General Troubleshooting for MOM 2005
This section provides troubleshooting solutions for a range of general issues that might occur when working with MOM 2005.
Unable to Listen on TCP Port 1270
This error occurs when the socket address (protocol/network address/port) for TCP port 1270 is already in use. By default, only one connection is allowed per socket address.
Solution
Use the netstat command to identify the process that is using the socket address.
For Windows XP clients, use the following:
Netstat.exe /a /o
For Windows 2000 SP4 clients, use the following:
Netstat.exe /a /p TCP
RPC Error 2147023174
This error occurs when a firewall or router is blocking remote procedure calls (RPCs) between network subnets. RPCs are used to communicate between agentless managed computers and MOM Management Servers. This communication occurs over the distributed Component Object Model (DCOM) port, which is TCP port 135.
Solution
Open TCP port 135 on routers and firewalls that connect subnets.
Web and FTP Service Alerts Delayed
In IIS 6.0, the Web server and the FTP server do not immediately write their log entries to the hard disk. These services use a cache to store log entries so that a number of entries are written to the hard disk at once, which improves performance. It can take up to 10 minutes for a cached log entry to be written to the log file on the hard disk. Because MOM monitors these logs for errors, it can take up to 10 minutes to receive an alert on the Web and FTP services.
Solution
In a test environment, you can stop and start the Web or FTP service. This causes these services to immediately write all information contained in the cache to the hard disk. In production environments, just note that these alerts are sometimes delayed.
MOM-to-MOM Product Connector Alert Suppression Is Not Working
When the MOM-to-MOM Product Connector (MMPC) forwards alerts from designated sources to designated destinations, alert suppression is used to avoid duplicate alerts. However, the MMPC might not suppress alerts as expected when forwarding alerts from multiple source management groups.
If, in the properties of a rule, the Computer and Domain check boxes in the Alert Suppression property page are not selected, alerts generated from multiple sources such as management groups or computers are identified as alerts from a single source. This causes all other alerts from the same rule, but from different source management groups, to be mistakenly treated as duplicates and suppressed.
The MMPC on each source management group that forwards a duplicate alert creates the following event in the Application Event Log:
Source: MOM to MOM Connector
Event ID: 10069
Type: Warning
Description: The following alert was not updated because it was suppressed into the corresponding alert (original alert id ==> suppressed alert id).
MOM master management group: <Destination_Management_Group_Name>
Error on: http://<Destination_Management_Server>:1271/ConnectorServiceV2.asmx
Solution
When the Alert Suppression settings are correctly configured, alerts that were previously grouped into a single alert are recognized as distinct alerts, which allows alert suppression to work as expected. This configuration change is needed both on the source and on the destination management groups.
To configure the properties of the rule that is generating a duplicate alert
Open the MOM Administrator console and expand the source management group. Point to Microsoft Operations Manager, Rule Groups to navigate to the rule that is generating a duplicate alert.
Right-click the rule and select Properties.
Select the Alert Suppression tab, check the Computer and Domain check boxes, and then click OK.
Right-click the rule group, and select Commit Configuration Change.