Service Monitoring


Applications Manager supports monitoring of the following Services to check their status:

JMX Applications

Prerequisites for monitoring JMX Application metrics: Refer to the Prerequisites Section for configuration details.

Using the REST API to add a new JMX Applications monitor: Click here

To create a MX4J RMI Connector monitor, follow the given steps:

  1. Click on New Monitor link. Choose JMX Applications.
  2. Enter the IP Address or hostname of the host in which the Monitor is running.
  3. Enter the SubNetMask of the network.
  4. Provide the port number in which RMI Adapter is running. Also, you can provide multiple ports separated by commas.
  5. You can enter your own credential details or select preconfigured credentials details in Credentials Manager. If you wish to enter your own credentials, specify username and password details for this monitor.
  6. Enter the JNDI name. For example, /jmxconnector.
  7. To enable customized JMX URL, check the Enable JMX URL checkbox and enter the JMX URL. ( The URL should be of the format service:jmx:rmi:///jndi/rmi://HOST:PORT/jmxrmi. For example, a jboss customized jmx URL can be - service:jmx:remoting-jmx://HOST:PORT and a websphere customized jmx URL - service:jmx:wsrmi://HOST:PORT/)
  8. If Authentication is enabled, enter the Username and password.
  9. Enter thepolling interval time in minutes.
  10. If you are adding a new monitor from an Admin Server, select a Managed Server.
  11. Choose the Monitor Group from the combo box to which you want to associate the Monitor (optional). You can choose multiple groups to associate your monitor.
  12. Click Add Monitor(s). This discovers the Monitor from the network and starts monitoring them.

Note:
In case you are unable to add the monitor even after enabling JMX, try providing the below argument:
 -Djava.rmi.server.hostname=[YOUR_IP]

JMX Applications
  • Connects to the MX4J-JMX agent to check availability and response time of RMI Connector. You can also view the custom attributes of the MX4J-JMX agent in the same page. Further, alarms can be generated for JMX notifications through JMX Notification Listener. For information on adding Custom Monitors, refer to Custom Monitors topic.

Ping Monitor / Ping Monitor (EUM)

To create a Ping monitor, follow the steps given below:

  1. Click on New Monitor link. Choose Ping Monitor / Ping Monitor (EUM) under 'Services' category.
  2. Provide Host Name / IP Address.
  3. Enter the Timeout value for the monitor in seconds.
  4. Specify the Polling Interval for the monitor in minutes.
  5. If you are adding a new monitor from an Admin Server, select a Managed Server.
  6. Select the Monitor Group with which you want to associate the monitor to, from the combo box (optional). You can choose multiple groups to associate your monitor.
  7. Associate the monitor instance to the agent.*
    1. Enable Run on Server option to run the ping monitor in the local instance of Applications Manager.
    2. Enable Run on Agent option to run the ping monitor from multiple locations. Select the necessary agents from where you want this monitor to be executed. This option will be available only if you enable the EUM add-on.
  8. Click Add Monitor(s). This adds the ping monitor and the monitoring will be started as per the polling interval configured.
Note:

*This is only for Ping Monitor(EUM) servers. 

In some cases, AppManager may not provide the expected metrics output due to incorrect responses for non-English OS. To get the expected output, regex support is available for Ping Monitor. The user needs to customize the output in a property file based on the language. The user can define ping response for metrics like Packet Stats and Round Trip Time for different languages. Create a properties files called ping.properties and place it under AppManager/conf directrory (or under the EUMAgent/conf in case of Agent based Ping monitor). The user can understand the response pattern of the ping request and he can customize it by using the same patterns as in the properties file. This is a sample Italian ping.properties file:

################################ Windows properties #####################################

#Windows Status poll matcher String.

ReplyFrom=Risposta da

bytes=byte

#Windows ResponseTime String. Ex: Minimum or Maximum or Average.

Windows_ResponseTime=Medio

#Windows Packet Sent matcher String.

Windows_PacketSent=Trasmessi

#Windows Packet Received matcher String.

