Part 1 : SCOM 2012 R2 HealthService Event Reference / MOMConnector
HealthService Event Reference
This appendix provides information about the events that Microsoft System Center Operations Manager can log to its event log from the HealthService features.
NOTE : Not all the events that Operations Manager may log to its event log are included here. Many other events are logged by the modules that each workflow might use, for example, the database write module or group calculation modules.
MOMConnector
EventID=20000
Severity=Informational Message=A device which is not part of this management group has attempted to access this Health Service%nRequesting Device Name : %1
EventID=20001
Severity=Error Message=A device on %2 which is not part of management group %1 has attempted to access this Health Service and has been rejected. To allow unknown devices to request permission to join the management group, allow manually installed agents to request approval in the OpsMgr Console
EventID=20002
Severity=Error Message=A device at IP %1 attempted to connect but could not be authenticated, and was rejected
EventID=20020
Severity=Success Message=The entity “%2” is now available%n %n Entity Id: %1 %n Management Group Name: %3 %n Management Group Id: %4
EventID=20021
Severity=Success Message=The entity “%2” is now available through the system %5%n %n Entity Id: %1 %n Management Group Name: %3 %n Management Group Id: %4
EventID=20022
Severity=Warning Message=The entity “%2” is not heartbeating%n %n Entity Id: %1 %n Management Group Name: %3 %n Management Group Id: %4
EventID=20023
Severity=Warning Message=The entity “%2” is not reachable due to its server being unavailable%n %n Entity Id: %1 %n Management Group Name: %3 %n Management Group Id: %4
EventID=20025
Severity=Warning Message=The availability monitoring of entity “%2” has been disabled%n %n Entity Id: %1 %n Management Group Name: %3 %n Management Group Id: %4
EventID=20026
Severity=Warning Message=The health service %1 running on host %2 and serving management group %3 with id %4 is not healthy. Some system rules failed to load
EventID=20027
Severity=Warning Message=The health service %1 running on host %2 and serving management group %3 with id %4 is not healthy. Health Service failed to process new configuration
EventID=20028
Severity=Warning Message=The health service %1 running on host %2 and serving management group %3 with id %4 is not healthy. Action account is invalid
EventID=20029
Severity=Success Message=The health service %1 running on host %2 and serving management group %3 with id %4 is still not healthy. However, system rules are now loaded
EventID=20030
Severity=Success Message=The health service %1 running on host %2 and serving management group %3 with id %4 is still not healthy. However, health service succeeded processing new configuration
EventID=20031
Severity=Success Message=The health service %1 running on host %2 and serving management group %3 with id %4 is still not healthy. However, action account is now valid
EventID=20032
Severity=Warning Message=The health service %1 running on host %2 and serving management group %3 with id %4 is not available because service has been paused
EventID=20033
Severity=Success Message=The health service %1 running on host %2 and serving management group %3 with id %4 is still not healthy. However, service has been resumed from a pause
EventID=20034
Severity=Warning Message=The health service %1 running on host %2 and serving management group %3 with id %4 is not healthy. Entity state change flow is stalled with pending acknowledgement
EventID=20035
Severity=Success Message=The health service %1 running on host %2 and serving management group %3 with id %4 is still not healthy. However, entity state change flow resumed
EventID=20036
Severity=Warning Message=The health service %1 running on host %2 and serving management group %3 with id %4 is not healthy. Monitor state change flow is stalled with pending acknowledgement
EventID=20037
Severity=Success Message=The health service %1 running on host %2 and serving management group %3 with id %4 is still not healthy. However, monitor state change flow resumed
EventID=20038
Severity=Warning Message=The health service %1 running on host %2 and serving management group %3 with id %4 is not healthy. Alert flow is stalled with pending acknowledgement
EventID=20039
Severity=Success Message=The health service %1 running on host %2 and serving management group %3 with id %4 is still not healthy. However, alert flow resumed
EventID=20100
Severity=Error Message=The OpsMgr Connector for management group %1 cannot connect to Active Directory to retrieve connection policy. The error is %2 (%3)
EventID=20012
Severity=Informational Message=The OpsMgr Connector did not find any connection policy in Active Directory for management group %1
EventID=20013
Severity=Success Message=The OpsMgr Connector successfully retrieved policy from Active Directory for management group %1
EventID=20014
Severity=Warning Message=The OpsMgr Connector successfully retrieved policy from Active Directory for management group %1. However, that policy is corrupt and cannot be processed
EventID=21000
Severity=Error Message=The OpsMgr Connector has received a bad packet from the device at %1. The first bytes in the packet are in the binary data portion of this event
EventID=21001
Severity=Error Message=The OpsMgr Connector could not connect to %1 because mutual authentication failed. Verify the SPN is properly registered on the server and that, if the server is in a separate domain, there is a full-trust relationship between the two domains
