should not increase too much over the time. If this happens, it may indicate that lease times are too short.
Tivoli Distributed Monitoring for Active Directory Reference 89 Logging The following table shows the resource, context and properties for which data can be logged:
Resource Context Properties
DHCP Server traffic DHCPServer Identifies the name of the DHCP server DeclinesPerSec Identifies the number of declines per second DupsDroppedPersec Identifies the number of duplicate packets dropped per second NegativeAcksPerSec Identifies the number of negative acknowledgements sent per second PacksExpiredPerSec Identifies the number of packets expired per second AcksPerSec Identifies the number of acknowledgements that have been sent by the DHCP server per second RequestsPerSec Identifies the number of requests that have been received by the DHCP server per second Message queues DHCPServer Identifies the name of the DHCP server ConflictChkQueueLen Identifies the number of packets waiting in the DHCP server queue due to conflict detection ActiveQueueLen Identifies the length of the active queue
90 Version 3.7 A Troubleshooting
This section provides information about possible errors that are the result of incorrectly configured resource models, missed prerequisites, or an incorrectly configured Active Directory environment.
Error Handling A resource model cannot function properly or at all, if it is distributed to an endpoint that is missing a prerequisite, or that is running a Windows platform that is not supported. When a resource model is distributed to such an endpoint, an error will be displayed in the Resource Model Status field of the Health Console. Each error is identified by a number. Depending on the severity of the error, the resource model running on the endpoint will either stop running, or attempt an automatic recovery.
The following table shows the resource model status displayed on the Health Console, and the behavior of the resource model on the endpoint:
Resource model status on Health Console Resource model behavior on endpoint Error Stopped Missed Prereq Stopped Not Compiled Stopped Failed (ErrorNumber) Stopped .Troubleshooting A. Failing (ErrorNumber) Recovery is attempted every time this resource model is polled Retrying (ErrorNumber) Recovery is attempted for a fixed number of times before the resource model status changes to Failed, or the problem is solved Unable to start (ErrorNumber) Stopped
For more detailed information about an error, check the Tmw2k.log on the endpoint where the resource model has reported the error.
The log is located in the following directory:
Tivoli Distributed Monitoring for Active Directory Reference 91 Error Numbers The following sections describe the error numbers that can be shown on the Health Console in case of resource model errors. The errors are listed by number, and for each error number, the following information is provided: ¶ A description that includes the possible cause of the error ¶ One or more user responses for resolving the cause of the error
Error Number 1 Explanation: The operating system on which the resource model is running is not a Windows 2000 system. User Response: Check that the endpoint on which the resource model is running is a Windows 2000 Server, or Advanced Server. The error message in the Tmw2k.log file on the endpoint includes the Windows version level.
Error Number 2 Explanation: Binding to rootDSE object failed. User Response: Check that the endpoint on which the resource model is running is a Windows 2000 Server, or Advanced Server where Active Directory is running.
Error Number 3 Explanation: Error loading IADsTools DLL. Distributed Monitoring for Active Directory resource models use the IADsTools COM object that is provided in the Windows 2000 Support Tools Component. User Response: Check that the Windows 2000 Support Tools Component is installed on the domain controller to which the resource model has been distributed.
Error Number 4 Explanation: Performance counters cannot be loaded. The cause of the problem might be one of the following: ¶ The performance object is not defined on the machine where the resource model is running. ¶ If the resource model accesses remote resources, it does not have enough authority to access performance counters of a remote machine. User Response: ¶ If the resource model is the Domain Controller performance resource model, check that you have installed the Database Performance Object correctly. ¶ If the application log of the Event Viewer contains a warning message with Event ID 2003, refer to Microsoft article Q267831, which describes a workaround for this problem.
Note: This problem is solved by Windows 2000 Service Pack 2. ¶ If the resource model is the Inter-site Replication traffic resource model and you have distributed it to a domain controller endpoint that is not a bridgehead server, you must run the wlcftap command to enable Tivoli to access the remote resources. For information about running the wlcftap command, see “Prerequisites” on page 48.
92 Version 3.7 Error Number 5 Explanation: The call DsGetSiteName, for retrieving the site name of the domain controller, failed. This problem is mainly caused by a bad Domain Name System (DNS) naming resolution of the domain controller where the resource model is running. User Response: Check that the DNS server configuration is correct.
