This rule uses a script to check the status of Active Roles replication. The script is intended to run on the Publisher Administration Service so as to verify the replication status of the Publisher and Subscribers. By default, this rule is scheduled to run every 30 minutes. The schedule can be adjusted by managing rule properties in the Operations Manager console.
This rule generates an alert when the Replication monitoring script detects that the Active Roles replication status indicates a replication failure.
Possible causes of the alert include:
-
The SQL Server Agent service is not started on the computer running the Publisher SQL Server.
-
The Snapshot Agent or a Merge Agent is not started at the Publisher SQL Server.
-
The Merge Agent uses incorrect credentials when connecting to the Publisher or a Subscriber.
-
The Snapshot Agent uses incorrect credentials when connecting to the Publisher.
For more information, and details on how resolve replication-related problems, see Identifying replication-related problems.
This category includes the event-based processing rules to monitor health of the connection to the configuration database:
-
Connection to database has been lost: Administration Service has lost connection to the configuration database, and is attempting to re-establish the connection.
-
Connection to database has been restored: Administration Service restored connection to the configuration database.
The following sub-sections elaborate on each of these processing rules.
Connection to database has been lost - Alert
This rule generates an alert indicating that the Administration Service has lost a connection to the configuration database, and is making attempts to restore the connection. For details, refer to the alert description generated by this rule. Losing the connection to the database does not affect the directory management functions of the Administration Service. All operations related to Active Directory management continue to work as expected.
As long as there is no connection to the database, the following Administration Service functions will not be available:
-
Collecting data related to change history and user activity.
-
Retrieving and updating configuration data.
-
Retrieving changes to configuration data made by other Administration Service instances (both directly and via replication).
-
Retrieving and updating virtual attributes stored in the configuration database.
Connection to database has been restored - Alert
This rule generates an alert indicating that the Administration Service has restored the connection to the configuration database. For details, refer to the alert description generated by this rule. Once the connection has been restored, all Administration Service functions that require access to the database will be restored.
This category includes the event-based processing rules to monitor the background activities of Active Roles related to Dynamic Groups:
-
Rebuilding has been started: Administration Service has been forced to re-calculate (rebuild) the membership list of a Dynamic Group.
-
Failed to add object to Dynamic Group: Administration Service failed to add an object to a Dynamic Group.
-
Failed to remove object from Dynamic Group: Administration Service failed to remove an object from a Dynamic Group.
-
Failed to process membership rule: Administration Service failed to apply a query-based membership rule when updating the membership list of a Dynamic Group.
-
Failed to update membership list: Administration Service failed to update the membership list of a Dynamic Group in accordance with the membership rules.
-
Failed to update membership list of nested group: Administration Service failed to update the membership list of an additional (nested) group generated to accommodate extra members of a Dynamic Group.
-
Failed to update membership rule upon deletion of object: When updating a Dynamic Group, Administration Service failed to delete or update a membership rule of a Dynamic Group upon deletion of an object.
-
Failed to look up object when updating: When updating a Dynamic Group, Administration Service failed to locate an object that is referred to by a certain membership rule. The object may have been deleted.
-
Failed to retrieve information from domain: Administration Service failed to retrieve information about Dynamic Groups from a certain domain.
-
Membership rule domain unavailable: When updating a Dynamic Group, Administration Service failed to apply a membership rule because the rule applies to a domain unavailable on the network.
-
Membership rule failed: When updating a Dynamic Group, Administration Service failed to apply one of the membership rules, which prevented all rules from being applied and stopped changes to the members list of the Dynamic Group.
The following sub-sections provide more details about these processing rules.
Dynamic Group - Rebuilding has been started - Alert
This rule generates an alert indicating that an administrator has forced Active Roles to re-calculate (rebuild) the membership list of a Dynamic Group. For details, refer to the alert description generated by this rule.
You can start rebuilding the Dynamic Group from the Properties > Members tab of the Dynamic Group, in the Active Roles Console.
Failed to add object to Dynamic Group - Alert
This rule generates an alert indicating that the Administration Service failed to add an object to a Dynamic Group due to a certain problem. The object is missing from the Dynamic Group until after the problem has been resolved. For details, refer to the alert description generated by this rule.
To solve the problem, try to force rebuilding the Dynamic Group from the Properties > Members tab of the Dynamic Group, in the Active Roles Console.
Failed to remove object from Dynamic Group - Alert
This rule generates an alert indicating that the Administration Service failed to remove an object from a Dynamic Group due to a certain problem. The object remains in the Dynamic Group until after the problem has been resolved. For details, refer to the alert description generated by this rule.