Windows_PacketReceived=Ricevuti

#Windows Packet Loss matcher String(case sensitive).

Windows_PacketLoss=persi

Ping Monitor
  • Applications Manager uses Ping Monitor to track if the particular host / IP address is accessible or not. It checks for availability of a device, server or network device
  • The parameters that are monitored are

    Packet Statistics:

    Packet Loss (%): Packet loss gives the percentage of packets that fail to reach the destination.
    Packets Sent: No. of Packets sent.
    Packet Received: No. of Packets received.

    Round Trip Time: Time taken for each packet exchange. Ping places a timestamp in each packet, which is echoed back and is used to compute how long each packet exchange took

Service Monitoring

To create a Service Monitoring Monitor, follow the steps given below:

  1. Click on New Monitor link. Choose Service Monitoring.
  2. Enter the IP Address or hostname in which the Monitor is running.
  3. Enter the SubNetMask of the network.
  4. Enter the port number in which the service you want to monitor is running.
  5. Enter the polling interval time in minutes.
  6. If you are adding a new monitor from an Admin Server, select a Managed Server.
  7. Enter the command that will be executed after connecting to the port mentioned above. For example, if the port added is where your web server is running , then you can give the command as GET / HTTP1.0 . This will get the index page of the web server.
  8. Enter the string that has to be searched after executing  the command.
  9. Choose the Monitor Group from the combo box with which you want to associate Service Monitoring Monitor (optional). You can choose multiple groups to associate your monitor.
  10. Click Add Monitor(s). This discovers the Service and starts monitoring them.
Service Monitoring
  • Monitors different services running in particular/default ports such as FTP-21, Telnet-23 etc running in the network.
  • Connects to the server configured for monitoring.
  • Checks availability and the response time of the service. Here, the response time is the time taken to connect to the port, execute the given command and search the string.

SNMP

To create a SNMP Monitor, follow the steps given below:

  1. From the Admin tab, select New Monitor from the Discovery and Data Collection panel.
  2. Choose the 'SNMP/Network Device' option from 'Add Monitor of type' drop down list.
  3. Enter the Display Name & IP Address/hostname of the system where the monitor is running.
  4. Enter the SubNetMask of the network. In case of multiple system IP addresses configured with single DNS name , then select the check-box in the Advanced option.
  5. Enter the polling intervall time in minutes.
  6. If you are adding a new monitor from an Admin Server, select a Managed Server.
  7. Enter the timeout value in seconds.
  8. Provide the port number in which SNMP service is running in the host (default port number is 161).
  9. Choose SNMP version V1/V2c or V3.
  10. To associate Monitor Instance to Monitor Group you select a monitor group from the default list or make a new monitor group by clicking "Create New Monitor Group".

For SNMP Version V1/V2c:

  • Enter the Community String ('public' by default).
  • To test the validity of the credentials entered for a particular host name click on 'Test Credentials'.

For SNMP Version V3:

Select one of the three Security Levels in the drop-down list:

  • NoAuthNoPriv - Messages can be sent unauthenticated and unencrypted. Enter a UserName and Context Name.
  • AuthNoPriv - Messages can be sent authenticated but unencrypted. Enter a UserName, Context Name and an Authentication Password. You can select an Authentication Protocol like MD5 or SHA from the drop-down list.
  • AuthPriv - Messages can be sent authenticated and encrypted. Enter a UserName, Context Name,an Authentication Password and a Privacy Password. You can select an Authentication Protocol like MD5 or SHA from the drop-down list. By default 'DES' encryption technique will be used.
Note: SMUX (tcp 199 port) is the snmp multiplexing protocol (RFC 1227). It can be used by an snmp agent to query variables maintained by another user-level process. For monitoring user-processes like kernel related details using the SNMP agent, you must install SMUX and register the mibs. If SMUX is implemented, by default, tcp port 199 should be open for connection.

SNMP

  • Connects to SNMP agent running in an application and monitors the availability and performance of the service. You can also view the custom attributes of the SNMP agent in the same page. For information on adding Custom Monitors, refer to Custom Monitors topic.

