How to Fine-Tune SCCM ConfigMgr Monitoring with SCOM. The SCOM Management Pack for Configuration Manager 2012 is available.
This post will help you learn more about the critical classes that must be monitored via the SCCM 2012 Management Pack.
This may also help to understand the registry keys and event IDs involved in the monitoring process. The registry keys and event ID details will be very helpful when troubleshooting CM 2012 issues.
I’ve not included details on performance monitoring and threshold settings in this post.
Table of Contents
Fine-Tune SCCM ConfigMgr Monitoring with SCOM
In my experience, we waste loads of time in implementing and fine-tuning SCCM 2007 MP. Implementing Management Pack directly into the production environment is not a very good approach. The best method is to implement the MP in a lab environment and configure and fine-tune it. Once you’re convinced of the alerts, move to the production environment. Read the installation guide of the Management Pack and that should be the first step you must take before implementing MP.
- SCCM SCOM Alerts – How To Fine Tune And Reduce Alerts (anoopcnair.com)
- SCCM Server Infrastructure Monitoring Script Without SCOM OpsMgr Automation ConfigMgr HTMD Blog (anoopcnair.com)
SCCM 2007 Management Pack won’t work with ConfigMgr 2012. CM 2012 MP can be used with SCOM 2007 R2 or later and System Center Configuration Manager 2012.
Before going into the details of classes, I just wanted to share an excellent blog post from Kevin Holman on CM 2012 MP improvements. As per his analysis, there are many improvements in the management pack for CM 2012. The biggest problem with ConfigMgr 2007 MP is that it was just converted from MOM 2005. Hence, it came with lots of bugs. The following are the improvements highlighted as part of SCCM 2012 MP.
NO SCRIPTS in the Monitoring, Decrease in Lines of code, Decrease in Number of workflows, Disabled Workflows out of the box, and Well documented guide. How to Fine-Tune SCCM ConfigMgr Monitoring with SCOM
The Details of Critical Classes in ConfigMgr 2012 Management Pack (Fine-Tune SCCM ConfigMgr Monitoring with SCOM)
The fallback status point is monitored via the registry key “HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_FALLBACK_STATUS_POINT\ Availability State”
Management points are monitored through HTTP responses, IIS, and SMS Agent Host service. In addition, SCOM will monitor the threshold settings on all the threads of Management Point.
- Management Point HTTP Response Monitor Registry: HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_MP_CONTROL_MANAGER\ 65AC53A5-8C79-4DF9-AE79-A53F689C2222\ Severity
- IIS Service Availability Monitor on Management Point NT Service: W3SVC
- Management Point Availability Monitor Registry: HKLM\SOFTWARE\Microsoft\SMS\Operations Management\SMS Server Role\{Role Name}\Availability State
- SMS Agent Host Service Availability Monitor NT Service: CcmExec
The PXE service point is monitored through WDS availability, which is accomplished by monitoring NT Service: webserver.
Site database server availability is monitored via SQL Writer Service Availability Monitor NT Service: SQLWriter
Software update point availability is monitored via a registry key, and two NT services are mentioned below.
- Software Update Point Availability Monitor Registry: HKLM\SOFTWARE\Microsoft\SMS\Operations Management\SMS Server Role\{Role Name}\Availability State
- IIS Service Availability Monitor on Software Update Point NT Service: W3SVC
- WSUS Windows Service Availability Monitor NT Service: WSUSService
Reporting Services Point Availability can be monitored through
- Reporting Service Point Availability Monitor Registry: HKLM\SOFTWARE\Microsoft\SMS\Operations Management\SMS Server Role\{Role Name}\Availability State.
- SQL Reporting Service Availability Monitor NT Service: ReportServer
Application Catalog web service point availability is monitored via the following registry and service.
- IIS Service Availability Monitor on Application Catalog Web Service Point NT Service: W3SVC
- Application Catalog Web Service Point Availability Monitor Registry: HKLM\SOFTWARE\Microsoft\SMS\Operations Management\SMS Server Role\{Role Name}\Availability State
- Application Catalog Web Service Monitor Registry: HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_AWEBSVC_CONTROL_MANAGER\ F0128B76-DD22-481D-A65B-270201AED381\ Severity
- Application Catalog Web Service IIS Configuration Monitor Registry: HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_AWEBSVC_CONTROL_MANAGER\ 0B543BAC-54C7-463D-BDA5-ADD9F71AEA09\ Severity
Application Catalog website point availability is monitored via the following registry and service.
- IIS Service Availability Monitor on Application Catalog Web Site Point NT Service: W3SVC
- Application Catalog Web Site Point Availability Monitor Registry: HKLM\SOFTWARE\Microsoft\SMS\Operations Management\SMS Server Role\{Role Name}\Availability State
- Application Catalog Web Server Monitor Registry: HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_PORTALWEB_CONTROL_MANAGER\ 0B12B4BA-B838-4927-ADC1-2E9602B076E3\ Severity
- Application Catalog IIS Configuration Monitor Registry: HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_PORTALWEB_CONTROL_MANAGER\ 4A06F831-B577-4C10-8643-8C577C2C22B3\ Severity
Database Notification Monitor availability is monitored via Windows Event ID 2420 (Site server fails to execute a maintenance task)
Distribution Manager availability is monitored via Windows Event ID 2323 (i.e. Distribution manager fails to access the network).