Error Number 6 Explanation: The call InitPerformanceData, for loading the performance counters, failed. User Response: Try to restart the resource model on the endpoint by stopping and re-starting the Distributed Monitoring for Windows engine.
Error Number 7 Explanation: The call PerfCounterValue, for retrieving the value of a certain performance counter, failed. User Response: Try to restart the resource model on the endpoint by stopping and re-starting the Distributed Monitoring for Windows engine.
Error Number 8 Explanation: The call GetDefaultNamingContext, for retrieving the default naming context of the domain controller where the resource model is running, failed. This problem can be caused by an incorrect configuration of the domain controller where the resource model is running, and indicate possible problems with the Active Directory setup. It could also be caused by problems with the DNS naming resolution. User Response: ¶ Check that the DNS server configuration is correct. ¶ Check the configuration of Active Directory on the domain controller where the resource model is running. ¶ Check if the Directory Service log has logged any errors on the event viewer.
Error Number 9 Explanation: The call GetNamingContext, for retrieving the naming context of the domain controller on which the resource model is running, failed. This problem can be caused by an incorrect configuration of the domain .Troubleshooting A. controller where the resource model is running, and indicate possible problems with the Active Directory setup. It could also be caused by problems with the DNS naming resolution. User Response: ¶ Check that the DNS server configuration is correct. ¶ Check the configuration of Active Directory on the domain controller where the resource model is running. ¶ Check if the Directory Service log has logged any errors on the event viewer.
Error Number 10 Explanation: The call GetPartialNamingContext, for retrieving the default naming context of the domain controller on which the resource model is running, failed. This problem can be caused by an incorrect configuration of the domain controller where the resource model is running, and indicate possible problems with the Active Directory setup. It could also be caused by problems with the DNS naming resolution. User Response: ¶ Check that the DNS server configuration is correct. ¶ Check the configuration of Active Directory on the domain controller where the resource model is running. ¶ Check if the Directory Service log has logged any errors on the event viewer.
Tivoli Distributed Monitoring for Active Directory Reference 93 Error Number 11 Explanation: This error is issued by the Domain Controller availability resource model because of problems with the DNS naming resolution. User Response: ¶ Check that the DNS is properly configured. ¶ Check that nslookup can correctly resolve names when run on the domain controller where the resource model is running.
Error Number 12 Explanation: The call GetSiteLinks, for retrieving the number of site links in the site where the domain controller is placed, failed. This problem can be caused by an incorrect configuration of the domain controller where the resource model is running, and indicate possible problems with the Active Directory setup. It could also be caused by problems with the DNS naming resolution. User Response: ¶ Check that the DNS server configuration is correct. ¶ Check the configuration of Active Directory on the domain controller where the resource model is running. ¶ Check if the Directory Service log has logged any errors on the event viewer.
Error Number 13 Explanation: The call GetBridgeHeadsInSite, for retrieving the number of bridgehead servers in the site where the domain controller is placed, failed. This problem can be caused by an incorrect configuration of the domain controller where the resource model is running, and indicate possible problems with the Active Directory setup. It could also be caused by problems with the DNS naming resolution. User Response: ¶ Check that the DNS server configuration is correct. ¶ Check the configuration of Active Directory on the domain controller where the resource model is running. ¶ Check if the Directory Service log has logged any errors on the event viewer.
Error Number 14 Explanation: The call GetSiteLinks, for retrieving the number of site links in the site where the domain controller is placed, returned zero. This means that there are no domain controllers acting as bridgehead servers in that site. User Response: Check that at least one bridgehead server has been defined for the site where the resource model is running, and that this server is up and running.
Error Number 15 Explanation: This error might be issued by the Inter-site replication resource model if there is no authorization to read the requested replication state. User Response: If the resource model is the Inter-site replication resource model and you have distributed the resource model to a domain controller endpoint which is not a bridgehead server, you must run the wlcftap command to enable Tivoli to access the remote resources. For information about running the wlcftap command, see “Prerequisites” on page 48. Alternatively, you can distribute this resource model to any domain controller acting as bridgehead server in your domain.
