Key monitoring scenarios
The Microsoft Forefront Server Protection Management Pack for Microsoft System Center Operations Manager 2007 (Operations Manager 2007) proactively monitors the "health" of your Forefront agent-managed systems by looking at events. Events are logged when transitions occur from one state to another. Health is indicated by a color code:
Green (healthy) – everything is functioning properly and performing well. Green events do not trigger alerts. The symbol is a green check mark within a circle.
Yellow (warning) – performance is poor or a problem is impairing non-critical functionality. Yellow events trigger warning alerts. The symbol is a "!" within a yellow triangle.
Red (unhealthy) – critical functionality has been lost. Red events trigger error alerts. The symbol is a white "x" within a red circle.
Problem types
These are the various types of problems that the Microsoft Forefront Server Protection Management Pack keeps track of.
Engines
These are the monitored engine conditions.
Monitored Event |
Success (green) |
Warning (yellow) |
Error (red) |
Antimalware Engines Update Enabled |
The engines selected to be used for the scan jobs are enabled for updating. |
The engines selected to be used for the scan jobs are not all enabled for updating. |
Not applicable. |
Antimalware Engines Update Success Rate |
All engines enabled for updating were successfully updated. |
At least half of the engines enabled for updating were successfully updated. |
Less than half of the engines enabled for updating were successfully updated. |
Antimalware Engines Last Update Time |
All engines enabled for updating were successfully updated within the last five days. |
Some of the engines enabled for updating were not updated within the last five days. |
None of the engines enabled for updating were updated within the last five days. |
Last antispam definition update |
Content filter definitions have been updated in the last hour. |
Content filter definitions were last updated in the past 1-12 hours. |
The last content filter definition update was over 12 hours ago. |
Workload Integration
These are the monitored workload integration conditions.
Monitored Event |
Success (green) |
Warning (yellow) |
Error (red) |
Exchange Transport Hook State |
The Microsoft Exchange Transport service is running and the Forefront agent is registered. |
Not applicable. |
The agent failed to register or is not enabled. This prevents the Microsoft Exchange Transport service from starting. |
Forefront Agent State |
The Microsoft Exchange Transport service is running and the Forefront agent is registered. |
Not applicable. |
The Microsoft Exchange Transport service is running, but the Forefront Agent is not registered. |
VSAPI registration |
The Microsoft Exchange Information Store is running and the Forefront VSAPI library is registered. |
Not applicable. |
The Microsoft Exchange Information Store is running, but the Forefront VSAPI library is not registered. |
Scan Jobs
These are the monitored scan job conditions. There are separate events for realtime and scheduled scans.
Monitored Event |
Success (green) |
Warning (yellow) |
Error (red) |
Scan job enabled (for transport and realtime scans) |
The scan job is enabled properly. |
The scan job was disabled or bypassed. |
|
Scan engines have been initialized (for transport, realtime, and scheduled scans) |
The engines selected for the scan job have been initialized. |
Not applicable. |
The selected scanning engines were not initialized with the scan job. |
Scan filter engine loaded (for transport, realtime, and scheduled scans) |
The engine that handles filtering loaded correctly. |
Not applicable. |
The engine that handles filtering did not load correctly. |
Scan process state (for transport and realtime scans) |
The scanning processes are running. |
Some processes did not restart after a timeout or exception. |
No scanning processes restarted after a timeout or exception. |
Scheduled scan termination |
The scheduled scan executed within the allowed time. |
Not applicable. |
The scheduled scan exceeded the allowed time limit. |
Transport Scanning Deliverable State |
All messages have been scanned and delivered. |
Not applicable. |
A message scan could not be completed. The message was placed in the Undeliverable Archive folder for further review. |
Services
These are the monitored services conditions.
Monitored Event |
Success (green) |
Warning (yellow) |
Error (red) |
FSCController service |
The FSCController service is running. |
Not applicable. |
The FSCController service has stopped. |
Eventing service |
The Eventing service is running. |
Not applicable. |
The Eventing service has stopped. |
FSEMailPickup service |
The FSEMailPickup service is running. |
Not applicable. |
The FSEMailPickup service has stopped. |
FSCMonitor service |
The FSCMonitor service is running. |
Not applicable. |
The FSCMonitor service is inactive. |
Cluster servers
These are the monitored cluster server conditions.
Monitored Event |
Success (green) |
Warning (yellow) |
Error (red) |
CCR cluster engine replication |
Engine replication across the CCR cluster succeeded. |
Not applicable |
Engine replication across the CCR cluster failed. |
CCR cluster file synchronization |
File synchronization succeeded. |
Not applicable |
File synchronization failed. |
Active node lookup |
FPE successfully found the active node. |
Not applicable |
FPE could not find the active node |
Passive node transition |
The transition to the passive state succeeded. |
Not applicable |
An error occurred while transitioning to the passive state |
CCR cluster change notifications |
The CCR replication service cluster state monitoring is able to receive cluster change notifications. |
Cluster change notifications cannot be received. |
Not applicable. |
License
These are the monitored license conditions.
Monitored Event |
Success (green) |
Warning (yellow) |
Error (red) |
License state |
The Forefront Protection 2010 for Exchange Server is licensed. |
The Forefront Protection 2010 for Exchange Server license will expire soon. |
The Forefront Protection 2010 for Exchange Server license has expired. |