Documentation forServer & Application Monitor
Monitoring your applications and environment is a key capability of Hybrid Cloud Observability and is also available in a standalone module, Server & Application Monitor (SAM). Hybrid Cloud Observability and SAM are built on the self-hosted SolarWinds Platform.

Group Policy Object (System and Application Logs)

This SAM application monitor template assesses the status and overall performance of a Windows Group Policy Object by checking Windows logs for critical events. The status of the application switches to Down if errors or warnings related with the Group Policy Object occurred within the last five minutes.

Prerequisites

WMI access to the target server.

Credentials

Windows Administrator on the target server.

Component monitors

All monitors should return zero values. Returned values other than zero indicate an abnormality. Examining the Windows system and application log files should provide information pertaining to the issue.

Failed Allocation

Returns the number of memory allocation fails.

Type of event: Error. Event ID: 1002.

DS Bind Failure

Returns the number of failed authentication attempts of the Active Directory.

Type of event: Error. Event ID: 1006.

Site Query Failure

Returns the number of failed attempts to query the Active Directory Site using the credentials of the user or computer.

Type of event: Error. Event ID: 1007.

GPO Query Failure

Returns the number of failed attempts to query Group Policy Objects.

Type of event: Error. Event ID: 1030.

Computer Role Failure

Returns the number of failed attempts to determine the role of the computer, (i.e.: workgroup, domain member, or domain controller).

Type of event: Error. Event ID: 1052.

User Name Resolution Failure

Returns the number of failed attempts to resolve a user name.

Type of event: Error. Event ID: 1053.

DC Resolution Failure

Returns the number of failed attempts to obtain the name of a domain controller.

Type of event: Error. Event ID: 1054.

Computer Name Resolution Failure

Returns the number of failed attempts to resolve a computer name.

Type of event: Error. Event ID: 1055.

Policy Read Failure

Returns the number of failed attempts to read the GPT.INI of a Group Policy Object.

Type of event: Error. Event ID: 1058.

WMI Evaluation Failure

Returns the number of failed attempts to evaluate a WMI filter.

Type of event: Error. Event ID: 1065.

GPO Search Failure

Returns the number of failed attempts to obtain a list of Group Policy Objects.

Type of event: Error. Event ID: 1079.

OU Search Failure

Returns the number of failed attempts to search the Active Directory Organizational Unit hierarchy.

Type of event: Error. Event ID: 1080.

CSE Failure Warning

Returns the number of events when the Group Policy client side extension fails.

Type of event: Warning. Event ID: 1085.

Excessive GPO Failure

Returns the number of events for when the scope of Group Policy Objects, for a computer or user, exceeds 999.

Type of event: Error. Event ID: 1088.

RSOP Session Failure

Returns the number of events when a Resultant Set of Policy session fails.

Type of event: Warning. Event ID: 1089.

WMI Failure

Returns the number of events the Group Policy service encounters caused by errors with the WMI service.

Type of event: Warning. Event ID: 1090.

RSOP CSE Failure

Returns the number of events the Group Policy client side extension has due to failed attempts to record Resultant Set of Policy information.

Type of event: warning. Event ID: 1091.

RSOP Failure

Returns the number of errors that occur while recording Resultant Set of Policy information.

Type of event: warning. Event ID: 1095.

The Group Policy service logs this event when an error occurs while recording Resultant Set of Policy information.

Registry.pol Failure

Returns the number of failed attempts to read registry.pol.

Type of event: Error. Event ID: 1096.

Computer Token Failure

Returns the number of failed attempts to read the computer's authentication token.

Type of event: Error. Event ID: 1097.

Object Not Found Failure

Returns the number of failed attempts to locate an Active Directory object.

Type of event: Error. Event ID: 1101.

WMI Filter Not Found Warning

Returns the number of failed attempts to locate an associated WMI filter.

Type of event: Warning. Event ID: 1104.

Cross Forest Discovery Failure

Returns the number of failed attempts to determine if the user and computer belong to the same forest.

Type of event: Error. Event ID: 1110.

CSE Synchronous Warning

Returns the number of events when a Group Policy client side extension requires synchronous policy processing to apply one or more policy settings.

Type of event: warning. Event ID: 1112.

Time Skew Failure

Returns the number of events that indicate the time on the local computer is not synchronized with the time on the domain controller.

Type of event: Error. Event ID: 1126.

DC Connectivity Failure

Returns the number of events when there is an absence of authenticated connectivity from the computer to the domain controller.

Type of event: error. Event ID: 1129.

Script Failure

Returns the number of failed attempts to run a script.

Type of event: Error. Event ID: 1130.