94 Version 3.7 Error Number 16 Explanation: The call GetDirectPartnersEx, for retrieving the number of replication partners of the server, failed. This problem can be caused by an incorrect configuration of the domain controller where the resource model is running, and indicate possible problems with the Active Directory setup. It could also be caused by problems with the DNS naming resolution. User Response: ¶ Check that the DNS server configuration is correct. ¶ Check the configuration of Active Directory on the domain controller where the resource model is running. ¶ Check if the Directory Service log has logged any errors on the event viewer.
Error Number 17 Explanation: This error might be issued by the DNS Active Directory integrated resource model if a binding to the Global Catalog object and a binding to the Configuration Container return a different number of domains in the forest. This problem can be caused by an incorrect configuration of the domain controller where the resource model is running, and indicate possible problems with the Active Directory setup. It could also be caused by problems with the DNS naming resolution. User Response: ¶ Check that the DNS server configuration is correct. ¶ Check the configuration of Active Directory on the domain controller where the resource model is running. ¶ Check if the Directory Service log has logged any errors on the event viewer.
Error Number 18 Explanation: This error might be issued by the Inter-site replication resource model if the domain controller designated to act as bridgehead server, does not have any replication partner in other sites. This problem can be caused by an incorrect configuration of the domain controller where the resource model is running, and indicate possible problems with the Active Directory setup. It could also be caused by problems with the DNS naming resolution. User Response: ¶ Check that the DNS server configuration is correct. .Troubleshooting A. ¶ Check the configuration of Active Directory on the domain controller where the resource model is running. ¶ Check if the Directory Service log has logged any errors on the event viewer.
Error Number 19 Explanation: This error might be issued by the DNS Active Directory integrated resource model if the domain controller to which you have distributed the resource model, does not store a copy the DNS zones in its Active Directory. This problem can occur because you distributed the resource model to the wrong domain controller. If the domain controller is the correct one, then this can be caused by an incorrect configuration of the DNS integrated with Active Directory. User Response: ¶ Check that you have distributed the resource model to the correct domain controller. ¶ Check the configuration of the DNS server and the Active Directory integrated zones.
Tivoli Distributed Monitoring for Active Directory Reference 95 Error Number 20 Explanation: This error is issued if an Active Directory Service Interfaces (ADSI) query to the domain controller where the resource model is running failed. This can be due to problems in the Active Directory configuration or in the DNS naming resolution. User Response: ¶ Check the configuration of Active Directory on the domain controller where the resource model is running. ¶ Check that the DNS server configuration is correct.
Error Number 21 Explanation: The call GetGCList, for retrieving the list of global catalogs defined in the forest, failed. This problem can be due to different causes: ¶ Failure in binding the Directory Service of the Domain Controller where the Resource model is running. ¶ Service Advertisement Records for locating the Global Catalog are not registered on the DNS. ¶ Network problems. User Response: ¶ Check that the DNS server configuration is correct. ¶ Check that you can connect to the Directory Service of the domain controller on which the resource model is running.
Error Number 22 Explanation: The call GCName, for retrieving the name of a Global Catalog, failed. This problem can occur because the Global Catalog has not been correctly registered, either in the DNS or in the Directory Service copy stored on the domain controller. User Response: ¶ Check the DNS configuration. ¶ Check if the Directory Service Log in the event viewer has logged any errors or warning events of the category Global Catalog.
Error Number 23 Explanation: The call GetSiteList, for retrieving the list of sites in the forest, failed. This problem can occur because of a failure to bind the domain controller on which the resource model is running, or because of an incorrect DNS configuration. User Response: ¶ Check the DNS configuration. ¶ Check that you can successfully connect to the Directory Service on this domain controller.
96 Version 3.7 Error Number 24 Explanation: The call SiteEntryName, to retrieve the name of sites enumerated by means of GetSiteList, failed. This problem can occur because the data stored in the Directory Service copy is not correct, or because of an incorrect DNS configuration. User Response: ¶ Check the DNS configuration. ¶ Check if the Directory Service log in the event viewer has logged any events from any of the following: v NTDS Database v NTDS General Source v NTDS Replication v NTDS KCC.
Error Number 25 Explanation: The call GetServersInSite, to retrieve the list of servers on a specific site, failed. This problem can occur because of a failure to bind the domain controller on which the resource model is running, or because of an incorrect DNS configuration. User Response: ¶ Check the DNS configuration. ¶ Check that you can successfully connect to the Directory Service on this domain controller.
Error Number 26 Explanation: The call ServerInSiteEntryName, to retrieve the name of the servers enumerated by means of GetServersInSite, failed. This problem can occur because the data stored in the Directory Service copy are not correct, or because of an incorrect DNS configuration. User Response: Check the DNS configuration. .Troubleshooting A.
Error Number 27 Explanation: This error is issued by the Domain Controller availability resource model, because the call GetDSAConnections, to get the list of the replication partners of the domain controller where the resource model is running, failed. This problem can occur because of a failure to bind the domain controller on which the resource model is running, a failure to bind the configuration container, or because of an incorrect DNS configuration. User Response: ¶ Check the DNS configuration. ¶ Check that you can successfully connect to the Directory Service on this domain controller.
Tivoli Distributed Monitoring for Active Directory Reference 97 Error Number 28 Explanation: This error might be issued by the DNS Active Directory integrated resource model if the call GetPDCFSMO, to get the domain controller that owns the PDC emulator FSMO role for a domain, failed. This problem can occur because of a failure to bind the domain controller on which the resource model is running, or because of an incorrect DNS configuration. User Response: ¶ Check the DNS configuration. ¶ Check that you can successfully connect to the Directory Service on this domain controller.
Error Number 29 Explanation: This error might be issued by the DNS Active Directory integrated resource model if the call to DsGetDcList, to get the list of domain controller servicing a domain, failed. This problem can occur because the domain controller where the resource model is running failed to bind the domain controller from which it is trying to retrieve the information. This can be the result of bad DNS naming resolution, or because of configuration problems of the queried domain controller. User Response: ¶ Check the DNS configuration. ¶ Check that you can successfully connect to the Directory Service on this domain controller. ¶ Check that you can successfully bind the queried domain controller. ¶ Check that you can successfully retrieve information from other domain controllers.
98 Version 3.7 B Effective Use of the Parametric Event Log Resource Model
This section provides suggestions for event logs and source types to monitor with the parametric event log resource model for each of the Active Directory resource categories: ¶ Active Directory domain controller ¶ Active Directory replication ¶ DNS ¶ DHCP
Active Directory Domain Controller Category To supplement the information available from the Active Directory Domain Controller category of resource models, you should select the Directory Service log from the Windows 2000 Logs parameter. All events coming from the following sources can be used to monitor specific problems with the ESE database and Active Directory in general: ¶ NTDS ISAM ¶ NTDS Database
¶ NTDS General Log Event Parametric B. eoreModel Resource Active Directory Replication Category To supplement the information available from the Active Directory Replication category of resource models, you should select the Directory Service log from the Windows 2000 Logs parameter. You can use event collected from the following sources to monitor problems coming from the replica process, intra-site and inter-site ones and from the Knowledge Consistency Checker: ¶ NTDS Replication, ¶ NTDS Inter-site Messaging ¶ NTDS KCC Alternatively, to monitor specific events for the File Replication service, you can use the File Replication Service log of the Windows 2000 Logs parameter.
Tivoli Distributed Monitoring for Active Directory Reference 99 DNS Category To supplement the information available from the DNS category of resource models, you should distribute the parametric event log resource model to the server that runs Windows 2000 DNS. Then you should enable the DNS Server log to monitor events from the Windows 2000 DNS server.
DHCP Category To supplement the information available from the DHCP category of resource models, you should monitor events coming from the source DHCP Server in the System log file. In particular, check if there are any events with ID 1014 logged from the DHCP server. This event indicates a possible DHCP database corruption. If such an event has been logged, a reconciliation of the DHCP database is recommended. Event with ID 1051 coming from the same source can indicate that there are unauthorized DHCP servers running on one or more domain controllers.
