SCOM Windows Service Monitoring

Windows services monitoring can be configured in SCOM using monitors or windows services template

Go to Authoring -> Management Pack Templates -> windows service

authoring

Right click -> Add monitoring wizard -> select windows service

Provide name of the display service to be monitored

Description optional

Select relevant unsealed management pack

service name of the service to be monitored

target group (computers which has this service to be monitored)

check or un check the automatic service check box

choose performance counters & timings (optional)

Save the wizard

Service will be monitored from now and you can check the service status in monitoring wizard

scomwin

Go to Monitoring work space ->windows service and process monitoring->windows service state

In the right hand side you can view the services that are in monitoring

 

SCOM Resource Group Monitor

Cluster Resource failed alert will be generated by 2 monitors
> Cluster Resource Failed Monitor
>Resource Group Monitor

Genuine clusters will be by cluster resource failed monitor
Where as resource group monitor will generate alerts if any one of the resource is not getting monitored by SCOM

Or

Generally available storage object will be in not monitored state in SCOM by default

Due to which cluster failure alerts will be generated

To stop these false alerts , monitoring of available storage has to be disabled using override

AD Account Lockout Monitoring

SCOM will generate alert if active directory user account is locked out.

Steps are shown below

1.Authoring -> Rules -> NT EventLog
2.Target to Active Directory Domain Controller Computer Role
3.Criteria should be Event id “4740”, operator “equals”
4.Event Source “Microsoft-Windows-Security-Auditing”
5.”TargetUserName ” equals “username”

pic2