Microsoft IT Health Scanner Released!


Microsoft Essential Business Server team is excited to announce the release of Microsoft IT Environment Health Scanner, the new diagnostic tool designed for administrators of small or medium-sized networks who want to assess the overall health of their network infrastructure.  When run from a computer with the proper network access, the tool takes a few minutes to scan your IT environment, perform more than 100 separate checks, and collect and analyze information about the following:  


ü   Configuration of sites and subnets in Active Directory


ü   Replication of Active Directory, the file system, and SYSVOL shared folders


ü   Name resolution by the Domain Name System (DNS)


ü   Configuration of the network adapters of all domain controllers, DNS servers, and e-mail servers running Microsoft Exchange Server


ü   Health of the domain controllers


ü   Configuration of the Network Time Protocol (NTP) for all domain controllers


 


This tool is based on the well-known EBS Preparation Wizard, which the EBS team has originally built for customers who were deploying Essential Business Server 2008 (see more on Preparation Wizard here).   Very soon, however, the team noticed that Preparation Wizard was widely used, not just by customers who were deploying EBS, but anyone with Active Directory in their network who wanted to verify the health of their environment.  That should have come as no surprise – after all, Preparation Wizard ran over 100 different checks which were based on most common issues resolved by Microsoft Customer Support Services over the past 10 years!   


 


Building on the success of the Preparation Wizard, the team is now introducing the Microsoft IT Environment Health Scanner.  Just like its predecessor, Microsoft IT Environment Health Scanner scans your network, identifies various networking and provides links to knowledge based articles that explain how to correct these issues.  The one main difference is that the new tool is completely EBS-agnostic.  That is, if in order to run Preparation Wizard, the administrator had to answer several questions specific to EBS deployment.  Microsoft IT Environment Health Scanner, on the other hand, requires no prior EBS knowledge to run.  And of course, this new tool is completely free!


 


Go give it a try!


http://go.microsoft.com/fwlink/?LinkID=155170


Thanks!


Julia Kuzminova
EBS Program Manager

Comments (31)

  1. s.sullivan1 says:

    Claire,

    Yes, please feel free to send us the logs.

  2. s.sullivan1 says:

    If you are having an issue, please send us your logs with a brief explanation, so that we can see what is going on please 🙂 Email them to tjuliak@msn.com

  3. WTF Chuck says:

    Another crasher here…logs sent to the posted email

  4. s.sullivan1 says:

    Do you have the latest SP on the Win 2000 box?  Also, Win 2000 requires DNS WMI provider installed – see http://msdn.microsoft.com/en-us/library/ms682138(VS.85).aspx .

  5. Anonymous says:

    I am having problems running this in our environment.  We are a pure Windows 2003, Native, Active Directory, with Cisco routers, firewalls and switches.  The software installs just fine but when i run it, I put the IP address and Subnet of our main Cisco firewall, and the subnet mask it has, and then i add our other IP ranges, but when i say scan it looks like it is trying to collect data but i get the following message:

    The specified domain controller doesn’t appear in ServerTable: SERVERNAME (the name of one of my DCs)

    and then it skips the rest of the tests.  I have tried running this from a local workstation, from a member server, and from one of our DCs, but i get the same type of message (the DC listed usually changes) but the results are always the same.  I really would love to get some results.

    Please help if possible

    thanks

    app

    aaron.perrault@i365.com

  6. s.sullivan1 says:

    The reason for this failure ("Error: The value of the serverReferenceBL attribute for ,<servername> was not set.") is that the tool is detecting the server as a bad DC (that is, that test server was probably once a DC, but was not properly dcpromo-ed down).

    If the server is not a DC anymore, clean it up from AD using the instructions here:

    http://support.microsoft.com/kb/216498

  7. Anonymous says:

    Hi!

    Great tool!

    I also get the error :

    "The specified domain controller doesn’t appear in ServerTable: SERVERNAME"

    I have verified that the server is a DC and I ran DCDIAG /V on the server and it passes the tests.

    How do I find the configuration in AD that causes the error in Microsoft IT Healtcheck?

    Thanks!

  8. s.sullivan1 says:

    fbroussey –

    Most likely you have some old left-over objects in AD (in the list of computers) that are confusing the tool (the tool sees them in teh AD but cannot contact these servers).

    To clean up the AD follow:

    http://support.microsoft.com/kb/216498

    Then re-run the tool

  9. lukasbeeler says:

    Just tried it. It crashes a few moments after starting the scan.

    Could it have something to do with our DCs running WS08 Core?

  10. s.sullivan1 says:

    Paul,

    Can you please make sure you entered the correct internal IP address of your main firewall on the Firewall IP page (note: it may or may not be the same as the gateway)?  If so, and you are still having issues, please email us your logs!

  11. Anonymous says:

    They are always active domain controllers in our environment.  I have sent a zip of the two logs to the address requested.

    thanks for the help

    app

  12. s.sullivan1 says:

    Juan,

    Most likely, your firewall is blocking access to WMI.  Are you running the Health Scanner in an EBS environment (or any environment with TMG/ISA)?  

    If yes, we have to be able to query WMI on the TMG server from the workstation or server you are running the wizards on.  If you can sacrifice taking the entire network offline while the wizard runs (this won’t work if you have remote sites), running "net stop fweng /y" from the TMG server will allow the tool to run.

    The more complete way to do this is to temporarily open up TMG to allow the wizard to run:

    1.  Create a bi-directional allow-all access rule between the two machines:

    Name:  Allow all

    Protocols:  All outbound traffic

    From:  local host; machine running wizards

    To:  local host; machine running wizards

    Users:  All users

    Right-click on the rule, choose "Configure RPC Protocol", and de-select "Enforce strict RPC compliance"

    2.  Edit the ‘RPC (all interfaces)’ protocol in toolbox and deselect the RPC filter.

    3.  Right-click on Firewall Policy, Choose ‘edit system policy …’, and choose ‘Active Directory’.   De-select "Enforce strict RPC compliance"

    Click apply and ok to save the settings, and refresh MonitoringConfiguration until it shows ‘Server configuration matches the Configuration Storage server configuration’

  13. s.sullivan1 says:

    Aaron,

    Is SERVERNAME still a DC in your environment?  Generally, the tool gives that error for the servers it finds in AD that used to be DCs, but were not  demoted corretly/successfully (hence, data is left in AD that needs to be removed).

    Can you please send us your logs (zip Data and Logs folders under %systemdrive%Microsoft IT Environment Health ScannerWizard)?

  14. EBS Team says:

    Can you please send us zipped Data and Logs folders (under %systemdrive%Microsoft IT Environment Health ScannerWizard) so that we can investigate the crash?  

  15. Paul Dougherty says:

    Looks like the network adapter gateway testing is confused.  It tells us we need more than one value on a given nic and points to the subnet address x.x.x.0/24 rather than our true gateway.

  16. Ilya Dagenais says:

    Error’s out after a few minutes and all scan’s are skipped with the error: "Error: The value of the serverReferenceBL attribute for ,<servername> was not set."

    I got this same error with EBS prep tool.  The server it errors on is not even a DC…just a test server.  How do I either correct what it is looking for or get passed it??  Thx

  17. Claire H says:

    I, also, am having issues with the scanner crashing after a few minutes.  Would you like me to send you our logs as well?

  18. Juan Pablo Vargas says:

    I have problems runing this tool in my network, The problems are related to conectivity issues with the security server.

    The XXXXXXX server could not be accessed using WMI. Actions that you can perform to resolve this issue might include stopping the firewall before you run the wizard, ensuring that the server is available, installing WMI provider on a Windows 2000 server, enabling WMI access on the server, or removing the server object from Active Directory Sites and Services if the server has been decommissioned.

  19. Aaron Perrault says:

    I am having problems running this in our environment.  We are a pure Windows 2003, Native, Active Directory, with Cisco routers, firewalls and switches.  The software installs just fine but when i run it, I put the IP address and Subnet of our main Cisco firewall, and the subnet mask it has, and then i add our other IP ranges, but when i say scan it looks like it is trying to collect data but i get the following message:

    The specified domain controller doesn’t appear in ServerTable: SERVERNAME (the name of one of my DCs)

    and then it skips the rest of the tests.  I have tried running this from a local workstation, from a member server, and from one of our DCs, but i get the same type of message (the DC listed usually changes) but the results are always the same.  I really would love to get some results.

    Please help if possible

    thanks

    app

    aaron.perrault@i365.com

  20. karen says:

    Just installed Microsoft IT Environment Health Scanner onto a member server. 2003 SP2.

    Data Collection Errors:

    Server information –  a list of servers could not be collected from AD DS. Ensure that your netowkr is functioning correctly and that this computer can access AD DS.

  21. fbroussey says:

    Hi,

    I got the following behaviour (win 2003 domain). When i launch the scan , it stop with the error message :

    "A list of servers could not be collected from Active Directory Domain Services (AD DS). Ensure that your network is functioning correctly and that this computer can access AD DS."

