Recent Posts

Blogroll

Older Posts

Meta

  • 25Mar

    Query notification processing failed due to a sql exception

    Business, Code, Computers, Networking No Comments

    We got this SCOM error last week along with a ton of the following warnings. Microsoft claims that this is a known issue that was supposed to be fixed with SCOM 2007 SP1 / SCOM 2007 R2, but I still encountered it running R2.

    Event Type: Error
    Event Source: DataAccessLayer
    Event Category: None
    Event ID: 26308
    Date:  3/11/2010
    Time:  11:30:01 AM
    User:  N/A
    Computer:
    Description:
    Query notification processing failed due to a sql exception.

    System.Data.SqlClient.SqlException: A transport-level error has occurred when receiving results from the server. (provider: TCP Provider, error: 0 – The semaphore timeout period has expired.)
    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
    at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
    at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
    at System.Data.SqlClient.SqlCommand.CheckThrowSNIException()
    at System.Data.SqlClient.SqlCommand.InternalEndExecuteReader(IAsyncResult asyncResult, String endMethod)
    at System.Data.SqlClient.SqlCommand.EndExecuteReader(IAsyncResult asyncResult)
    at Microsoft.EnterpriseManagement.Mom.DataAccess.QueryNotificationManager.HandleNotifications(Object state)

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: Health Service Modules
    Event Category: Data Warehouse
    Event ID: 31569
    Date:  3/11/2010
    Time:  11:30:03 AM
    User:  N/A
    Computer:
    Description:
    Report deployment process failed to request management pack list from Data Warehouse. The operation will be retried.Exception ‘InvalidConnectionException’: ExecuteScalar requires an open and available Connection. The connection’s current state is closed.

    One or more workflows were affected by this.

    Workflow name: Microsoft.SystemCenter.DataWarehouse.Deployment.Report
    Instance name:
    Instance ID: {A18674C9-F1A9-98DA-3B94-DD88EAE278FB}
    Management group:

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Warning
    Event Source: HealthService
    Event Category: None
    Event ID: 2115
    Date:  3/11/2010
    Time:  11:30:39 AM
    User:  N/A
    Computer:
    Description:
    A Bind Data Source in Management Group has posted items to the workflow, but has not received a response in 61 seconds.  This indicates a performance or functional problem with the workflow.
    Workflow Id : Microsoft.SystemCenter.CollectDiscoveryData
    Instance    :
    Instance Id : {A18674C9-F1A9-98DA-3B94-DD88EAE278FB}
    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Warning
    Event Source: HealthService
    Event Category: None
    Event ID: 2115
    Date:  3/11/2010
    Time:  11:30:39 AM
    User:  N/A
    Computer:
    Description:
    A Bind Data Source in Management Group  has posted items to the workflow, but has not received a response in 61 seconds.  This indicates a performance or functional problem with the workflow.
    Workflow Id : Microsoft.SystemCenter.CollectAlerts
    Instance    :
    Instance Id : {A18674C9-F1A9-98DA-3B94-DD88EAE278FB}
    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Warning
    Event Source: HealthService
    Event Category: None
    Event ID: 2115
    Date:  3/11/2010
    Time:  11:30:39 AM
    User:  N/A
    Computer:
    Description:
    A Bind Data Source in Management Group  has posted items to the workflow, but has not received a response in 61 seconds.  This indicates a performance or functional problem with the workflow.
    Workflow Id : Microsoft.SystemCenter.CollectPerformanceData
    Instance    : yksc1s3.ehit.org
    Instance Id : {A18674C9-F1A9-98DA-3B94-DD88EAE278FB}

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Warning
    Event Source: HealthService
    Event Category: None
    Event ID: 2115
    Date:  3/11/2010
    Time:  11:31:18 AM
    User:  N/A
    Computer:
    Description:
    A Bind Data Source in Management Group  has posted items to the workflow, but has not received a response in 61 seconds.  This indicates a performance or functional problem with the workflow.
    Workflow Id : Microsoft.SystemCenter.CollectEventData
    Instance    :
    Instance Id : {A18674C9-F1A9-98DA-3B94-DD88EAE278FB}
    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Warning
    Event Source: HealthService
    Event Category: None
    Event ID: 2115
    Date:  3/11/2010
    Time:  11:31:18 AM
    User:  N/A
    Computer:
    Description:
    A Bind Data Source in Management Group  has posted items to the workflow, but has not received a response in 61 seconds.  This indicates a performance or functional problem with the workflow.
    Workflow Id : Microsoft.SystemCenter.CollectSignatureData
    Instance    : yksc1s3.ehit.org
    Instance Id : {A18674C9-F1A9-98DA-3B94-DD88EAE278FB}
    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    This is caused by a high number of sql queries to the Datawarehouse database. The work around is to add an override for the Event Data Collector rule in the Data warehouse connection server scope.
    The Execution Attempt Timeout Interval Seconds property was changed from 0 to 6 and the Max Execution Attempt Count was set from 0 to 10. Restart the System Center service on the RMS and any gateway servers.

