Monday, February 11, 2013

SCOM / OpsMgr - Hyper-V 2008 MP Issue

I've come across this problem a number of times over the last few months and know that a few of my other MVP colleagues have too so thought it'd be worth a quick blog post to help anyone out that comes across it.

Basically, if you have deployed the Hyper-V 2008 management pack and have a mixture of Hyper-V 2008 and Hyper-V 2012 hosts in your environment, then you will be hit with an error similar to this:


The Windows Event Log Provider is still unable to open the Microsoft-Windows-Hyper-V-Network-Admin event log on computer ‘ws2012-hyperv.kg.com’.
The Provider has been unable to open the Microsoft-Windows-Hyper-V-Network-Admin event log for 720 seconds.

Most recent error details: The specified channel could not be found. Check channel configuration.

One or more workflows were affected by this.

Workflow name: Microsoft.Windows.HyperV.2008.VirtualNetwork.PortConnectionMonitor

Instance name: Microsoft Network Adapter Multiplexor Driver - Virtual Switch

Instance ID: {63A20D0B-84E0-C128-C2E1-54F9B56B3EA8}
The key issue here is that there are specific monitors in the Hyper-V 2008 MP that look to access the event log highlighted above and in Windows Server 2012, this event log doesn't exist. The end result is that you will constantly have your Hyper-V 2012 agents showing up with a warning state in the SCOM console.

Here's how you resolve the issue:

First up, click on the Authoring button from the wunderbar in the SCOM Operations console as below


Now click on the Monitors view and then select the Scope button up top to scope your search criteria. When the Scope Management Pack Objects window appears, choose the View All Targets option and then type Hyper-V in the Look For field as shown below and then click OK to continue


Back at the now scoped Monitors window, in the Look For field at the top of the screen, type Port Connectivity as shown in the screenshot below and then hit the Find Now button


 You should now be presented with the Port Connectivity monitor that forms part of the Microsoft Windows Hyper-V 2008 Monitoring management pack and this is one of the monitors that we need to disable for the Windows Server 2012 Hyper-V servers



 If we double click on the Port Connectivity monitor to view its properties, we can see that its management pack is indeed the Microsoft Windows Hyper-V 2008 Monitoring one and that its virtual target is the Hyper-V Virtual Network class.


To confirm that this monitor is attempting to open the Microsoft-Windows-Hyper-V-Network-Admin event log that was mentioned in the original error message, we need to click on the Event Log (Unhealthy Events) tab as shown below. Hit the Close button to go back to the Monitors screen to disable this monitor.


Right-click on the Port Connectivity monitor, choose Overrides, select Disable the Monitor and choose the group or object of class that represents your Windows Server 2012 servers.


In this example, I've selected an Object of Class: Hyper-V Virtual Network and I am presented with all of the virtual networks that SCOM has discovered as shown below.


We can see in the screenshot that there are two entries here for Microsoft Network Adapter Multiplexor Driver - Virtual Switch and these two entries represent the two Windows Server 2012 Hyper-V hosts that I have deployed SCOM agents to. These are also the two servers that I constantly get the warning health state and alert about not being able to access the windows event log.

If I choose one of these entries and then hit OK, I will then be to the Override Properties window with the Enabled option set to False (as I had selected to disable this monitor earlier.) All that's left for me to do now is to add in a description for the override and choose an unsealed management pack to store it in - see below for details on what I've done


Once you've made the override, click on the OK button to close the Override properties window to return to the Monitors screen.

You will need to repeat this process again for one more monitor - this time selecting the Port Disconnectivity one as shown below


Once you have disabled both monitors for all Windows Server 2012 Hyper-V servers in your environment, then this alert will disappear and health states will return to a valid representation of the agents.

Hopefully, this will be resolved in the next update of the Hyper-V 2008 management pack and in the meantime, this post might have helped someone get past the alerts.

16 comments:

  1. Hi Kevin,
    I getting similar error but for different Evevnt Log. I looking for solution on net, if you came across any solution please let me know.

    Log Name: Operations Manager
    Source: Health Service Modules
    Date: 2/25/2013 3:03:03 AM
    Event ID: 26004
    Task Category: None
    Level: Error
    Keywords: Classic
    User: N/A
    Computer: MyComp.Mydomain.com
    Description:
    The Windows Event Log Provider is still unable to open the Microsoft-Windows-Hyper-V-Image-Management-Service-Admin event log on computer 'MyComp.Mydomain.com'. The Provider has been unable to open the Microsoft-Windows-Hyper-V-Image-Management-Service-Admin event log for 271440 seconds.

    ReplyDelete
    Replies
    1. Look for Mounted Drive Read-Only Monitor (targeted to Hyper-V Virtual Hard Disk) and apply same steps for disabling for 2012 hosts.

      Delete
  2. Kevin, thanks for the post, helped a lot :)

    ReplyDelete
    Replies
    1. You're welcome Jānis, glad I could help!

      Kevin.

      Delete
  3. I am running into this issue and I have went through the steps you have described and the agents are still showing a warning for the same reason. Do the agents need to be reinstalled? I setup the override for all windows 2012 servers and I can see it showing up under the overrides section so it would appear that it is applied to the 2012 servers. If you have any other ideas on this please let me know.

    ReplyDelete
  4. I have a similar issue, but a completely different event log, Microsoft-Windows-RemoteDesktopServices-Gateway/Operational. This is on a Server 2012 VM with Remote Desktop Gateway installed, didn't have the problem on 2008 R2. Both 2008 R2 and 2012 have a Microsoft-Windows-TerminalServices-Gateway/Operational, so it seems like a bug.

    Anyway, was wondering if you happen to know where to look to disable this monitor, or the best way to search for it, thanks.

    ReplyDelete
  5. This solution works. Thanks Kevin. One thing to note though, you need to restart the scom agent running on the hypervisors and do a recalculate health in order for the agents to show healthy.

    ReplyDelete
    Replies
    1. Interesting point and thanks for the heads up on it!

      Kevin.

      Delete
  6. I should add, that I had to disable not only Port Connectivity and Port Disconnectivity monitors, but also three monitors targeted to Hyper-V Virtual Network Adapter - Dynamic MAC Address, Mac Address and Static MAC Address. Theese three monitors also references to Microsoft-Windows-Hyper-V-Network-Admin event log.

    ReplyDelete
    Replies
    1. Wont that disable som Hyper-V 2012 related monitoring?

      Delete
    2. Thank you! That was so difficult to find!

      Delete
    3. This FINALLY took my 2012 hosts out of Warning state. Thank you!

      Delete
  7. Replies
    1. No problem Maurice - glad it worked :)

      Delete
  8. I followed the guidelines in this blog and while it worked for most of my servers, I had one stubborn server in a cluster that wouldn't stop alerting me. Then it dawned on me that all I had to do was just recreate the logs. Then I would never need to mess around with overriding the MP and remembering to add new servers and their respective resources. I blogged about my approach here: https://www.avianwaves.com/Blog/entryid/186/operations-manager-failed-to-access-the-windows-event-log-after-installing-hyper-v-management-packs.aspx

    ReplyDelete