MP Update: Windows Server 2016 MP version 10.0.21.0

 

Quick download:  https://www.microsoft.com/en-us/download/details.aspx?id=54303

This MP contains several updates and fixes, depending on what version you are currently running.

 

1. Time Sync Monitoring

The MP contains a relatively new monitor for Time Accuracy:

image

This monitor was very noisy in previous versions of this MP.  Changes made:  This now ships disabled out of the box.  If you want to accurately monitor for time synch on Windows Server 2016 and later, enable this monitor.

This monitor previously had a VERY strict threshold of 1ms.  The default threshold is now 60,000 milliseconds (60 seconds).  You should set this value to what would be actionable in your environment for time sync.

 

2. Event Collection Rules

This MP now disables ALL event collection rules out of the box.  In general, collecting events is a bad practice.  Many customers have been impacted by event storms, that fill the OpsDB and consume massive amounts of space filling their Data Warehouse, for almost zero value.  Now, all rules that only collect events (not alert on them) have been disabled out of the box.  (Hint: You should review previous Base OS MP’s for older OS versions and disable those rules as well).  If an event is important, it should generate an alert.  Otherwise, if it is not actionable, it becomes noise, bloat, or at worst: takes down your SCOM environment.

image

 

3. Port and Process Monitoring

There is a new MP bundled with the BaseOS MP for Port and Process monitoring.  These use a Management Pack Template Wizard to enable for specific Windows 2016 servers (only).   This will enable monitoring for ALL processes on that server, it will collect a large amount of data, will create new datasets in the Warehouse – so GREAT CARE should be given here.  You can overwhelm a DW very quickly with this MP if you just turn this on blindly.

In general, I recommend you test and experiment with this new style of Process monitoring in a lab environment, and not bring this specific MP (Microsoft.Windows.Server.2016.ProcessPortMonitoring.mpb) into your production environments unless you plan to enable and leverage this MP for the process monitoring that it does, after significant testing and space utilization analysis.  This MP is significantly different than previous MP’s in the the way it uses new datasets and displays the data in the console.

 

There are some other enhancements and fixes as well, documented in the MP guide…. such as new monitors and rules dealing with Cluster Disks, TCP Segments, and reports.