Share via


AD Trust Monitoring - what generates the alert and why it's not auto resolved

When importing the Microsoft Active Directory Management pack, it normally generates quite a few alerts that needs to be solved and/or tuned.

One of the alerts I often see is the warning 'A problem has been detected with the trust relationship between two domains':

Followed by the critical alert 'A problem with the inter-domain trusts has been detected':

So what is it that generates the alerts?, the rule triggers on the Event ID 83 is the Operations Manager log, which is an event created by the Active Directory Monitor Trusts script when verifying the status of the trust.

 The Active Directory Monitor Trusts script configures the TrustMon WMI provider to return all trusts, and then it queries for all instances of the Microsoft_DomainTrustStatus object in the \root\MicrosoftActiveDirectory WMI namespace.

For each object that is returned; if the TrustType property of the object is not Downlevel or Uplevel (the other options are Kerberos Realm and DCE, which cannot be monitored effectively by TrustMon), the trust is ignored.

If the TrustType of the object indicates that it can be monitored, the TrustStatus property of the object is checked. If TrustStatus is not 0, the trust is in an error state and the trust and its TrustStatusString (a textual description of the current state of the trust) are formatted and relayed as the trust status.

The picture below shows how the WMI class looks like with a functioning and faulty trust:

 

 

So how do you solve the problem, well there can be many reasons to the error like name resolution, connectivity, decommissioned domain controllers etc. So there is no generic rule to solve it. Bottom line is to ensure all domain controllers can resolve and communicate with the PDC/PDCe in the target domain.

When you finally solve the problem with the faulty trust, you might wonder why the critical error doesn't auto-resolve. Well, that's because there unfortunately is an error in the AD management pack. But no worries, a small override and the monitor works like a charm. Just set the LogSuccessEvent on the AD Trust Monitor to 'true' and the monitor will automatically auto-resolve when the trust is verifed and the TrustStatus equals 0.

Click here if you want to read more about the Microsoft DomainTrustStatus Class

Comments

  • Anonymous
    March 02, 2011
    The comment has been removed

  • Anonymous
    April 04, 2012
    Indeed, i encountered the issue on scom 2012 also

  • Anonymous
    December 17, 2012
    Also noticed that any attempt to override alert severity has no effect. Object still appears as critical

  • Anonymous
    September 14, 2015
    see http://www.systemcentercentral.com/opsmgr-r2-by-example-the-active-directory-management-pack/ and perhabs when using SCOM 2012. the Logsuccessevent is now true by default!

  • Anonymous
    November 28, 2015
    Thanks for the great info. I really loved this. I would like to apprentice at the same time as you amend your web site, how could i subscribe for a blog site?
    For more info on showbox please refer below sites:
    http://showboxandroids.com/showbox-apk/
    http://showboxappandroid.com/
    Latest version of Showbox App download for all android smart phones and tablets. http://movieboxappdownloads.com/ - It’s just 2 MB file you can easily get it on your android device without much trouble. Showbox app was well designed application for android to watch movies and TV shows, Cartoons and many more such things on your smartphone.
    For showbox on iOS (iPhone/iPad), please read below articles:
    http://showboxappk.com/showbox-for-ipad-download/
    http://showboxappk.com/showbox-for-iphone/
    Showbox for PC articles:
    http://showboxandroids.com/showbox-for-pc/
    http://showboxappandroid.com/showbox-for-pc-download/
    http://showboxforpcs.com/
    There are countless for PC clients as it is essentially easy to understand, simple to introduce, gives continuous administration, effectively reasonable. it is accessible at completely free of expense i.e., there will be no establishment charges and after establishment it doesn't charge cash for watching films and recordings. Not simply watching, it likewise offers alternative to download recordings and motion pictures. The accompanying are the strides that are to be taken after to introduce Showbox application on Android. The above all else thing to be done is, go to the Security Settings on your Android telephone, Scroll down and tap on 'Obscure sources'.