Server email notifications

Sometimes it pays to take the line that “surely this must be possible already” – especially when it comes to Windows Server components that have evolved with each version of the operating system – in my case today with the humble Windows Event Log and Task Scheduler.

Problem

Automatically applied patches had triggered a FIM server reboot during the small hours of Wednesday last week, but the event had gone unnoticed … until questions were asked about user accounts that weren’t being provisioned.  On investigation I found that a dreaded “stopped-server” error had occurred shortly after the reboot for one of the run profile operations, and since this had occurred during what I had defined as a “re-baseline” process, it had halted all subsequent run profiles from being executed.  On re-mediating the problem, I figured something must be able to be done to automatically notify an admin of these types of events in the future.

The Solution

There were 3 parts to my solution, all of which were ridiculously easy to implement:

Custom event log view

From the Windows Event Viewer console, I clicked on Custom Views with the right mouse button and selected Create Custom View … and defined a filter by specifying the FIMSynchronizationService as the event source and the status as either ERROR or CRITICAL – then saved it with the name “FIM Synchronisation Errors”.

Image

Attach a task to the log view

Again, from the Windows Event Viewer console, I clicked on my new custom view with the right mouse button and selected Attach a Task To this Log …
Attach a task to an event log
Create a basic task

The name of the task was the name of my custom view, which made sense to me, and I entered a sensible description and clicked Next>:
Custom Event Filter

Nothing to do here, so I clicked Next> again:
Action

I selected “Send an e-mail” and clicked Next>:
Send an email

This was where I actually had to start to think … and where I realised the email text was going to be rather limited, but would suit my purposes.  There may well be ways to do token substitutions here, but I didn’t need to worry here so I didn’t.  Note that you will need to specify a suitable SMTP server name on your network (I just grabbed the one from my FIM Resource Management Server config).  I would also recommend specifying a distribution list as the target email address here rather than individual email addresses – makes for better manageability moving forward (no less than a FIM-managed d-list of course!).

I then clicked Next>:
Summary

Importantly, I selected the “Open the Properties dialog for this task when I click Finish” checkbox before clicking Finish:
Task Detail General

I changed the task to “Run whether user is logged on or not” but left my own identity as the context for now – in a Production environment this should be a service account (or maybe even a managed service account were this idea to be supported).

I clicked on the Settings tab:
Task Settings

… and turned on the “Run task as soon as possible …” checkbox.  I also reduced the default run time limit from 3 days to 2 hours!  I then clicked OK.

That was it – now all I had to do was test it, and suffice to say it worked first time (I just had to go hunting in my junk mail folder to find it!).

Create a basic email task on system start

This was an absolute doddle!  From the Windows Task Scheduler I selected “Create Task…”, entered a name “FIM Synchronisation Server Restarted” and suitable description, then clicked Next>:
Task Trigger

I selected “When the computer starts” and clicked Next> … you don’t need to see the rest, and this worked first time too.

So … sometimes you don’t need the proverbial “sledge hammer to crack a walnut” … often it just takes a bit of hunting around to see what you get “out of the box” on the latest Windows Server platform.

Advertisements

About bobbradley1967

Microsoft IAM MVP and Solutions Architect (MCTS, MCP) - FIM/ILM/MIIS Specialist, with 20 years SQL database ( OLAP) and MS.Net applications development/SI background, in particular on the SharePoint platform
This entry was posted in FIM (ForeFront Identity Manager) 2010 and tagged , . Bookmark the permalink.

3 Responses to Server email notifications

  1. Bob,
    I just discovered this functionality myself last week. Excellent post.

  2. Chris Clayton says:

    Nothing beats an external monitoring system to detect the loss of a service or server, but I have been using this feature of ’08 for some time to detect problems and notify via email with a few applications including ILM/FIM.

    My FIM cycle is controlled by a vbscript holdover from the ILM days, which sends hourly reports to give a sense of activity and also can send emails regarding MA run errors which lists the MA, profile and the short version of the error (completed-warnings, stopped-server, etc.). It’s nice to have that level of detail in the email, so when I get the notice that one of our locations has lost power and the home folder MA starts flipping out on every provisioning cycle (~5 min) I know I don’t have to be in a hurry to RDP in and check it out.

    I have often wished it was possible to include details from the event description in the email sent via the Task Scheduler when there was a problem, but the closest I have come to accomplishing that was to have it run a PowerShell script that itself looks back into the event log, runs a query and sends an email. If there are many errors recorded in rapid succession, I’d imagine the most recent error wouldn’t necessarily be the one that triggered that instance of the script and so I’ve never pursued that path very far.

    • I agree with your sentiment, Chris, about the need for detail in the email making the PowerShell script alternative attractive, and I also note what you’re saying about the repeated error occurrence. In the absence of a “proper” external monitoring system, I too am debating the merits of extending this too far, but as a “poor man’s notification mechanism” it’s not a bad start.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s