Issues related to Microsoft Windows operating system monitoring
The section provides information about how to troubleshoot operating system monitoring related issues.
Issue | Resolution |
|---|---|
In the PATROL console, the Processes or Job Objects containers are offline, do not display any instances, are not discovered, or do not collect data. The _CollectionStatus parameter displays a message stating that a performance object is not loaded or enabled. In addition, if service executables are being monitored, the instances for those service executables are not displayed. If the Microsoft Performance counter collector perfproc.dll is disabled, enable perfproc.dll and restart the PATROL Agent. If the PATROL Agent default account cannot read the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009 registry key, grant read access for this registry key to the PATROL Agent default account. | |
PATROL generates these events during normal data collection if success auditing is enabled for object access. To prevent PATROL from generating these events, you can turn off success auditing for object access. This setting determines whether to audit user access to an object.An object could be a file, folder, registry key, printer, or other system object. For more information, see Microsoft KB article 149401. | |
Event filter parameters are not automatically acknowledged even though the event filter is configured to do so, as specified on the Event Handling tab of the Configure Windows Event Monitoring window. This behavior occurs for the following parameters:
These parameters cannot be automatically acknowledged.Clear the option to notify PATROL immediately when an event that matches the filter occurs. You cannot use the auto-acknowledge feature if the event filter is configured to notify immediately. For more information about this setting, see Configuring Windows events monitoring. | |
Protocols that are installed on the server are not discovered by PATROL even though counters for the protocols are displayed in Microsoft Performance Monitor. The PATROL Agent does not detect the new performance objects. Restart the PATROL Agent or refresh the performance counters. | |
Each Windows event log application contains an instance named Summary that cannot be removed. You need to change configuration variable setting.To permanently remove Summary instances from the event log applications, set the value of the agent configuration variable OverrideSummaryAutoCreate to 1. For more information, see OverrideSummaryAutoCreate. Alternatively, you can also permanently remove the Summary instance by following these steps:
| |
The BMC PATROL Agent default account credentials are stored in the /AgentSetup/defaultAccount agent pconfig variable. Set the BMC PATROL default account so that the /AgentSetup/defaultAccount agent pconfig variable is not blank. Alternatively, you can also set the account for event log by adding the /AgentSetup/NT_EVENTLOG.OSdefaultAccount pconfig variable, and setting the username and password required for the event log KM in the pconfig variable. | |
Processes with names that contain the same string are all selected when you select any one of those processes. For example, if you select the ABC process, 123ABCxyz, ABC2, 2ABC, and any other process with a name that contains ABC are also selected. If you want the KM to add all the processes for monitoring, for which you have the name of the process selected, select the Process(es) using a regular expression for monitoring check box.If you do not select this check box, the KM only adds the process instances for monitoring. | |
The PATROL Agent default account must be in the local or domain Admins group. If the mount drive has security restriction, you must provide an explicit access right to the Agent account for monitoring. |