Ops Mgr 2007 “Failed Accessing Windows Event Log”

If you’ve been getting these errors from your Operations Manager 2007 DHCP Management Pack, the solution is at hand!  Here’s the typical error you’d get:

Failed Accessing Windows Event Log

The Windows Event Log Provider was unable to open the System event log on computer ‘{69E3F0CF-36C3-9FDC-1892-42FB003E34DB}’ for reading. The provider will retry opening the log every 30 seconds. Most recent error details: The RPC server is unavailable. One or more workflows were affected by this. Workflow name: Microsoft.Windows.DHCPServer.Library.Server.UnitMonitor.DependentServiceHealth Instance name: myserver.mycompany.local Instance ID: {69E3F0CF-36C3-9FDC-1892-42FB003E34DB} Management group: MyCompany-SysCtrOpsMgr

It seems that the DHCP MP v6.0.6383.0 introduced this annoying bug that seemingly had no solution.  Well, I guess it really didn’t have a solution…until the next version was released.  That version, v6.0.6452.0, was released in November and seems to fix the problem.  Before you import this updated version though, be sure to remove any exisitng DHCP management packs.  Per the included documentation:

Before you import the Windows Server DHCP Management Pack, take the following actions:

• Perform a full backup of the Operations Manager 2007 database.
• Uninstall any existing DHCP management packs. You may wish to record custom overrides and rules for possible inclusion in the new DHCP management pack.

Of course, the fix for this bug isn’t documented in the release notes, but none the less it does appear to be fixed.

“More Available” DHCP

Last year I upgraded our production AD environment from Windows 2000 Server SP4 based DCs to Windows Server 2003 64-bit R2 SP2 based DCs…yeah, a little bit late.

One of the issues with the previous environment was there was no redundancy in the DHCP implementation.  Natively, within what Windows provides, your only real choice for highly available DHCP is to have a DHCP cluster.  Since most admins, myself included, prefer to keep all of the network infrastructure services on the DCs (DNS, DHCP, WINS), that makes clustering a no-go…you cannot cluster DCs (more specifically, you cannot cluster DCs and still remain in a supportable configuration should you need assistance from PSS).

There are a few really good hardware based products out there for IP Address Management, such the devices from Bluecat Networks.  These appliances have fail-over clustering capabilities and provide DNS and DHCP.  But, as was the case with our organization, the desire to stay away from adding extra layers of complexity to the core infrastructure won out over an obviously attractive solution for creating highly available DHCP.

Enter the concept of what I like to call “more available”, or just MA for short.  Using a combination of freely available utilities and built-in functionality in Windows Server 2003, you can create a MA solution for DHCP at no cost.  A couple of assumptions must be made at this point though:

• You have at least two Domain Controllers in the domain.
• You are willing to install and authorize the DHCP service one at least two of the Domain Controllers.
• You are willing to create a service account that will be a member of the Domain Admins group.
• You are willing to have some divergence (i.e. difference) between the active copy of the DHCP database and the standby copy/copies of the DHCP database on the non-active DHCP servers.

The basic process works like this:

1. A wrapper .BAT file is called by a scheduled task on the Domain Controller that is providing DHCP.  This scheduled task must be run with credentials that have Domain Admin group membership.
2. The wrapper .BAT file first runs a second .BAT file that uses the netsh command to export the DHCP database to a text file.  Neat!
3. The wrapper .BAT file next runs a third .BAT file that uses the great robocopy utility to copy the entire contents of a certain folder from the Domain Controller that is running DHCP to one or more other Domain Controllers that have DHCP installed and authorized, but not running.
4. On each of the target Domain Controllers, a fourth .BAT file is run by a scheduled task (using the same account with Domain Admin credentials).  This .BAT file makes a backup copy of the DHCP database on that target Domain Controller and then runs a fifth .BAT file to use netsh to import the DHCP database that was exported from the source Domain Controller.  (This task should run later than the one on the source Domain Controller, say 5 or 10 minutes later.)