    Tags: , ,

  • 17Feb

    SCOM 2007 Stopped Receiving Alerts

    Business, Computers, Networking, Uncategorized No Comments


    I noticed one day that I stopped getting any SCOM alerts in my System Center Operation Manager 2007 R2 environment. As part of my troubleshooting I found a ton of the following warnings in the Operations Manager Event viewer. I contacted Microsoft tech support and discovered that my RMS was in maintenance mode. I had put my RMS in maintenance mode for 30 minutes when I did some windows updates, but it never come out of it. After stopping maintenance mode and re-starting the System Center Management service on the Root Management Server, alerts started coming in again. The Microsoft tech told me that you should never put your RMS in maintenance mode and when I asked to have some documentation where it said that, he said it does not exist. This a tip that they have discovered in their troubleshooting. During this time the RMS was unable to process agent requests, so the agent holds on to the notifications in a buffer until it can communicate with the RMS again. If you are getting this warning on the RMS there is a good chance that you lost any alerts that the agent was unable to store in the buffer.

    Event Type:      Warning

    Event Source:   OpsMgr Connector

    Event Category:            None

    Event ID:          20058

    Date:                2/6/2010

    Time:                2:00:17 PM

    User:                N/A

    Computer:

    Description:

    The Root Connector has received bad packets which have been dropped. It received 8374 such packet(s) in the last five minutes

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


    Tags: ,

  • 21Jan

    What to do before you run AntiSpyware software

    Computers, Hacking, Networking No Comments

    funny-pictures-virus-cat
    Does your Windows machine feel more sluggish than usual? Are you getting little notifications on your taskbar that “You may not be protected”? You may have spyware or malware running a muck on your pc. Malware is getting increasingly crafty and find new places to hide and make it very difficult to get rid of. Some malware even disables your anti-virus protection to avoid being detected. The best way to deal with spyware and malware is stop them from running so anti-virus and anti-spyware programs can better clean your machine. Here are a few steps and places to check to stop spyware and malware before you run a scan.

    1. Boot into Safe Mode

    Booting into safe mode starts the computer with a minimum set of programs and drivers, which means some Spyware won’t run either. Restart the computer and hit the F8 key repeatedly before Windows starts. Choose Safe Mode when presented with a menu.

    2. Log in as administrator

    Don’t login with your normal user name. Your profile will automatically run some programs that you are not aware of and that includes malware. Once you have cleaned up you machine a bit you can then login with your account to finish cleaning. If you computer automatically logs in, Click start and Log Off. After you are at the logon screen, hit Ctlr+Alt+Del twice to bring up the user dialog box. Type in administrator and hit Enter since the password should be blank. If this doesn’t work, just login with you account. We’ll still get’em.

    3. Edit or Replace your host file windows\system32\drivers\etc\hosts file

    This file bypasses DNS and can be used by malware to redirect you to a malicious website. When you type citibank.com it could be taking you to a site that looks like citibank but isn’t. Unless you have a good reason to have any data in this file it is better to delete the contents of the file. Go to Windows\system32\drivers\etc\ and double click on the hosts file. Choose notepad as the program to open this with. Highlight and delete the information in this file and save it.

    4. Check the corners of you registry.

    Before editing the registry you should save a backup of it. http://support.microsoft.com/kb/322756

    Note: you need to log in to each user account on the computer and check the HKEY_CURRENT_USER registry key for each user since it will be different for each user that logs in or you risk getting infected again after that user logs on.

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    “Program”=”c:\runfolder\program.exe”

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce]
    “Program”=”c:\runfolder\program.exe”

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    “Program”=”c:\runfolder\program.exe”

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    “Program”=”c:\runfolder\program.exe”

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    “Program”=”c:\runfolder\program.exe”

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    “Program”=”c:\runfolder\program.exe”

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices]
    “Program”=”c:\runfolder\program.exe”

    These reg keys will run programs. The key should have a default value of Value “%1 %*”, if this is changed to “program.exe %1 %*”, the program.exe will be executed EVERYTIME an exe/pif/com/bat/hta is executed.