    But i dont know what it means and how to check that the coputer can access AD DS.

    Thanks for your answer.

  22. Ilya Dagenais says:

    Ok, got past the DC error (thanks for the advice on manually cleaning the DC info out of AD), then I got a WMI error on one of the Win2000 servers…corrected that.  Now I get an "DNS Query Access Failed" on the same win2000 sever that had the WMI issue.

    Any advice?  Same thing, scanner skips all other tests.

    Thanks

  23. Ilya Dagenais says:

    OK, completed the steps to adding the DNS WMI provider on win2000.  Still same error.  The server that is erroring isn’t even a DNS server…it’s a simple terminal server.

  24. Ross Ellicott says:

    I also get the error :

    "The specified domain controller doesn’t appear in ServerTable: SERVERNAME"

    I have verified that the server is a DC and I ran DCDIAG /V on the server and it passes the tests.

    How do I find the configuration in AD that causes the error in Microsoft IT Healtcheck?

    Interestingly, the offending server errors out when running the health check. (WEBS.BPA.Console.Exe has stopped working).

    Please advise.

    Ross.

  25. bill says:

    Cannot get the tool to run due to WMI Error. Running the tool on Win 2003 SBS R2 SP2 with ISA 2004. Workarounds?

    The XXXXXXX server could not be accessed using WMI. Actions that you can perform to resolve this issue might include stopping the firewall before you run the wizard, ensuring that the server is available, installing WMI provider on a Windows 2000 server, enabling WMI access on the server, or removing the server object from Active Directory Sites and Services if the server has been decommissioned.

  26. james says:

    I also get the error :

    "The specified domain controller doesn’t appear in ServerTable: SERVERNAME"

  27. james says:

    BTW, I can’t send our logs due to confidentiality. What should I look for? What does the message mean?

  28. wazza says:

    Did anyone manage to find a solution to the following. I get it each time I launch the scan and it errors on the Data collection, server information with the error message :

    "A list of servers could not be collected from Active Directory Domain Services (AD DS). Ensure that your network is functioning correctly and that this computer can access AD DS."

    I haven’t been able to find out how to get around this or correct it.

  29. Travis says:

    I receive the following error when running this tool against my 2008-R2 functional domain/forest: "The functional level of the domain is not valid."

    Is there an ETA on the next version of this tool that will run against a 2008-R2 functional domain?

  30. Cristian V. says:

    I got the error,

    A list of servers could not be collected from Active Directory Domain Services (AD DS). Ensure that your network is functioning correctly and that this computer can access AD DS.

    But the ip address of our firewall is correct, i veirifed with ntdsutil and only the available domian controlers are listed.

    Tried dcdiag and all test passed.I  will send you the logs.

  31. Stephen Suley says:

    Each time I run the scan in my 2 server, Domain Server 2008 functionality level enviroment. I get all kinds of errors, I have no firewalls enabled on any servers. Can you give me an idea why I can’t seem to scan and of the items listed?

    Data collection errors Errors: 1

    PrereqInfo

    Error: Connectivity did not occur during the prerequisite validation phase. Refer to sections of the analysis report for details.

    Network Connectivity  Errors: 2, Skipped: 1

    Server names resolve correctly

    Completed

    Active Directory is connected to all domain controllers

    Completed

    Remote WMI access is enabled on servers

    Error: The fpsmail.fossil ( this is a linux POP email server) server could not be accessed using WMI. Actions that you can perform to resolve this issue might include stopping the firewall before you run the wizard, ensuring that the server is available, installing WMI provider on a Windows 2000 server, enabling WMI access on the server, or removing the server object from Active Directory Sites and Services if the server has been decommissioned.

    See also: KB 875605, KB 216364, KB 682138

    Servers can be queried using DNS

    Completed

    Time service is running on all domain controllers

    Completed

    Exchange service is installed

    Error: The Exchange service cannot be contacted on the fpsmail.fossil server.

    DSAccess is configured correctly

    Skipped: Check was skipped due to data collection errors

    Netlogon service is running on all domain controllers

    Completed

    Active Directory Site Configuration  Skipped: 11

    Inter-site topology generation is enabled for the Knowledge Consistency Checker

    Skipped: Check was skipped due to data collection errors

    Intra-site topology generation is enabled for the Knowledge Consistency Checker

    Skipped: Check was skipped due to data collection errors

    Local Active Directory site contains only local subnets

    Skipped: Check was skipped due to data collection errors

    Universal group membership is cached

    Skipped: Check was skipped due to data collection errors

    Domain controllers are holding roles