Garry

New MOM 2005 Hotfix for SNMP

Microsoft Operations Manager 2005 may stop processing incoming SNMP traps after receiving many traps in a short time

http://www.kbalertz.com/914835/Microsoft.Operations.Manager.processing.incoming.traps.after.receiving.traps.short.aspx

What Would you like to know?

Hi I am new to this blogging stuff so would like to ask the question what would you like to hear about?

I work in a team that will soon support over 500 Dc’s (Currently 270 as we are in a middle of a roll out) across the globe over some of the worse links you could ever imagine. This has helped to give me a good understanding AD and also how to get it replicating over pieces of wet string. As well as AD I have deployed MOM from a central location in the UK to manage this environment. The team is very small and one of the goals was to ensure that MOM did not flood us with alerts that where not valid. We have achieved this and now have a very stable MOM implementation that does not give lots of false alarms.

On this site I want to create articles and blog casts on any subject that interests you. I don’t know everything but what I don’t know I really enjoy learning and I would like then the oppertuity to share with you what I have learnt.

I also want to learn from you as well as AD and MOM are big subjects and the more people we have sharing knowledge the more we will all learn.

Drop me a email or leave a comment and I will do my best to help

Top Three Mistakes Made When Setting up Exchange MP

Check this page for the top three mistakes made when setting up Exchange MP

http://www.microsoft.com/technet/prodtechnol/exchange/2003/empconfig.mspx

HP MP MOM Help Reduce False Alerts

One issue we where seeing is lots of critical alerts from the HP MP. The insight logs where clear but in the eventlog you see a event 1192. This was causing us a high number of alerts. After doing some research I found this:

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=PSD_EX040107_CW01

The other solution is

The "approved" workaround for this problem involves a change on the server. Open the "HP Management Agents" control panel, and on the Services tab, move "SCSI information" from "Active Agents" to "Inactive Agents." This will stop monitoring of the SCSI subsystem on the server.  But I prefer the agent upgrade.

Windows Security Event Descriptions

These links will help you identify what the different Security Event ID's mean. These are good guides for developing your own MOM Secuirty MP.

Windows Security Event Descriptions (Part 1 of 2)

http://support.microsoft.com/?kbid=299475

Windows Security Event Descriptions (Part 2 of 2)

http://support.microsoft.com/kb/301677/EN-US/

Best Active Directory Book I have used

Inside Active Directory: A System Administrator's Guide, 2nd Edition

• By Sakari Kouti, Mika Seitsonen, Mika Seitsonen.
• Published by Addison Wesley Professional.

Microsofts 10 Highest-Rated Webcasts

IT's Showtime

Here is a good link to see some past recordings of some MS Events

http://www.microsoft.com/uk/technet/itsshowtime/default.aspx

Security News Round Up

 News
 
Are Smart Cards the New Way of Life? - Solving the Password Problem http://go.microsoft.com/?linkid=4786655 By Amesh Mansukhani

A significant number of IT departments tasked with managing security still rely on passwords for authentication as the first line of defence. This article discusses why user passwords are no longer good enough and why moving to multifactor authentication is a better way to help ensure secure access to resources and to protect those resources.

 Microsoft Certificate Lifecycle Manager Beta 1 Is Here http://go.microsoft.com/?linkid=4786656

Microsoft Certificate Lifecycle Manager (CLM) is a policy- and workflow-driven solution that helps organizations manage the lifecycle of digital certificates and smart cards. Join the Microsoft CLM Beta Program http://go.microsoft.com/?linkid=4786687 to participate in testing and read this technical white paper http://go.microsoft.com/?linkid=4786688 to learn how CLM can lower the costs associated with digital certificates and smart cards.

 Security Briefs: A First Look at InfoCard http://go.microsoft.com/?linkid=4786657

InfoCard will soon help provide the consistent user experience required by the identity metasystem. On the social Web, it will pave the way for all kinds of new innovations by individuals and companies. For corporations, InfoCard will make it much simpler to connect with partners online. In this article, Keith Brown discusses InfoCard specifically in the domain of Web services.    

 Microsoft Targets Cybercriminals with Launch of GPEI http://go.microsoft.com/?linkid=4786658

By the end of June 2006, Microsoft will have initiated legal actions on more than 100 cases in Europe, Middle East and Africa. The legal actions are linked to the Global Phishing Enforcement Initiative (GPEI). Microsoft launched the GPEI to coordinate and expand its many anti-phishing efforts worldwide to fight phishers through consumer protection, partnerships with law enforcement, governments and industries, and prosecution.

 What Is ISA Server 2006? http://go.microsoft.com/?linkid=4786660

Microsoft Internet Security and Acceleration (ISA) Server 2006 is the integrated edge security gateway that helps protect your IT environment from Internet-based threats. Download and try the latest version of this firewall, VPN, and web cache solution, and learn more about how it can help you secure your Microsoft application infrastructure and safeguard your IT environment.

Microsoft Security Bulletin Summary for April, 2006

http://www.microsoft.com/technet/security/bulletin/ms06-apr.mspx

Search for previous security bulletins http://go.microsoft.com/?linkid=3992478

Security Bulletin Feed http://go.microsoft.com/?linkid=3992479 RSS http://go.microsoft.com/?linkid=3992480

Egypt Time Zone issue

I have a call raised for this and as soon as I get a fix I will let everyone know

They are not updating to the daylight saving time as they should. If you run

w32tm /tz the output is

C:\>w32tm /tz
Time zone: Current:TIME_ZONE_ID_STANDARD Bias: -120min (UTC=LocalTime+Bias)
[Standard Name:"Egypt Standard Time" Bias:0min Date:(M:9 D:5 DoW:3)]
[Daylight Name:"Egypt Daylight Time" Bias:-60min Date:(M:5 D:1 DoW:5)]

I have one DC that is in Egypt that has the correct time and the output from that is

C:\Documents and Settings\gioes-admn-0002>w32tm /tz
Time zone: Current:TIME_ZONE_ID_DAYLIGHT Bias: -120min (UTC=LocalTime+Bias)
[Standard Name:"Egypt Standard Time" Bias:0min Date:(M:9 D:5 DoW:3)]
[Daylight Name:"Egypt Daylight Time" Bias:-60min Date:(M:4 D:5 DoW:5)]

XP clients that are connecting to this server are synching time but because they do not think they are in daylight saving they are 1 hr behind. I tested a synch on a XP client by moving it forward by one hour to the correct time and then carried out a w32tm /resync and it moved it back one hour. So the clients and some DC's are not picking up that it has moved into Daylight saving. There is an issue with the time zone information that is held on the clients rather than the time synch process.

Monthly Check List for Active Directory Operations

Weekly Check List for Active Directory Operations

These are the minimum checks I would carry out each week

Daily Check List for Active Directory Operations

These are the minimum checks I would carry out each day

Active Directory Operations Check Lists

I have spent some time creating the following daily, weekly and monthly check lists for Active Directory Operations teams. At the moment they are only very basic but as time progresses I will develop these even further.

In the future I am hoping to add more security and performance checks as these areas are lacking at the moment in my documents.

Mom Resource Online

Worth a look if you are after information on MOM

http://www.momresources.org/index.shtml