    [HKEY_CLASSES_ROOT\exefile\shell\open\command] @=”\”%1\” %*”
    [HKEY_CLASSES_ROOT\comfile\shell\open\command] @=”\”%1\” %*”
    [HKEY_CLASSES_ROOT\batfile\shell\open\command] @=”\”%1\” %*”
    [HKEY_CLASSES_ROOT\htafile\Shell\Open\Command] @=”\”%1\” %*”
    [HKEY_CLASSES_ROOT\piffile\shell\open\command] @=”\”%1\” %*”
    [HKEY_LOCAL_MACHINE\Software\CLASSES\batfile\shell\open\command] @=”\”%1\” %*”
    [HKEY_LOCAL_MACHINE\Software\CLASSES\comfile\shell\open\command] @=”\”%1\” %*”
    [HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command] @=”\”%1\” %*”
    [HKEY_LOCAL_MACHINE\Software\CLASSES\htafile\Shell\Open\Command] @=”\”%1\” %*”
    [HKEY_LOCAL_MACHINE\Software\CLASSES\piffile\shell\open\command] @=”\”%1\” %*”

    Explorer start-up:

    Explorer runs your start menu and desktop and start every time you start windows. Check to see if the registry is pointing to explorer.exe or if it is pointed to another executable.

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell

    Active-X Component:

    This key starts the program that it has in its path BEFORE the explorer.exe file and any other program starts in your computer, so if you can understand why your antivirus can’t detect the virus when you boot up. It could even kill your antivirus software before your antivirus starts up.

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\KeyName]
    StubPath=C:\PathToFile\Filename.exe

    5. Start Up

    Here are the many places where programs get run at startup. Look at each item carefully. Find the name and path of the program that is being run. If you do not recognize it, search for it on the web to see if it is legit.

    Look in the following folders and check that the registry entry to verify that they pointing to the default location listed

    C:\windows\start menu\programs\startup

    * [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
    Startup=”C:\windows\start menu\programs\startup”

    * [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
    Startup=”C:\windows\start menu\programs\startup”

    * [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders]
    “Common Startup”=”C:\windows\start menu\programs\startup”

    * [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders]
    “Common Startup”=”C:\windows\start menu\programs\startup”

    6. Windows Scheduler:

    Scheduled Tasks are a place where normally you can set a program or command to run at a certain time or every 5 minutes, so it’s a good place to check.

    Go to Start-> Accessories-> System Tools-> Task Scheduler

    Some tasks don’t show up in the GUI so in a command prompt type: “at”

    Press enter.  You should see a list of tasks that are in the Task Scheduler GUI and some that may not.

    7. Batch files

    Open the following files in notepad and look for any odd programs that are listed. You can comment out the program by putting REM at the start of the line so it will be ignored.

    c:\windows\winstart.bat

    c:\Autoexec.bat

    Removing  Spyware and viruses

    After checking all these dark corners of you computer and removing any potentially malicious programs from starting, you are giving you anti-virus and anti-spyware software the best chance to find and remove the malware.

    AVG Free is a good free Antivirus program that detects many types of malware as well as viruses. Three effective anti-spyware programs are Spybot Search & Destroy, Malware Bytes, and AdAware. One pass of each of theses programs will clear your system of any unwanted processes slowing your machine down. Good Luck.

    Tags: , ,

  • 10Dec

    XFX GeForce SLI Card Failure

    Computers, Gaming No Comments


    xfx-GeForce-9800GT

    A few days ago the fan on one of the XFX nVidia GeForce 8800GS Alpha Dog cards in my gaming rig died. There are a pair of them in a SLI configuration and when the fan died on one, it overheated and shut down the system. As a safe gaurd, the system would not turn on with the bad card installed.

    At first I thought it was the power supply. I got a RMA on the Ultra 650W power supply and got a 750W upgrade. After replacing the PS, the system would still not even post. So as part of troubleshooting, I stripped the system down to minimum components (No hard drive, single memory stick, one video card). The system booted with one video card installed, and started beeping at me with the other card installed.

    I contacted XFX to get my 1 year old video card replaced/fixed. I an RMA for the card and XFX determined it was a faulty card. No sooner that I got the email from XFX about the faultly card, the other card went bad. I actually heard the fan come to a screeching halt. XFX informed me that they no longer make the 8800GS card and offered me a free upgrade to the GeForce 9800GT! Before they even knew the second card went south, XFX offered a free RMA upgrade to a 9800GT for the second card since they were in an SLI configuration. So kudos to XFX for standing behind their products and offering great service.

    Tags: , , , ,

  • 08Dec

    SCOM SNMP discovery through a gateway server

    Computers No Comments

    I have been trying to get System Center Operations Manager 2007 R2 to discover an IBM BladeCenter chasis through a gateway and I finally figured it out.
    First On the device you want to monitor, set your SNMP public community string to point to the IP address of the SCOM Gateway server.
    In the SCOM 2007 Administration console, choose Network Devices in the Discovery Managment Wizard choose network device and click next.
    In the next screen enter the IP address of the network device you want to monitor and under the mangment server drop down choose the gateway server who’s IP you entered in the SNMP string earlier. The device should now be discovered.

    SCOM-Discovery-Network

    Tags: ,

« Previous Entries