Telnet

To create a Telnet Monitor, follow the steps given below:

  1. Click on New Monitor link. Choose Telnet.
  2. Enter the IP Address or hostname of the host in which the Monitor is running.
  3. Enter the SubNetMask of the network.
  4. Provide the port number in which the monitor is running.
  5. Enter the polling intervall time in minutes.
  6. If you are adding a new monitor from an Admin Server, select a Managed Server.
  7. Choose the Monitor Group from the combo box with which you want to associate Telnet Monitor (optional). You can choose multiple groups to associate your monitor.
  8. Click Add Monitor(s). This discovers the telnet from the network and starts monitoring them.
Telnet
  • Connects to Telnet port (default 23)and checks its availability.
  • Monitors response time and updates the status based on a given threshold.

FTP/SFTP Monitor

To create an FTP/SFTP Monitor, follow the given steps:

  1. Click on New Monitor link. Choose FTP/SFTP under Services.
  2. Enter the Display Name for the Monitor.
  3. Enter the Target Address to connect FTP/SFTP.
  4. If Authentication is enabled, enter the Username and Password.
  5. Enter Port No. (Default port number for FTP is 21 and 22 for SFTP)
  6. Enter Time Out value.
  7. Select the option YES or NO to indicate whether FTP is secure or not.
  8. If you would like to monitor the downloads (mget) through FTP/SFTP while simulateneously downloading the file, select the option YES else select NO.
  9. If the above option is YES, then enter the Remote Src. FileName (Remote Source FileName) located in the target address.
  10. Enter the Local Dest. FileName (Local Desitnation FileName) with full path. The file will download in the given path where the Applications Manager is running.
  11. If you would like to upload a file to target address, Select Upload File option as YES else select NO.
  12. If YES, enter the Local Src. FileName (Local Source FileName) with full path. The file must be available where the Applications Manager is running.
  13. Enter the Remote Dest. FileName (Remote Destination FileName) with full path where the file will be downloaded in the target address.
  14. Provide the Polling interval for monitoring the FTP/SFTP montior.
  15. If you are adding a new monitor from an Admin Server, select a Managed Server.
  16. Choose the Monitor Group from the combo box to which you want to associate the Monitor (optional). You can choose multiple groups to associate your monitor.
  17. Click Add Monitor(s). This discovers the Monitor from the network and starts monitoring them.
FTP/SFTP Monitor

Monitors the availability and performance of FTP/SFTP monitor. In addition, it monitors Connection Time, Login Time, File Transfer, File Transfer Speed, Full Transaction and Files & Directories located in the Home Directory.

Connection Time: Time taken by Applications Manager to connect to FTP server.

Login Time: Time taken by Applications Manager to login to FTP server.

File Transfer: It is the time taken for a file to either upload (mput) or download (mget) to a FTP server. In addition, the file size is also monitored while being uploaded or downloaded.

File Transfer Speed: It is the time taken by a particular file transfered to (mput) or from (mget) a FTP server.

Full Transaction: This provides the number of uploads/downloads that was completed correctly.

Files & Directory (Home Directory): This provides the number of files and directories that were present in the FTP server.

LDAP Monitor

To create an LDAP Monitor, follow the given steps:

  1. Click on New Monitor link. Choose LDAP under Services.
  2. Enter the Display Name for the monitor.
  3. Enter the LDAP Server and LDAP Server Port of the server wherein the services are running.
  4. If Authentication is enabled, enter the Username and Password. If no username and password is provided, then it will connect to LDAP server as anonymous login.
  5. Enter the Searchbase value.
  6. Enter the Searchfilter value.
  7. Select the Matching Attribute from the pull down menu.
  8. Select the Filter Condition from the pull down menu.
  9. Enter the Search Result string value which will match with search results.
  10. Enter the Timeout period which will be used to establish connection with the LDAP server.
  11. Click YES or NO option to check if the connection is secured. If YES (to enable SSL mode), then import the certificate of LDAP server into Applications Manager. Please follow the steps (given below) provided to import the LDAP certificate into Applications Manager Truststore.truststore. Once the procedure is complete, restart Applications Manager.
  12. Provide the Polling interval for monitoring the LDAP montior.
  13. If you are adding a new monitor from an Admin Server, select a Managed Server.
  14. Choose the Monitor Group from the combo box to which you want to associate the Monitor (optional). You can choose multiple groups to associate your monitor.
  15. Click Add Monitor(s). This discovers the Monitor from the network and starts monitoring them.
Note: To import certificate into Applications Manager, execute the following command:
/working/jre/bin/keytool -import -keystore /working/conf/Truststore.truststore -storepass appmanager -trustcacerts -alias <Applications_Manager_Home>/working/jre/bin/keytool -import -keystore <Applications_Manager_Home>/working/conf/Truststore.truststore -storepass appmanager -trustcacerts -alias <alias_name> -file <ldap_certificate_file_path> <Applications_Manager_Home> - Applications Manager installed home directory <alias_name> - Provide an alias name for the LDAP certificate <ldap_certificate_file_path> - Provide absolute path to the LDAP certificate appmanager - This is the password for the LDAP certificate. Ensure that you do not change the password.

LDAP Monitor monitors the availability and performance of LDAP server. It monitors the Login Time attribute - the time taken for a user to log in to the LDAP server. In addition, it also monitors Search Details and Search Results Details.

The 'Search Details' section displays the time taken for a search to execute and the total response time. The total response timeis the login time plus the time taken for a search in the LDAP server.

The 'Search Results Details' displays the search result row count which displays the total rows returned after a search was executed and the search result matching details which displays whether it was a success or a failure.

Active Directory

Prerequisites for monitoring Active Directory metrics: Click here

Using the REST API to add a new Active Directory monitor: Click here

To create a new Active Directory Monitor, follow the steps given below:

  1. Click on New Monitor link. Choose Active Directory under Services .
  2. Enter the DisplayName of the host in which the Monitor is running.
  3. Enter the HostName on which the monitor is running.
  4. Enable the Use CredSSP Authentication option only when the monitored AD Server is a non-primary Domain Controller and is present in a different domain other than that of the Applications Manager server domain. CredSSP delegates the users credentials from one computer to another remote computer. Click here for the steps to enable CredSSP
  5. If Authentication is enabled, enter the Username and Password.
  6. Provide the Timeout period for running the datacollection scripts. By default, it is 300 seconds.
  7. Provide the Polling interval for monitoring the Active Directory montior.
  8. If you are adding a new monitor from an Admin Server, select a Managed Server.
  9. Choose the Monitor Group from the combo box to which you want to associate the Monitor (optional). You can choose multiple groups to associate your monitor.
  10. Click Add Monitor(s). This discovers the Monitor from the network and starts monitoring them.
Note: Kindly ensure that for User accounts, relevant privileges must be provided before creating Active Directory monitor. If you have added Monitors and not associated them with a Monitor Group, you can do this manually anytime. For information on associating a Monitor with a Monitor Group, refer to Associating Monitor with Monitor Groups topic.

Active Directory Monitor  connects to the Active Directory server and checks its availability. Active Directory Counters that are monitored by Applications Manager are given below:

Performance Overview

Parameters Description
Time Synchronization *
Primary DC Name of the Primary Domain Controller in the domain.
Time Offset from Primary DC   
Network Monitors
AB Client Sessions AB Client Sessions is the number of connected Address Book client sessions.
DS Notify Queue Size The number of pending update notifications that have been queued, but not yet transmitted to clients
Database Monitors
Database Disk Free Space Shows the total usable space on the selected logical disk drive that was free (in MB).
Database File Size Shows the Database File Size (in MB).
Database Disk Total Size Shows the Total Size of the disk drive (in MB).
NTFRS Process Monitors
NTFRS CPU Usage Percentage of elapsed time that all of the threads of NTFRS process used the processor to execute instructions. An instruction is the basic unit of execution in a computer, a thread is the object that executes instructions, and a process is the object created when a program is run. Code executed to handle some hardware interrupts and trap conditions is included in this count.
NTFRS Handle Count Total number of handles the NTFRS process has open. This number is the sum of the handles currently open by each thread in the process.
NTFRS Process File Reads Rate at which the NTFRS process is reading bytes from I/O operations. This property counts all I/O activity generated by the NTFRS process to include file, network, and device I/Os.
NTFRS Process File Writes Rate at which the NTFRS process is writing bytes to I/O operations. This property counts all I/O activity generated by the NTFRS process to include file, network, and device I/Os
NTFRS Process Memory Amount of memory in bytes that a NTFRS process needs to execute efficiently—for an operating system that uses page-based memory management. If the system does not have enough memory (less than the working set size), thrashing occurs. If the size of the working set is not known, use NULL or 0 (zero).
DFSR Process Monitors
DFSR CPU Usage Percentage of elapsed time that all of the threads of DFSR process used the processor to execute instructions. An instruction is the basic unit of execution in a computer, a thread is the object that executes instructions, and a process is the object created when a program is run. Code executed to handle some hardware interrupts and trap conditions is included in this count.
DFSR Handle Count Total number of handles the DFSR process has open. This number is the sum of the handles currently open by each thread in the process.
DFSR Process File Reads Rate at which the DRSR process is reading bytes from I/O operations. This property counts all I/O activity generated by the DRSR process to include file, network, and device I/Os.
DFSR Process File Writes Rate at which the DFSR process is writing bytes to I/O operations. This property counts all I/O activity generated by the DFSR process to include file, network, and device I/Os.
DFSR Process Memory Amount of memory in bytes that a DFSR process needs to execute efficiently—for an operating system that uses page-based memory management. If the system does not have enough memory (less than the working set size), thrashing occurs. If the size of the working set is not known, use NULL or 0.
System Monitors
CPU Utilization Percentage of time that the processor is executing a non-idle thread. This property was designed as a primary indicator of processor activity. It is calculated by measuring the time that the processor spends executing the thread of the idle process in each sample interval and subtracting that value from 100%.
Disk Utilization It is calculted as follows ((size-freesize)/size)*100

where

size - It is the total Size of the disk drive on Logical Disk

freesize - Space, in bytes, available on the logical disk

Memory Utilization It is calculated as follows

((TotalVisibleMemorySize- FreePhysicalMemory)/TotalVisibleMemorySize)*100

where

TotalVisibleMemorySize - Total amount, in kilobytes, of physical memory available to the operating system. This value does not necessarily indicate the true amount of physical memory, but what is reported to the operating system as available to it.

FreePhysicalMemory - Number, in kilobytes, of physical memory currently unused and available.