EventID=21002
Severity=Error Message=The OpsMgr Connector could not accept a connection from %1 because mutual authentication failed
EventID=21003
Severity=Error Message=The OpsMgr Connector could not connect to %1 because negotiation could not agree on the required level of security. The server security options are %2 and the resulting context attributes are %3
EventID=21004
Severity=Error Message=The OpsMgr Connector could not initialize Windows Sockets. The version required is %1.%2, but the version available is %3.%4
EventID=21005
Severity=Error Message=The OpsMgr Connector could not resolve the IP for %1. The error code is %2(%3). Please verify DNS is working properly in your environment
EventID=21006
Severity=Error Message=The OpsMgr Connector could not connect to %1:%2. The error code is %3(%4). Please verify there is network connectivity, the server is running and has registered it’s listening port, and there are no firewalls blocking traffic to the destination
EventID=21007
Severity=Error Message=The OpsMgr Connector cannot create a mutually authenticated connection to %1 because it is not in a trusted domain
EventID=21008
Severity=Error Message=The target %1 is not supported. This commonly results from attempting to use an IP for authentication purposes, which is not supported
EventID=21009
Severity=Error Message=The OpsMgr Connector has received an oversized package from IP %1. OpsMgr prevents large packages from being delivered to protect the system against flooding attacks. OpsMgr will never send oversize packages
EventID=21010
Severity=Error Message=The OpsMgr Connector negotiated the use of mutual authentication with %1, but Active Directory is not available and no certificate is installed. A connection cannot be established EventID=21011 Severity=Error Message=The mutual authentication settings on this machine and the machine at %1 are different.
EventID=21012
Severity=Error Message=The OpsMgr Connector negotiated the use of Kerberos based mutual authentication with %1, but Active Directory is not available on the remote machine and a connection cannot be established
EventID=21013
Severity=Warning Message=Unable to listen on IPv4/TCP port %1. The error returned is %2(%3). This is typically caused by another application already listening on this port. OpsMgr will continue to acquire this port until it is available
EventID=21014
Severity=Success Message=OpsMgr has received a bad configuration package, and will re-request configuration
EventID=21015
Severity=Warning Message=OpsMgr was unable to set up a communications channel to %1. Communication will resume when %1 is available and communication from this computer is allowed
EventID=21016
Severity=Error Message=OpsMgr was unable to set up a communications channel to %1 and there are no failover hosts. Communication will resume when %1 is available and communication from this computer is allowed
EventID=21017
Severity=Success Message=OpsMgr has successfully failed over to %1
EventID=21018
Severity=Error Message=OpsMgr has attempted to connect to all failover hosts and no hosts can be contacted
EventID=21019
Severity=Success Message=OpsMgr has returned to communicating with it’s primary host %1
EventID=21020
Severity=Warning Message=The certificate used for mutual authentication is expiring on %1 GMT. If this certificate is not updated by this time, this Health Service will not be able to communicate with other Health Services
EventID=21021
Severity=Error Message=No certificate could be loaded or created. This Health Service will not be able to communicate with other health services. Look for previous events in the event log for more detail
EventID=21022
Severity=Error Message=No certificate was specified. This Health Service will not be able to communicate with other health services unless those health services are in a domain that has a trust relationship with this domain. If this health service needs to communicate with health services in untrusted domains, please configure a certificate
EventID=21023
Severity=Informational Message=OpsMgr has no configuration for management group %1 and is requesting new configuration from the Configuration Service
EventID=21024
Severity=Informational Message=OpsMgr’s configuration may be out-of-date for management group %1, and has requested updated configuration from the Configuration Service. The current(out-of-date) state cookie is “%2”
EventID=21025
Severity=Success Message=OpsMgr has received new configuration for management group %1 from the Configuration Service. The new state cookie is “%2”
EventID=21026
Severity=Success Message=OpsMgr has received confirmation for management group %1 from the Configuration Service that our existing configuration is up-to-date. The current state cookie is “%2”
EventID=21027
Severity=Error Message=OpsMgr has received configuration for management group %1 from the Configuration Service, but failed to process the configuration. Configuration will be re-requested The current state cookie is “%2” (State cookie may be empty if there is no active configuration)
EventID=21028
Severity=Error Message=Performance data from the OpsMgr connector could not be collected since required registry keys could not be read, the error code was “%1”.
EventID=21029
Severity=Error Message=Performance data from the OpsMgr connector could not be collected since opening the shared data failed with error “%1”.
EventID=21030
Severity=Error Message=OpsMgr connector performance counter writer initialization failed with error “%1”.
EventID=21031
Severity=Informational Message=OpsMgr succeeded to add socket server on port %1.