100 Version 3.7 Glossary E
endpoint In a Tivoli environment, a Tivoli client that is the ultimate recipient for any type of Tivoli operation.
event (1) In the Tivoli environment, any significant change in the state of a system resource, network resource, or network application. An event can be generated for a problem, for the resolution of a problem, or for the successful completion of a task. Examples of events are: the normal starting and stopping of a process, the abnormal termination of a process, and the malfunctioning of a server. (2) In Tivoli Distributed Monitoring for Active Directory, an event is generated for a particular resource (or set of resources) when a specified number of indications are received within a specified number of cycles, as defined by the aggregation rule for that event. See also indication. G
gateway In a Tivoli environment, software running on a managed node that provides all communication services between a group of endpoints and the rest of the Tivoli environment. This gateway includes the multiplexed distribution (MDist) function, enabling it to act as the fanout point for distributions to many endpoints. H
Health Console A component of Distributed Monitoring for Windows that displays real-time and historical data for any resource model at any endpoint. Using the graphical user interface, users can locate individual problems associated with one or more resources. The status is displayed as a value between 0 (representing an identified problem, that is, an event) and 100 (representing no recent indications) See also event and indication. I
indication An entity triggered by the occurrence of a problem in an endpoint relating to one or more resources. Indications are consolidated into events within the endpoint being monitored. See also event. P Glossary profile In a Tivoli environment, a container for application-specific information about a particular type of resource. A Tivoli application specifies the template for its profiles; the template includes information about the resources that can be managed by that Tivoli application. A profile is created in the context of a profile manager; the profile manager links a profile to the Tivoli resource (for example, a managed node) that uses the information contained in the profile. A profile does not have any direct subscribers.
profile manager In a Tivoli environment, a container for profiles that links the profiles to a set of resources, called subscribers. Tivoli administrators use profile managers to organize and distribute profiles. A profile manager is created in the context of a policy region and is a managed resource in a policy region.
Tivoli Distributed Monitoring for Active Directory Reference 101 R
resource model In Tivoli Distributed Monitoring for Windows, an object that models a related set of resources on an individual workstation, which must be a Tivoli endpoint. At runtime, the resource model accesses the status of the underlying resources by using the Windows Management Interface (WMI). It then makes this information available to the Health Console. Resource models are predefined and target a specific resource area, such as the logical disk, or TCP/IP. For any resource model users can specify individual thresholds and event aggregation rules. See also event. T
Tivoli Business System Manager A Tivoli product that allows system administrators to graphically monitor, control, and configure applications residing in distributed and host (S/390) environments and to use the concept of business systems management to organize related components, thereby providing a business perspective for management decisions. Tivoli Business System Manager gives information technology staff a logical view of the computing environment; this view shows, at a glance, the status of the multiple applications that comprise the enterprise’s business system, including application components, the relationships among and between components, and the flow of data between the applications. By providing this view from a business perspective, Tivoli Business System Manager enables system administrators to quickly make determinations about the business impact of any component failure. Addressing technology problems from the business perspective greatly improves the effectiveness of system administrators and provides a higher level of service to users.
Tivoli Distributed Monitoring for Windows A Tivoli product that extends the suite of monitoring capabilities to Windows NT and Windows 2000. Tivoli Distributed Monitoring for Windows has three main components: (1) a server component that is used to create and distribute profiles that model workstation resources (2) an endpoint component that at runtime collects and analyzes resource data in real time (3) the Health Console, which displays both real-time and historical performance and availability data.
Tivoli Enterprise Console A Tivoli product that collects, processes, and automatically initiates corrective actions for system, application, network, and database events; it is the central control point for events from all sources. The Tivoli Enterprise Console provides a centralized, global view of the network computing environment; it uses distributed event monitors to collect information, a central event server to process information, and distributed event consoles to present information to system administrators.
Tivoli environment The Tivoli applications, based upon the Tivoli Management Framework, that are installed at a specific customer location and that address network computing management issues across many platforms. In a Tivoli environment, a system administrator can distribute software, manage user configurations, change access privileges, automate operations, monitor resources, and schedule jobs.
Tivoli Management Agent (TMA In the Tivoli environment, an agent that securely performs administrative operations.
Tivoli Management Framework The base software that is required to run the applications in the Tivoli product suite. This software infrastructure enables the integration of systems management applications from Tivoli Systems Inc. and the Tivoli Partners. In a Tivoli environment, the Tivoli Management Framework is installed on every client and server; however, the TMR server is the only server that holds the full object database.
102 Version 3.7
Printed in the United States of America on recycled paper containing 10% recovered post-consumer fiber.
SH19-4559-00