Number of Processes Number of process contexts currently loaded or running on the operating system.
OS Processor Queue Length Number of threads in the processor queue. There is a single queue for processor time even on computers with multiple processors. Unlike the disk counters, this property counts ready threads only, not threads that are running.
Performance Counter Monitors
DS Client Binds Shows the number of Ntdsapi.dll binds per second serviced by this domain controller.
DS Server Binds Per Sec Shows the number of domain controller–to–domain controller binds per second that are serviced by this domain controller.
Directory Reads Per Sec Shows the number of directory reads per second.
Directory Writes Per Sec Shows the number of directory writes per second.
NTLM Authentications Shows the number of NTLM authentications per second serviced by this domain controller.
Kerberos Authentications Shows the number of times per second that clients use a ticket to this domain controller to authenticate to this domain controller.
LSASS Process Monitors
LSASS CPU Usage Percentage of elapsed time that all of the threads of LSASS process used the processor to execute instructions. An instruction is the basic unit of execution in a computer, a thread is the object that executes instructions, and a process is the object created when a program is run. Code executed to handle some hardware interrupts and trap conditions is included in this count.
LSASS Handle Count Total number of handles the LSASS process has open. This number is the sum of the handles currently open by each thread in the LSASS process.
LSASS Process File Reads Rate at which the LSASS process is reading bytes from I/O operations. This property counts all I/O activity generated by the LSASS process to include file, network, and device I/Os.
LSASS Process File Writes Rate at which the LSASS process is writing bytes to I/O operations. This property counts all I/O activity generated by the LSASS process to include file, network, and device I/Os
LSASS Process Memory Amount of memory in bytes that a LSASS process needs to execute efficiently—for an operating system that uses page-based memory management. If the system does not have enough memory (less than the working set size), thrashing occurs. If the size of the working set is not known, use NULL or 0 (zero).
LDAP Stats
LDAP Active Threads Shows the current number of threads in use by the LDAP subsystem of the local directory service.
LDAP Bind Time Shows the time, in milliseconds, taken for the last successful LDAP bind.
LDAP Client Sessions Shows the number of currently connected LDAP client sessions
LDAP Searches Per Sec Shows the rate at which LDAP clients perform search operations
LDAP UDP operations Per Sec Shows the number of User Datagram Protocol (UDP) operations that the LDAP server is processing per second.
LDAP Writes Per Sec Shows the rate at which LDAP clients perform write operations.
Replication Stats
Replication Objects Applied Per Sec Shows the rate at which replication updates received from replication partners are applied by the local directory service. This counter excludes changes that are received but not applied
Replication Objects Remaining Shows the number of object updates received in the current directory replication update packet that have not yet been applied to the local server.
Total Replication Objects In /Sec Shows the number of objects received from neighbors through inbound replication. A neighbor is a domain controller from which the local domain controller replicates locally.
Total Replication Objects Out /Sec Shows the number of objects replicated out.
Replication Traffic In Shows the total number of bytes replicated in. This counter is the sum of the number of uncompressed bytes (never compressed) and the number of compressed bytes (after compression).
Replication Traffic Out Shows the total number of bytes replicated out. This counter is the sum of the number of uncompressed bytes (never compressed) and the number of compressed bytes (after compression)
Active Directory Services
Kerberos Key Distribution Center Service The Kerberos Key Distribution Center (KDC) is a network service that supplies session tickets and temporary session keys to users and computers within an Active Directory domain. The KDC runs on each domain controller as part of Active Directory Domain Services (AD DS). .
Server Service This service enables the computer to connect to other computers on the network based on the SMB protocol
Net Logon Service This service supports pass-through authentication of account logon events for computers in a domain
Workstation Service This service enables the computer to connect to other computers on the network based on the SMB protocol.
Remote Procedure Call (RPC) Service This service provides the name services for RPC clients.
Security Accounts Manager Service This service signals other services that the Security Accounts Manager subsystem is ready to accept requests.
File Replication Service This service maintains file synchronization of file directory contents among multiple servers
DNS Client Service This service resolves and caches (Domain Name Server) DNS names.
Intersite Messaging Service This service is used for mail-based replication between sites. Active Directory includes support for replication between sites by using SMTP over IP transport.
Windows Time service The service synchronizes the time between domain controllers, which prevents time skews from occurring.
Active Directory Domain Services  
Active Directory Web Services  

* Time Synchronization data is available only if the monitored AD server is a Secondary Domain Controller. These metrics are mapped under Admin → Performance Polling

Replication Statistics

Replication is the process of sending update information for data that has changed in the directory to other domain controllers. It is important to have a firm understanding of replication and how it takes place, both within the domain and in multiple-site environments.

Monitoring for Active Directory Replication - If there are two or more domain controllers,that are replicating changes to each other, the replication statistics information will be displayed in the Replication Statistics tab. In a Single-Domain-controller setup,no replication stats will be shown.

Parameters Description
Domain Controller
Domain Controller Site The Site that the host domain controller resides in.
Is Global Catalog Server Provides a value of true / false. True,if the domain controller is a global catalog server.
Percent of RIDs Left The percentage of Relative Identifiers left in RID Pool.
Pending Replication Operations The count of Pending Replication Operations.
Replication Partners
Partition Name DN of the Naming Context(Partition) for which the partners replicate.
Source DC  CN of directory system agent (DSA) that represents the source domain controller (DC).
Source DC Domain The canonical name of the domain of the replicated NC.
Source DC Site The site that contains the source DC.
Time of Last Sync Attempt The timestamp for the last replication attempt.
Time of Last Sync Success The timestamp for the last successful replication attempt.
Consecutive Failure Count The number of consecutive failed replication attempts.
Last Sync Result Values can be Success or Failed.
Pending Replications
Partition Name The X.500 path of the naming context (NC) that is associated with this operation.
Source DC CN of directory system agent (DSA) that represents the source domain controller (DC).
Time Enqueued The time at which this operation was added to the queue.
Operation Start Time The time when the operation was started.NULL if operation is still in Queue.
Position in Queue The position of this operation in the queue.

