By default it's not enabled so you have to create it
New -> Monitor Objects -> Windows Events -> Simple Event Detection -> Manual Reset -> select System Log
- Event ID: 6008
- Event Source: EventLog
But you will get this alert after the server is online again NOT when the server is down the reason why is because this message will write to event log after the windows startup and when SCOM agent detect this message it will forward to SCOM Server.
Server down -> no SCOM agent -> no engine to detect message -> no communication between server and agents
Actually when the server is down you will get alert from SCOM Server about "Management software failed", "Failed to connect to the computer" and if your server running another applications (sql, exchange, etc) you will get alerts from application management pack also...
Another thing is for this 2 alerts ("Management software failed", "Failed to connect to the computer" it will automatic closed when the server is online again. You might not get this alerts if you are running on virtualization platform because when the server reboot it might take less than 1 min.....
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment