Group Policy Object (System and Application Logs)
This SAM application monitor template assesses the status and overall performance of a Windows Group Policy Object by checking Windows logs for critical events. The status of the application switches to Down if errors or warnings related with the Group Policy Object occurred within the last five minutes.
Prerequisites
WMI access to the target server.
Credentials
Windows Administrator on the target server.
Component monitors
All monitors should return zero values. Returned values other than zero indicate an abnormality. Examining the Windows system and application log files should provide information pertaining to the issue.
Failed Allocation
Returns the number of memory allocation fails.
Type of event: Error. Event ID: 1002.
DS Bind Failure
Returns the number of failed authentication attempts of the Active Directory.
Type of event: Error. Event ID: 1006.
Site Query Failure
Returns the number of failed attempts to query the Active Directory Site using the credentials of the user or computer.
Type of event: Error. Event ID: 1007.
GPO Query Failure
Returns the number of failed attempts to query Group Policy Objects.
Type of event: Error. Event ID: 1030.
Computer Role Failure
Returns the number of failed attempts to determine the role of the computer, (i.e.: workgroup, domain member, or domain controller).
Type of event: Error. Event ID: 1052.
User Name Resolution Failure
Returns the number of failed attempts to resolve a user name.
Type of event: Error. Event ID: 1053.
DC Resolution Failure
Returns the number of failed attempts to obtain the name of a domain controller.
Type of event: Error. Event ID: 1054.
Computer Name Resolution Failure
Returns the number of failed attempts to resolve a computer name.
Type of event: Error. Event ID: 1055.
Policy Read Failure
Returns the number of failed attempts to read the GPT.INI
of a Group Policy Object.
Type of event: Error. Event ID: 1058.
WMI Evaluation Failure
Returns the number of failed attempts to evaluate a WMI filter.
Type of event: Error. Event ID: 1065.
GPO Search Failure
Returns the number of failed attempts to obtain a list of Group Policy Objects.
Type of event: Error. Event ID: 1079.
OU Search Failure
Returns the number of failed attempts to search the Active Directory Organizational Unit hierarchy.
Type of event: Error. Event ID: 1080.
CSE Failure Warning
Returns the number of events when the Group Policy client side extension fails.
Type of event: Warning. Event ID: 1085.
Excessive GPO Failure
Returns the number of events for when the scope of Group Policy Objects, for a computer or user, exceeds 999.
Type of event: Error. Event ID: 1088.
RSOP Session Failure
Returns the number of events when a Resultant Set of Policy session fails.
Type of event: Warning. Event ID: 1089.
WMI Failure
Returns the number of events the Group Policy service encounters caused by errors with the WMI service.
Type of event: Warning. Event ID: 1090.
RSOP CSE Failure
Returns the number of events the Group Policy client side extension has due to failed attempts to record Resultant Set of Policy information.
Type of event: warning. Event ID: 1091.
RSOP Failure
Returns the number of errors that occur while recording Resultant Set of Policy information.
Type of event: warning. Event ID: 1095.
The Group Policy service logs this event when an error occurs while recording Resultant Set of Policy information.
Registry.pol Failure
Returns the number of failed attempts to read registry.pol
.
Type of event: Error. Event ID: 1096.
Computer Token Failure
Returns the number of failed attempts to read the computer's authentication token.
Type of event: Error. Event ID: 1097.
Object Not Found Failure
Returns the number of failed attempts to locate an Active Directory object.
Type of event: Error. Event ID: 1101.
WMI Filter Not Found Warning
Returns the number of failed attempts to locate an associated WMI filter.
Type of event: Warning. Event ID: 1104.
Cross Forest Discovery Failure
Returns the number of failed attempts to determine if the user and computer belong to the same forest.
Type of event: Error. Event ID: 1110.
CSE Synchronous Warning
Returns the number of events when a Group Policy client side extension requires synchronous policy processing to apply one or more policy settings.
Type of event: warning. Event ID: 1112.
Time Skew Failure
Returns the number of events that indicate the time on the local computer is not synchronized with the time on the domain controller.
Type of event: Error. Event ID: 1126.
DC Connectivity Failure
Returns the number of events when there is an absence of authenticated connectivity from the computer to the domain controller.
Type of event: error. Event ID: 1129.
Script Failure
Returns the number of failed attempts to run a script.
Type of event: Error. Event ID: 1130.