You can get Robocopy by downloading the Windows Server 2003 Resource Kit tools.

In the attached ZIP file are all of the .BAT files you’ll need to make this work.

• DHCP_processing.bat:  The first wrapper file that performs the DHCP database export on the source Domain Controller and then copies the files to the destination Domain Controller(s).
• NETSH_export.bat:  Called by the first wrapper file, it performs the export of the DHCP database on the source Domain Controller.
• DHCP_copy.bat:  Called by the first wrapper file, it uses robocopy to copy the contents of the folder containing all of the script files and the exported DHCP database to the source Domain Controller(s).
• DHCP_import.bat:  Another wrapper file, this one manages the state of the DHCP service on the target Domain Controller and creates a copy of the existing DHCP database before calling the last file to import the DHCP database.
• NETSH_import.bat:  Called by the wrapper file on the target Domain Controllers, this one imports the DHCP database.

A few notes to keep in mind to make this work:

• All DHCP servers must be authorized in AD.
• You’ll want to edit the file paths in the provided .BAT files to match your environment.
• The DHCP service on the source Domain Controllers should be changed to Manual start up mode (to ensure that the DHCP service is never accidentally started, which would be a bad thing since you’d have multiple DHCP servers issuing addresses and no single point of reference).
• The service account to be used must be a Domain Admin.
• You should put all of the script files and the robocopy executable in a single folder, such “E:\DHCP\IMPORT_EXPORT” in my environment.  Let robocopy copy all of files in the folder to the source Domain Controllers, even though they are not needed (this provides protection for your script files if you lose the source Domain Controller).
• Make sure your network group has configured the network infrastructure (routers and/or switches as required) to allow the IP address of any servers you’re setting this up on as “DCHP helpers”…that will be one less thing to do during a failure event.

In our environment, I have the scheduled tasks running twice daily at 10 AM and 7 PM as this was adequate to capture the vast majority of new DHCP lease issues (i.e. they happen on first and second shift before these times).  You can certainly run the tasks as often as you want to reduce the differential between the contents of the two databases. 

To put one of the standby DHCP servers in operation, simply stop the DHCP running on the original DHCP server (if it’s available) and start the DHCP service on the standby service.  More Available DHCP has now been achieved.

  More_Available_DHCP.zip (962 bytes, 988 hits)

• 

• Translator

• Categories

  • Active Directory (13)
  • Certification (2)
  • Data Protection Manager 2007 (7)
  • Exchange Server 2007 (26)
  • Microsoft Office Communications Server 2007 (1)
  • Networking (3)
  • Operations Manager (24)
  • PKI & Certificate Services (2)
  • Powershell (10)
  • Server Hardware (5)
  • Storage (4)
  • Visual Basic Script (3)
  • Windows Server 2003 (6)
  • Windows Server 2008 (4)

• Tag Cloud

  • Active Directory | AD LDS | ADAM | Agents | Alerts | antivirus | bug | C-Class Blades | CCR | Certification | Cisco | Cluster | Clustering | Data Protection Manager 2007 | Data Warehouse | DBCreateWizard | dbdsutil | DHCP | DNS | Doh! | Error 5 | EVA | Event Logs | Exchange | Exchange Server 2007 | Fibre Channel | ForeFront | HBA | Health Service | HP | iLo | IMAP | Management | Management Pack | MOSS | Operations Manager | Overrides | PKI & Certificate Services | Powershell | Printers | Reboot | Recipients | Registry | robocopy | Root Server | SAN | Scripting | SDDL | secedit | Self Tuning Threshold | Servers | Sharepoint | SMTP | SSL | strange | Terminal Services | Tools | Updates | Virtualization | VPN | VSS | Whitepaper | Windows Server 2008 |

• Blogroll

  • Ramblings of the Mad Cow

• Archives

  • September 2009
  • August 2009
  • April 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008

• Users Online

  • 2 Users Online