Monitoring Scenarios
The Active Directory Rights Management Services Management Pack manages the logical parts of Active Directory Rights Management Services (AD RMS) that an operator or administrator is interested in monitoring, configuring, or reporting on. Each of the following components is critical to the AD RMS infrastructure.
| Component | Component Description |
|---|---|
AD RMS Deployment |
Active Directory Rights Management Services (AD RMS) deployment is the process by which AD RMS is installed and configured in an organization's network. |
AD RMS Web Services |
Active Directory Rights Management Services (AD RMS) Web services provides communication among computers in the AD RMS cluster. |
AD RMS Logging Service |
The Active Directory Rights Management Service (AD RMS) logging service runs on each server in an AD RMS cluster and sends logging information to the logging database. This information is used by AD RMS to generate reports from within the Active Directory Rights Management Services console. |
The following sections describe the aspects (operations or types of functionality that a component is designed to perform) and the health states of each component in the Active Directory Rights Management Services Management Pack, as listed in the previous table. This management pack includes monitoring capabilities for detecting the yellow and red health states in the listed components.
The Windows Server 2008 Active Directory Rights Management Services Management Pack is designed to monitor the various health states of AD RMS. Health states are indicated by color:
- Green: normal operation
- Yellow: degraded operation
- Red: failure
Each health state is related to an Aspect (an aspect represents an operation or the type of functionality that a Managed Entity is designed to perform). Health states are detected by Detection Rules.
Although the Active Directory Rights Management Services Management Pack has the ability to detect transitions to specific health states, not all rules in the management pack have been designed to take advantage of the State feature of MOM. In these cases, transitions to specific health states are exposed only through the generation of Alerts and the relevant health state change is not reflected on the AD RMS Role and related State Views.
For more information about aspects, see the Errors and Events page in the Windows Server 2008 Technical Library https://go.microsoft.com/fwlink/?LinkId=107564).
AD RMS Deployment
| Aspect | Yellow health state | Red health state |
|---|---|---|
AD RMS Cluster Installation |
Not applicable. |
Active Directory Rights Management Services (AD RMS) encountered an issue with the installation or upgrade of the AD RMS cluster. AD RMS was not installed. AD RMS-enabled clients will not be able to use or publish rights-protected content. |
AD RMS Service Connection Point Registration |
Active Directory Rights Management Services (AD RMS) could not register the service connection point (SCP) in the Active Directory forest. AD RMS-enabled clients will not be able to perform automatic service discovery until the SCP is registered. |
Active Directory Rights Management Services (AD RMS) could not delete the existing service connection point (SCP) in the Active Directory forest. AD RMS-enabled clients will not be able to perform automatic service discovery until the existing SCP is replaced. |
AD RMS Federated Identity Support Installation |
Not applicable |
The Active Directory Rights Management Services (AD RMS) Identity Federation Support role service could not be installed because the package installation files could not be found on this computer. Federated users will not be able to consume rights-protected content until the Identity Federation Support role service is installed. |
AD RMS Cluster URL Availability |
Not applicable |
The Active Directory Rights Management Services (AD RMS) cluster URL is not available to respond to AD RMS-enabled client requests. AD RMS cannot service requests until the cluster URL is available on the network. |
AD RMS Web Services
| Aspect | Yellow health state | Red health state |
|---|---|---|
AD RMS Cluster Configuration |
The Active Directory Rights Management Services (AD RMS) cluster is performing in a degraded state. Automatic service discovery for AD RMS-enabled clients may not be available. |
The Active Directory Rights Management Services (AD RMS) cluster is not configured correctly. AD RMS cannot service requests from either AD RMS-enabled clients or other AD RMS servers in the cluster. |
AD RMS Rights Policy Templates Integrity |
An Active Directory Rights Management Services (AD RMS) rights policy template is installed on the client computer but is no longer available in the AD RMS configuration database. AD RMS-enabled clients will not be able to use a specified rights policy template unless it is also stored in the AD RMS configuration database. |
Not applicable |
Active Directory Domain Services Availability |
An Active Directory Domain Services (AD DS) query failed. Some Active Directory Rights Management Services (AD RMS)-enabled clients may not be able to use or publish rights-protected content. |
Active Directory Domain Services (AD DS) is not available. All requests from Active Directory Rights Management Services (AD RMS)-enabled clients will fail. |
RMS Client Activation |
Not applicable |
The Rights Management Services (RMS) client activation URL is not available. The RMS activation URL is used to activate the RMS-enabled client and enable it to use or publish rights-protected content. The activation URL is only required for an RMS-enabled client with no service pack installed. |
AD RMS Databases Availability |
The Active Directory Rights Management Services (AD RMS) directory services database is not available. AD RMS directory service caching will not occur until the AD RMS directory services database is available on the network. |
The Active Directory Rights Management Services (AD RMS) databases are not available or the AD RMS service account does not have either read or write permissions to the AD RMS databases. No database transactions will occur until the AD RMS service account has access to the databases. |
AD RMS Super Users Configuration |
An unsuccessful attempt was made to enable the Active Directory Rights Management Services (AD RMS) super users group with a group that does not exist in the Active Directory forest. |
Not applicable |
AD RMS Decommissioning |
A decommissioning request was received from the Active Directory Rights Management Services (AD RMS) cluster, but the cluster is not in decommissioning mode. Decommissioning requests will not be honored. |
Not applicable |
AD RMS Trust Policy Integrity |
An invalid trusted publishing domain is available in this Active Directory Rights Management Services (AD RMS) cluster. Users in the invalid trusted publishing domain will not be able to use or publish rights-protected content. |
A trust policy is either not configured properly or is not valid. Some Active Directory Rights Management Services (AD RMS)-enabled clients may not be able to use or publish rights-protected content. |
AD RMS Trust Hierarchy Determination |
Not applicable |
Active Directory Rights Management Services (AD RMS) could not determine the trust hierarchy for this AD RMS cluster. Servers in the AD RMS cluster will not issues licenses to AD RMS-enabled clients. |
AD RMS Cluster Availability |
Not applicable |
The Active Directory Rights Management Services (AD RMS) cluster is not available. AD RMS-enabled clients will not be able to use or publish rights-protected content. |
AD RMS Logging Service
| Aspect | Yellow health state | Red health state |
|---|---|---|
AD RMS Logging service availability |
The Active Directory Rights Management Services (AD RMS) logging service is operating in a degraded state. There may be a delay in writing messages from servers in the AD RMS cluster to the logging database. |
The Active Directory Rights Management Services (AD RMS) logging service did not start. No messages will be written to the logging database from this server in the AD RMS cluster. |
AD RMS Logging service configuration |
The Active Directory Rights Management Services (AD RMS) logging service could not be installed on this computer. No messages from this server in the AD RMS cluster will be sent to the AD RMS logging database. To install the logging service, you must reinstall AD RMS. |
The Active Directory Rights Management Services (AD RMS) logging service does not exist on this computer. The AD RMS logging service may have been deleted. No messages from this server in the AD RMS cluster will be sent to the AD RMS logging database. To install the logging service, you must reinstall AD RMS. |