Primary to central site replication monitoring has been achieved through the following WMI queries: Primary Site To Central Site “Global Data Receiving Status Monitor,” “Global Data Sending Status Monitor,” and “Site Data Sending Status Monitor.” The default time interval is 6 minutes.
Central To Primary Site Replication monitoring has been achieved through the following WMI queries. Central Site to Primary Site Global Data Receiving Status Monitor, Global Data Sending Status Monitor and Site Data Receiving Status Monitor. The default time interval is 6 minutes. How to Fine-Tune SCCM ConfigMgr Monitoring with SCOM
Primary or Standalone site server availability is monitored through Active Directory Configuration Monitor for Device Management Registry key status HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_EN_ADSERVICE_MONITOR\ CAFD8C35-08B6-4772-9101-B1B220CBA044\ Severity. Loads of performance threshold monitoring can also be achieved through SCOM.
Site Component Manager availability is monitored via the following event IDs, NT service and registry Keys.
- Windows Event ID 4909 (Site component manager fails to read Active Directory objects)
- Windows Event ID 4912 (Site component manager fails to update Active Directory objects)
- Windows Event ID 1037 (Component manager fails to access site system)
- Site Server Component Service Availability Monitor via NT Service: SMS_SITE_COMPONENT_MANAGER
- Site Component Manager Availability Monitor via Registry key HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_SITE_COMPONENT_MANAGER\ Availability State
Site Server Role availability is monitored via the following registry key. Site Server Connectivity To SQL Database Server Via Registry Key HKLM\SOFTWARE\Microsoft\SMS\Operations Management\SMS Server Role\{Role Name}\Availability State. How to Fine-Tune SCCM ConfigMgr Monitoring with SCOM
Site Server availability is ensured via the following registry keys and WMI Query.
- Database Certificate Validity Monitor via Registry key HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_HIERARCHY_MANAGER\ FBCA00DB-7C9D-4d6d-9F84-07C605B31191\ Severity
- WSUS Synchronization Failed WMI Query
- SQL Server Disk Space Monitor via Registry key HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_HIERARCHY_MANAGER\ 6FD0B53A-35DA-4da1-84C9-A9E1B6C12828\ Severity
- SQL Server Firewall Port Monitor via Registry key HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_HIERARCHY_MANAGER\ 8D5E5CC1-CCF5-4c66-BC8A-527C9066161B\ Severity
- SQL Server Port Monitor via Registry key HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_HIERARCHY_MANAGER\ B1B669B9-6C11-4b8e-A09A-4E515D20F4F6\ Severity
- SQL Server Service Broker Certificate Validity Monitor via Registry key HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_HIERARCHY_MANAGER\ 812A1E5F-B31C-45a5-89EE-695460882F38\ Severity
- SQL Server Service Broker Port Monitor via Registry key HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_HIERARCHY_MANAGER\ D362CF53-926B-4f7d-A4A2-0691D3F177F5\ Severity
WSUS Control Manager Availability is being Monitored via Registry key HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_WSUS_CONTROL_MANAGER\ Availability State.
WSUS Synchronization Manager Availability is being Monitored via Registry key HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_WSUS_SYNC_MANAGER\ Availability State. How to Fine-Tune SCCM ConfigMgr Monitoring with SCOM
WSUS Configuration Manager availability is being monitored using the following event IDs and registry keys.
- WSUS Configuration Manager Availability Monitor via Registry key HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components\ SMS_WSUS_CONFIGURATION_MANAGER\ Availability State.
- Fail to configure the proxy setting on the WSUS server via Windows Event ID 7000.
- This rule generates an alert when the WSUS configuration manager fails to publish the client to the WSUS server via Windows Event ID 6613.
- Fail to subscribe to or get updated categories and classifications via Windows Event ID 6603.
- WSUS version mismatch via Windows Event ID 7004.
Note:- The core information shared in this post is taken from the following document. Download the doc from ConfigMgr_MPGuide_Appendix.docx. Even Kevin’s blog has also been inspired by the document OpsMgr_MP_ConfigMgr.docx.
Resources
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.
Author
Anoop C Nair has been Microsoft MVP from 2015 onwards for 10 consecutive years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is also a Blogger, Speaker, and leader of the Local User Group Community. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.
Any Idea how to monitor the User Discovery and System discovery failures? Or If the discovery is taking more time than normal?
You can check log files related to discovery also status messages this will give you some idea about discovery errors.
Hi Anoop!
Excelent post! But I have a doubt, how I know the registry value to running or not in each feature?
Hi Lucas – You can check component registry keys from sccm site server. But why you need registry keys?
The Availability is being Monitored via Registry key ? I need to know if 0 or 1 is running or not running, right?
Sample Registry – HKLM/Software/Microsoft/SMS/Components/SMS_SITE_COMPONENT_MANAGER/Component/Servers
Ok Anoop, I know about registry key, but what result is considered OK” and what is considered “NOT OK”?
I don’t remember that out of my head now. I might need to check that in the SCOM but generally 0 is OK. I will try to check that and confirm back here.
Because I´ll use the CA tool, so I need set manually. Thank you so much!