SCOM Test Event Based Rule by creating a Fake event

Sometimes we need to create a rule for alerts using the Windows Event Ids

I had a situation to alert on one such event:

Event 6008 which is logged as a dirty shutdown. It gives the message "The previous system shutdown at time on date was unexpected"

In order to create a Rule for unexpected Shutdown : i used the following method

http://dynamicdatacenter.wordpress.com/2012/10/09/quick-win-scom-alert-rule-to-detect-server-reboot-shutdown/

Configuration for the Rule:

-System Log
- Event ID: 6008
- Event Source: EventLog

In order to test the monitor we can create a fake event using many methods: e.g using vbscript , eventcrete , logevent , powershell ,OpsMgr Script

Each one has its Pro's and Con's
http://ianblythmanagement.wordpress.com/2008/08/25/create-events/

I used the following powershell to create the fake event

Write-EventLog -Logname System -Source EventLog -EventId 6008 -Message "This is a Fake Event"-EntryType ERROR

Hope this helps

Comments

Group Policy Object did not apply because it failed with error code '0x80070534 No mapping between account names and security IDs was done

One of our servers was losing the Local Admin settings as we control them using GPO (restricted Groups) We were receiving the following event on this particular server : Event ID 4098 Application Event Log The computer 'Administrators (built-in)' preference item in the 'Servers Local Admins {odjd9DBD-22AF-48EA-ADF5-F42ADE4182hst}' Group Policy Object did not apply because it failed with error code '0x80070534 No mapping between account names and security IDs was done.' This error was suppressed. To fix the issue we deleted all the folders from the following location and rebooted the server C:\ProgramData\Microsoft\Group Policy\History Hope this helps.

DSS WSUS server fail to download Updates HTTP status 404: The requested URL does not exist on the server.

When managing a Downstream WSUS server , it may happen that when a patch is approved it tried to immediately download it form the source server (USS) Sometime we see errors in event viewer stating that the the download failed Event ID: 364 Content file download failed. Reason: HTTP status 404: The requested URL does not exist on the server. Source File: /Content/6E/72131F469F73C884B32124746BAFCA2C8E0A106E.cab Destination File: E:\WSUS\WsusContent\6E\72131F469F73C884B32124746BAFCA2C8E0A106E.cab Event ID 10032 The server is failing to download some updates. We also see following entries in softwaredistribution.log 2016-09-26 07:53:29.287 UTC Warning WsusService.3 ContentSyncAgent.ProcessBITSNotificationQueue ContentSyncAgent recieved Failure for Item: f52f0b8a-2b22-43cf-933e-af8de6b11eb6, Item fails 2016-09-26 07:53:29.287 UTC Info WsusService.3 ContentSyncAgent.ContentSyncSPFireStateMachineEvent ContentSyncAgent firing Event: FileDownloadFailed for Item: f5...

StoreFront 2.0 Propagate Changes Event ID 0 and 1 .There was no endpoint listening at net.tcp

When we add server to the Citrix storefront 2.0 server gropup , it may happen that the Propagate changes give us an error You will see the following events on the Primary StoreFront 2.0 Server Event Id 0: Error in retrieving synchronization information. Citrix.DeliveryServices.PowerShell.Command.Runner.Exceptions.PowerShellExecutionException: An error occured running the command: 'Get-DSClusterConfigurationUpdateState' ---> System.Management.Automation.ActionPreferenceStopException: Command execution stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: There was no endpoint listening at net.tcp://storefront02/Citrix/ConfigurationReplication that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. Event Id 1: Citrix.DeliveryServices.PowerShell.Command.Runner.Exceptions.PowerShellExecutionException, Citrix.Delive...

Kitaab

Search This Blog