SCOM; DHCP Management-Pack

Sandro D'Incà 226 Reputation points
2022-11-25T12:15:21.737+00:00

dear community
we are using the official DHCP-management-pack (https://www.microsoft.com/en-us/download/details.aspx?id=54587) on our windows server 2022 - environment.
the MP is working well, but i have noticed the following 3 errors in our scom-management-server - log (Operations Manager - Log):
Event-ID: 26008
Level: Error
Source: Health SErvice Modules
Description:
The DhcpAdminEvents event log on computer 'Domain-Controller' is still corrupt. The Event Log Provider will attempt to recover by skipping over a possible bad record. The Provider may skip up to two records.
One or more workflows were affected by this.
Workflow name: Microsoft.Windows.DHCPServer.10.0.FailoverServerWatcher.UnitMonitor.LostCommunicationWithfailoverPartnerServer
.....

two other workflows are also affected:
Microsoft.Windows.DHCPServer.10.0.FailoverServerWatcher.UnitMonitor.ErrorCommunicationWithfailoverPartnerServer
Microsoft.Windows.DHCPServer.10.0.FailoverServerWatcher.UnitMonitor.OutOfTimeSync

i have already granted the scom management server action account the AD-group "event log readers" to access the DHCP-event-log. i have double-checked it and can access the provided event-log with the management-server-action-account without any problems.
but the error still exists and is logged once per minute

Operations Manager
Operations Manager
A family of System Center products that provide infrastructure monitoring, help ensure the predictable performance and availability of vital applications, and offer comprehensive monitoring for datacenters and cloud, both private and public.
1,443 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Sandro D'Incà 226 Reputation points
    2023-07-20T14:13:25.1833333+00:00

    ok, final status-update:

    we had opened a microsoft case to analyze this. root-cause was an error in the DHCP-server itself.

    in the event-log of the dhcp server were the following entries:

    Level: Error
    Source: DHCP-Server
    Event-ID: 20319
    Task Category: Name Registration
    General: Forward record registration for IPv4 address [IP-adress] and FQDN android-e3d9b053ff0d915a.fqdn.local failed with error 9560 (DNS name contains an invalid character.

    according to the following KB-article:

    https://zebratechnologies.force.com/s/article/Android-Devices-Showing-Unknown-Leading-Character-in-DeviceID-When-Seen-in-DHCP-Server-or-Customer-Dashboard?language=de

    after we fixed these DNS-entries / devices, the SCOM-error on the SCOM-management-server itself was gone too! it seems, that only these error-entries or incompatible characters in the hostname of the device were responsible for not accessing / gaining the requested informations of the DHCP-Log.

    ....that was a nasty one....

    1 person found this answer helpful.

  2. SChalakov 10,371 Reputation points MVP
    2022-11-25T14:25:56.347+00:00

    Hi Sandro,

    I just did a bit of troubleshooting regarding this, although I must say I had to troubleshoot a RPC Server unavailbale" exceptrion withiun the same event.
    First I need to say that the action:

    i have already granted the scom management server action account the AD-group "event log readers" to access the DHCP-event-log.

    is correct in case you have an "Access Denied" in the exception. In your particular case the exception is:

    The DhcpAdminEvents event log on computer 'Domain-Controller' is still corrupt. The Event Log Provider will attempt to recover by skipping over a possible bad record. The Provider may skip up to two records.

    Can you please do me a fvour and empty the DhcpAdminEvents event logs on the affected systems, make sure you can access those in the Events Viewer and then check if theose events come up again?

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
    Regards
    Stoyan Chalakov


  3. CyrAz 5,181 Reputation points
    2022-12-04T11:43:07.847+00:00

    These workflows are trying to access the DHCP event log on the failover dhcp server, not on the local domain controller. You need to make sure that everything's fine on the other dhcp server (likelyanother domain controller) and that opening remote event viewer from one to the other works, and that the runas account used has proper permissions to read remote events.