Search This Blog

Wednesday, February 22, 2012

Duplicate name on network warning in SCOM

Came across this lovely gem recently. Troubleshooting steps didn't really help, at all.

A duplicate name has been detected on the TCP network. The IP address ofthe machine that sent the message is in the data. Use nbtstat -n in acommand window to see which name is in the Conflict state.

Servers in this case were in the DMZ, weren't in a domain and definitely did not have duplicate names. They did have multiple network adapters, but that shouldn't have caused the issue. Finally realized, the systems had been converted (PtoV) into our virtual enviornment from physical.

Dropped to a command prompt and ran "set devmgr_show_nonpresent_devices=1" to ensure device manager would show all hidden devices. From there, I ran devmgmt.msc to open device manager and then from the toolbar, I selected the "Show hidden devices" option. Going through, the old network adapters were still in there. After removing the adapters and rebooting, the warning did not come back.

http://support.microsoft.com/kb/315539 explains how to show hidden devices in windows.

Friday, February 17, 2012

WMI Warnings Conquered

Had my final battle with WMI and am happy to say, I won. This time the issue was caused by agentless monitoring problems. I had followed the usual steps, starting with the encryption issue in the mof files, followed by updating WMI and then WSH. However, those steps did not solve the problem with my agentless systems constantly reporting back WMI errors on monitoring.

Here is the concoction I came up wtih that finally stopped the last of the warnings in the console.

These were Windows 2003 servers I was atempting to monitor. I started by adding both the SCOM action account to the DCOM group on the local server. I also added the SCOM management server computer account. I had noticed the server and action account were both showing up in the security logs on the local server I was trying to monitor.

Next, I tweaked my component services permissions to allow both the action and computer accounts to both the "Access Permissions" and "Launch and Activation Permissions" options under COM Security.

I installed "Remote DTC" as a windows feature and allowed remote clients to connect for network DTC access.

Finally, I added the action account and management server computer account with full permissions over the following registry key:
HKLM\Software\Microsoft\WBEM

Upon rebooting, I received no further WMI errors. I will post a more detailed, blow by blow accounting of all the things to use for troubleshooting WMI warnings in System Center.

Tuesday, February 7, 2012

WMI Errors Continued

Just when I thought I had cleared out all my WMI woes, they returned on a couple of systems where permissions had been adjusted.

The error this time was as follows:

Object enumeration failed
Query: 'SELECT StartMode, State FROM Win32_Service WHERE Name = 'MSSQL$RTC''
HRESULT: 0x800705af
Details: The paging file is too small for this operation to complete.

The system had effectively run out of memory to process WMI requests. This ended up being a WMI memory leak issue in Windows Server 2008 and required a hotfix as outlined in the following Microsoft KB article:

http://support.microsoft.com/kb/981314

Friday, February 3, 2012

WMI / Workflow errors in SCOM

Came across a different batch of workflow errors that required the same solution as the ones previously posted. If you encounter errors like this in SCOM, time to break out scriptomatic and toubleshoot your WMI connections to the affected servers.

*************************************************************************************

Data was found in the output, but has been dropped because the Event Policy for the process started at 10:56:09 AM has detected errors.
The 'StdErr' policy expression:
\a+
matched the following output:
Error -2147217407:
Unable to open WMI Namespace 'winmgmts:\\servername\root\cimv2'. Check to see if the WMI service is enabled and running, and ensure this WMI namespace exists.

*************************************************************************************

Data was found in the output, but has been dropped because the Event Policy for the process started at 2:35:17 PM has detected errors.
The 'StdErr' policy expression:
\a+
matched the following output:
Error -2147217357: Shutting down
The class name 'Win32_Printer' could not be found. Please check to see if this is a valid WMI class name.

*************************************************************************************