EventID=21032
Severity=Informational Message=A new Management Group %1 was added to the Microsoft Operations Manager Agent
EventID=21033
Severity=Informational Message=The Management Group %1 was removed from the Microsoft Operations Manager Agent
EventID=21034
Severity=Warning Message=The Management Group %1 has no configured parents and most monitoring tasks cannot be performed. This can happen if a management group in Active Directory does not have any server SCPs or if the agent does not have access to any server SCPs
EventID=21035
Severity=Warning Message=Registration of a SPN for this computer with the “%1” service class has failed with error “%2”. This may cause Kerberos authentication to or from this Health Service to fail
EventID=21036
Severity=Error Message=The certificate specified in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings cannot be used for authentication. The error is %1(%2)
EventID=21037
Severity=Warning Message=Operations Manager has received data for management group ‘%1’ from health service %2. This health service is attempting to send data from or about health service %3 but is not authorized to do so. The data has been discarded. This may indicate an attack on this health service, or it may be a result of configuration not being in sync across management servers Because this event may occur frequently, it will be suppressed for the next 5 minutes
EventID=21038
Severity=Warning Message=Operations Manager has received data for management group ‘%1’ from health service %2, which is reported as originally sent by health service %3 This health service is attempting to send data from or about health service %4 but is not authorized to do so. The data has been discarded. This may indicate an attack on this health service, or it may be a result of configuration not being in sync across management servers Because this event may occur frequently, it will be suppressed for the next 5 minutes
EventID=21039
Severity=Error Message=Operations Manager has received a ‘NULL Set’. NULL Sets are not supported in a distributed workflow and the data item has been dropped. Management Group: %1 Sending Health Service: %2 Originating Health Service: %3
EventID=21040
Severity=Error Message=Operations Manager was unable to process a configuration file for management group %1 due to an internal error. Configuration has been re-requested. A copy of the configuration file will be placed in %2
EventID=21041
Severity=Error Message=Operations Manager has received a bad configuration file for management group %1 which could not be parsed. Configuration has been re-requested. A copy of the bad configuration file will be placed in %2
EventID=21042
Severity=Informational Message=Operations Manager has discarded %1 items in management group %2, which came from %3. These items have been discarded because no valid route exists at this time. This can happen when new devices are added to the topology but the complete topology has not been distributed yet. The discarded items will be regenerated
EventID=21043
Severity=Warning Message=Unable to listen on TCP/IPv6 port %1. The error returned is %2(%3). This is typically caused by another application already listening on this port. OpsMgr will continue to acquire this port until it is available
EventID=21044
Severity=Error Message=The OpsMgr Connector cannot uncompress package, received from IP %1.
EventID=20044
Severity=Warning Message=The health service %1 running on host %2 and serving management group %3 with id %4 is not available because the OpsMgr Connector cannot log to the event log
EventID=20045
Severity=Success Message=The health service %1 running on host %2 and serving management group %3 with id %4 is still not healthy. However, the OpsMgr Connector is now able to log to the event log
EventID=20046 Severity=Success Message=The health service on %1 is attempting to communicate with a management group that does not exist on this server. The management group Id the agent is requesting is %2. Please verify that the management group specified on the agent and server is correct
EventID=20047
Severity=Success Message=The Health Service has re-routed or deleted items destined for %2 in management group %1 due to a topology change.%n Items deleted due to routes no longer valid : %4%n Items re-routed : %3
EventID=20048
Severity=Success Message=The Health Service has re-routed or deleted items destined for multiple destinations in management group %1 due to a topology change.%n Items deleted due to routes no longer valid : %3%n Items re-routed : %2
EventID=20049
Severity=Error Message=The specified certificate could not be loaded because the Key Usage specified does not meet OpsMgr requirements. The certificate must have the following usage types:%n%n Digital Signature%n Key Encipherment%n
EventID=20050
Severity=Error Message=The specified certificate could not be loaded because the Enhanced Key Usage specified does not meet OpsMgr requirements. The certificate must have the following usage types:%n%n Server Authentication (1.3.6.1.5.5.7.3.1)%n Client Authentication (1.3.6.1.5.5.7.3.2)%n
EventID=20051
Severity=Error Message=The specified certificate could not be loaded because the certificate is not currently valid. Verify that the system time is correct and re-issue the certificate if necessary%n Certificate Valid Start Time : %1%n Certificate Valid End Time : %2
EventID=20052
Severity=Error Message=The specified certificate could not be loaded because the Subject name on the certificate does not match the local computer name%n Certificate Subject Name : %1%n Computer Name : %2
EventID=20053
Severity=Success Message=The OpsMgr Connector has loaded the specified authentication certificate successfully
EventID=20054
Severity=Error Message=The specified certificate could not be loaded because an internal error occurred while attempting to load the certificate
EventID=20055
