Cloud

OpsMgr 2012 and 2007: Exchange Server 2010 Monitoring Management Pack: How to perform the Optional Configurations for Synthetic Transactions and Kerberos Authentication

I just thought I’d extend the article noted ‘OpsMgr 2012 and 2007 (R2): How to Import – Exchange Server 2010 Monitoring Management Pack (v14.03.0038.004)’ and post a second series for the “Optional Configurations” noted in the MP Guide (download link below).

Download site:
http://www.microsoft.com/en-us/download/details.aspx?id=692

Optional Configurations Summary:
1.   Create Test Mailboxes for Synthetic Transaction Tests
2.   Enable the event collection rules for synthetic transaction output
3.   Enable an Optional Monitor If You’re Using Kerberos Authentication with a Client Access Server Array

What does this mean and why would I do perform the Optional Configuration?
The Exchange 2010 Management Pack can run synthetic transactions that indicate and measure the performance of the Exchange Organization. This Management Pack uses native cmdlets to test the following:

  • Microsoft Office Outlook Web App
  • Exchange ActiveSync
  • Exchange Web Services connectivity from Client Access servers to Mailbox servers

What is required for me to perform the Synthetic Transactions?

These cmdlets require that a test mailbox be created in each Active Directory site that you want to test:

  • Test-OwaConnectivity
  • Test-ActiveSyncConnectivity
  • Test-WebServicesConnectivity

Important: In some cases you may not see a test mailbox on one or more Mailbox servers and the Management Pack will return a message stating – “The test mailbox was not initialized. Run new-TestCasConnectivityUser.ps1 to ensure that the test mailbox is created.”

Important: Security Considerations: The security model which the Exchange Server 2010 Management Pack has been tested was surrounding only the LocalSystem context.  If you run the agent as anything other than LocalSystem, then the synthetic transactions fail to run. You may also experience other issues.

First, create a test mailbox for:

  • Outlook Web App
  • Exchange ActiveSync
  • Exchange Web Services

Create test mailboxes for Outlook Web App, Exchange ActiveSync, and Exchange Web Services to monitor connectivity using native cmdlets via the New-TestCasConnectivityUser.ps1 script.
1.   Open the Exchange Management Shell
2.   Change the running directory to the C:\ Program Files\Microsoft\Exchange Server\V14\Scripts folder with the command:
Set-Location C:\Program Files\Microsoft\Exchange Server\V14\Scripts
3.   Execute the script with the command:
New-TestCasConnectivityUser.ps1
4.   You will run through a wizard of instructions that will create the test mailbox. During the process, a temporary secure password will be provisioned when creating test users. You’ll also be prompted to specify the Mailbox server where you want the test user created.
5.   Repeat this process on each Exchange 2010 Mailbox server in each Active Directory site that you want to test.

 
Second, Enable Event Collection for Synthetic Transaction Rules.

The Exchange 2010 Management Pack utilizes to a mailbox. As the tests succeed or fail, the output can be used for proactively and preemtively investigating the state of the Exchange environment.

Important: As the collection rules are enabled, ensure that there is sufficient disk space within the DB\DW to accommodate the additional data. By default, each test runs every five minutes and can produce many events.

Enable the event collection rules for synthetic transaction output:
1.   In System Center Operations Manager 2007, click Authoring.
2.   In the Authoring pane, expand Management Pack Objects, and then click Rules.
3.   In the Rules pane, click Change Scope.
4.   In the Scope Management Pack Target(s) by object dialog box, in the Look for box, type "Exchange Server 2010."
5.   Click View all targets.
6.   Click Select All if it’s not disabled (it is only disabled when all rows are already selected).
7.   Click OK to close the dialog box.
8.   After the rules have loaded, type "Script event collection" in the Look for box near the top of the console.
9.   For each test task that you would like to enable, perform the following steps:
a.   Right-click the rule and select Overrides, Override the Rule, For all objects of class:<class name>.
b.   Select the Override check box.
c.   Set the override value to True.
d.   Click OK.

Note: This may take a few moments to populate data as the overrides are deployed to the agents.

To enable this monitor, use the following steps:
1.   Within the Operations Console, click Authoring
2.   In the Authoring pane, expand Management Pack Objects, then click Monitors
3.   On the toolbar, click Scope
4.   In the Scope Management Pack Target by object dialog box, in the Look for box, type "Outlook Service Availability"
5.   Click View all targets
6.   Click Select All if it’s not disabled (this is disabled when all rows are selected)
7.   Click OK
8.   Click Outlook Service Availability, Entity Health, Availability
9.   Under Availability, right-click the rule Kerberos Authentication for CAS array – shared alternate service account credential password for Kerberos authentication has not been updated in 28 days and may be stale, and then click Overrides > Override the Monitor > For a specific objects of type: Outlook Service Availability
10.  In the Select Object dialog box, select the rule for the server you will be running the RollAlternateServiceAccountPassword.ps1 script on, click OK.
11.  In the Override Properties dialog box, select the Override check box
12.  Set the Override value to True
13.  Click OK

Note: This may take a few moments to populate data as the overrides are deployed to the agents.

Third. Enable an Optional Monitor
If you are using Kerberos authentication with a Client Access server array, you should manage the shared alternate service account credential (ASA) password. Using the RollAlternateServiceAccountPassword.ps1 script, you can automate the distribution and updating of the ASA credential to the necessary Client Access servers. The Management Pack includes two monitors that check the health of the script to ensure it is running correctly. More details are in the Manaqement Pack guide using the download site above.

 

Leave a Reply