Connectivity

Parameters Description
Port Connectivity *
Port Name The name of the port monitored.
Port Number The port number specified for that port.
Connectivity Status Specifies if the connection is UP / DOWN.
Response Time(ms) The time taken to check the connectivity status in milliseconds.
Network Interface
Name The display name of the network connector
Speed(MBps) The interface's current bandwidth in megabits per second (mbps).
Input Traffic(MBps) The rate at which bytes are received on the interface, including framing characters.
Output Traffic(MBps) The rate at which bytes are sent on the interface, including framing characters.

* Metrics for Port Connectivity are mapped under Admin → Performance Polling

Follow these steps to add, remove or edit the ports monitored:
  • Go to <appmanager-home>\working\conf\application\script\powershell folder and open ActiveDirectoryPorts.ps1 file in an editor.
  • To add new port to be monitored, add the port name and port number in the below format along with the other ports:

    "<portname>:<portnumber>"  Example: "DNS:53"

  • To remove any ports which are monitored, comment the respective line by using '#' in the beginning of the line.

    Example: # "DNS:53"

  • If any ports have been changed from the default port number in the server, please edit the respective port numbers.
  • Save the file after the changes are done.
  • Changes will be effective from the next poll in the monitor.

Diagnostic Tests *

Basic Tests

  • Connectivity Check - Tests whether DSAs(Directory System Agent) are DNS registered, pingeable, and have LDAP/RPC
  • Advertising Status Check - Checks whether each DSA is advertising itself, and whether it is advertising itself as having the capabilities of a DSA.
  • SYSVOL Status Check - This test checks that the SYSVOL is ready.
  • Knowledge Consistency Check - This test checks that the Knowledge Consistency Checker is completing without errors.
  • RID Master Accessibility Check - Check to see if RID master is accessable and to see if it contains the proper information.
  • Machine Account Information Check - Check to see if the Machine Account has the proper information.
  • Global Role-holders Locator Check - Checks that global role-holders are known, can be located, and are responding.

Replication Tests

  • File Replication System Check - This test checks to see if there are any operation errors in the file replication system (FRS). Failing replication of the SYSVOL share, can cause Policy problems.
  • Distributed File System Check - This test checks to see if there are any operation errors in the DFS(Distributed File System).
  • Logon Priviledges (NetLogons) Check - Checks that the appropriate logon priviledges allow replication to proceed.
  • Object Replication Check - Check that Machine Account (AD only) and DSA objects have replicated.
  • Verify References for FRS and Replication Infrastructure - This test verifies that certain system references are intact for the FRS and Replication infrastructure.
  • Intersite Replication Error Check - Checks for failures that would prevent or temporarily hold up intersite replication.

Cross Reference Check Tests

  • CrossRefValidation - This test looks for cross-refs that are in some way invalid.
    • DomainDnsZones CrossRefValidation
    • ForestDnsZones CrossRefValidation
    • Configuration CrossRefValidation
    • Schema CrossRefValidation
    • <Domain-Name> CrossRefValidation

Security Descriptor Reference Check Tests

  • CheckSDRefDom - This test checks that all application directory partitions have appropriate security descriptor reference domains.
    • DomainDnsZones CheckSDRefDom
    • ForestDnsZones CheckSDRefDom
    • Configuration CheckSDRefDom
    • Schema CheckSDRefDom
    • <Domain-Name> CheckSDRefDom

* Metrics for Diagnostic Tests are mapped under Admin → Performance Polling