Severity=Error Message=Failed to load the root connector. Please ensure that %1 assembly is loadable
EventID=20056
Severity=Error Message=Failed to initialize the IPC channels for other processes to communicate. The HealthService might fail to start
EventID=20057
Severity=Error Message=Failed to initialize security context for target %1 The error returned is %2(%3). This error can apply to either the Kerberos or the SChannel package
EventID=20058
Severity=Warning Message=The Root Connector has received bad packets which have been dropped. It received %1 such packet(s) in the last five minutes
EventID=20059
Severity=Warning Message=The OpsMgr Connector has found a duplicate record for %1 in its configuration for management group %2. The duplicate record has been ignored
EventID=20060
Severity=Warning Message=Warnings occurred while processing configuration for management group %1. A backup of the configuration file with warnings has been placed in %2
EventID=20062
Severity=Informational Message=Active Directory Integration has been enabled for management group %1
EventID=20063
Severity=Informational Message=Active Directory Integration has been disabled for management group %1
EventID=20064 Severity=Informational Message=The OpsMgr Connector has found multiple primary relationships in Active Directory for management group %1. The primary relationship to %2 has been ignored and treated as a secondary relationship; %3 is the accepted primary. To address this issue, you can add an exclusion to the Active Directory assignment rule for the incorrect primary relationship
EventID=20065
Severity=Error Message=The OpsMgr Connector has found both an Agent and a Server Management Group with the name ‘%1’. The Server Management Group has been preferred. Until this issue is fixed, monitoring may be impacted
EventID=20066
Severity=Error Message=A Certificate for use with Mutual Authentication was specified, but that certificate could not be found. The ability for this Health Service to communicate will likely be impacted
EventID=20067
Severity=Error Message=A device at IP %1 attempted to connect but the certificate presented by the device was invalid. The connection from the device has been rejected. The failure code on the certificate was %2 (%3)
EventID=20068 Severity=Error Message=The certificate specified in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings cannot be used for authentication, because the certificate does not contain a usable private key, or the private key is not present. The error is %1(%2)
EventID=20069
Severity=Error Message=The specified certificate could not be loaded because the KeySpec must be AT_KEYEXCHANGE
EventID=20070
Severity=Error Message=The OpsMgr Connector connected to %1, but the connection was closed immediately after authentication occurred. The most likely cause of this error is that the agent is not authorized to communicate with the server, or the server has not received configuration. Check the event log on the server for the presence of 20000 events, indicating that agents which are not approved are attempting to connect
EventID=20071
Severity=Error Message=The OpsMgr Connector connected to %1, but the connection was closed immediately without authentication taking place. The most likely cause of this error is a failure to authenticate either this agent or the server . Check the event log on the server and on the agent for events which indicate a failure to authenticate
EventID=20072
Severity=Error Message=The remote certificate %1 was not trusted. The error is %2(%3)
EventID=20073
Severity=Error Message=The health service %1 running on host %2 and serving management group %3 with id %4 is not available because the OpsMgr Connector cannot parse configuration xml
EventID=20074
Severity=Success Message=The health service %1 running on host %2 and serving management group %3 with id %4 is still not healthy. However, the OpsMgr Connector is now able to parse configuration xml
EventID=20075
Severity=Error Message=The specified certificate could not be loaded because connector was unable to obtain subject or issuer name from certificate structure and converts it to a null-terminated character string.%n %nFollowing is an algorithm used to search for name:%n %nIf the certificate has a Subject Alternative Name extension for issuer, Issuer Alternative Name, search for first DNSName choice%nIf the DNSName choice is not found in the extension, search the Subject Name field for the CN OID, “2.5.4.3”%n %nIf the DNSName or CN OID is found, return the string. Otherwise, return an empty string
EventID=20076
Severity=Error Message=The connector was unable to obtain subject or issuer name from remote certificate structure and converts it to a null-terminated character string.%n %nFollowing is an algorithm used to search for name:%n %nIf the certificate has a Subject Alternative Name extension for issuer, Issuer Alternative Name, search for first DNSName choice%nIf the DNSName choice is not found in the extension, search the Subject Name field for the CN OID, “2.5.4.3”%n %nIf the DNSName or CN OID is found, return the string. Otherwise, return an empty string
EventID=20077
Severity=Error Message=The certificate specified in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings cannot be used for authentication, because the certificate cannot be queried for property information. The specific error is %2(%3).%n%n This typically means that no private key was included with the certificate. Please double-check to ensure the certificate contains a private key
EventID=20078
Severity=Warning Message=Operations Manager has received a connection from a system running an older version of Operations Manager at address %1. The version of the remote system is %2.%3. The remote system must be upgraded in order to connect to this system
Source : Part 1 : SCOM 2012 R2 HealthService Event Reference / MOMConnector
Cengiz KUSKAYA