To solve the problem, try to force rebuilding the Dynamic Group from the Properties > Members tab of the Dynamic Group, in the Active Roles Console.
Dynamic Group - Failed to process membership rule - Alert
This rule generates an alert indicating that the Administration Service failed to apply a query-based membership rule when updating the membership list of a Dynamic Group. The failed rule is not taken into account, so the membership list may not comply with the membership rules. For details, refer to the alert description generated by this rule.
To solve the problem, try to force rebuilding the Dynamic Group from the Properties > Members tab of the Dynamic Group, in the Active Roles Console. Check membership rules by using the Membership Rules tab in that dialog.
Dynamic Group - Failed to update membership list - Alert
This rule generates an alert indicating that the Administration Service failed to update the membership list of a Dynamic Group in accordance with the membership rules. The membership list may not be compliant with the membership rules. For details, refer to the alert description generated by this rule.
To solve the problem, try to force rebuilding the Dynamic Group from the Properties > Members tab of the Dynamic Group, in the Active Roles Console.
Dynamic Group - Failed to update membership list of nested group - Alert
This rule generates an alert indicating that the Administration Service failed to update the membership list of an additional (nested) group generated to accommodate extra members of a Dynamic Group. The membership list of the nested group may not be compliant with the membership rules. For details, refer to the alert description generated by this rule.
To solve the problem, try to force rebuilding the Dynamic Group from the Properties > Members tab of the Dynamic Group, in the Active Roles Console.
Dynamic Group - Failed to update membership rule upon deletion of object - Alert
This rule generates an alert indicating that the Administration Service failed to delete or update a membership rule of a Dynamic Group when deleting a certain object. The membership rule could be one of the following:
-
Implicit inclusion or exclusion of that object from the Dynamic Group.
-
Query with a filter referring to that object.
-
Inclusion or exclusion of the members of the group represented by that object.
For details, refer to the alert description generated by this rule.
To resolve the issue, delete or update membership rules with the Properties > Membership Rules tab of the Dynamic Group in the Active Roles Console. Then, force rebuilding of the Dynamic Group from the Members tab in that dialog.
Dynamic Group - Failed to look up object when updating - Alert
This rule generates an alert indicating that the Administration Service failed to locate an object when updating the membership list of a Dynamic Group in accordance with the membership rules. The object may have been deleted. The object could be referred to by:
-
A membership rule to explicitly include or exclude that object from the Dynamic Group.
-
A query-based membership rule (the object may represent the base of a search or be a member of the search result set).
-
A membership rule to include or exclude the members of a certain group (the object may represent the domain of that group).
-
A directory synchronization (DirSync) query (this may be one of the objects returned by that query).
For details, refer to the alert description generated by this rule.
The membership rules referring to that object are inoperative and are not taken into account when updating the Dynamic Group, so the membership list may not be compliant with the membership rules.
To prevent issues with the membership list of the Dynamic Group, check membership rules by using the Properties > Membership Rules tab of the Dynamic Group in the Active Roles Console. Then, force rebuilding of the Dynamic Group from the Members tab in that dialog.
Dynamic Group - Failed to retrieve information from domain - Alert
This rule generates an alert indicating that the Administration Service failed to retrieve information about Dynamic Groups from a certain domain. The Dynamic Groups contained in that domain are inoperative until after the problem has been resolved. For details, refer to the alert description generated by this rule.
Dynamic Group - Membership rule domain unavailable - Alert
This rule generates an alert indicating that Active Roles failed to update the members list of the Dynamic Group in accordance with one of the membership rules. The failed membership rule applies to a domain that is currently unavailable. The membership rule is disregarded, so the members list of the Dynamic Group may not be compliant with the membership rules. For details, refer to the alert description generated by this rule.
To solve the problem, ensure that the domain is available on the network, then update the Dynamic Group by clicking Properties > Members > Rebuild in the dialog of the group in the Active Roles Console. Alternatively, wait for Active Roles to update the Dynamic Group on a schedule.
Dynamic Group - Membership rule failed - Alert
This rule generates an alert indicating that Active Roles failed to update the members list of the Dynamic Group in accordance with one of the membership rules. As one of the membership rules failed, no membership rules are applied until the issue is resolved, so the members list of this Dynamic Group remains unchanged. For details, refer to the alert description generated by this rule.
To solve the problem, try to force update the Dynamic Group by clicking Properties > Members > Rebuild in the dialog of the group in the Active Roles Console. Check the membership rules on the Membership Rules tab in that dialog.