The support of MOM 2005 Service Pack 1 on Windows Server 2008-based computers is announced. The KB article publication was a little delayed in it's release (out of my control - sorry). The KB article discussing MOM 2005 SP1 Win2k8 support is released under 953140
The only MOM 2005 SP1 role supported on Window Server 2008 is the 32-bit Agent role.
Windows Server 2008, Standard x86 Edition
Windows Server 2008, Standard x64 Edition
Windows Server 2008, Enterprise x86 Edition
Windows Server 2008, Enterprise x64 Edition
Windows Server 2008, Datacenter x86 Edition
Windows Server 2008, Datacenter x64 Edition
Windows Server 2008, Standard x86 Edition, Core role installed
Windows Server 2008, Standard x64 Edition, Core role installed
Windows Server 2008, Enterprise x86 Edition, Core role installed
Windows Server 2008, Enterprise x64 Edition, Core role installed
Windows Server 2008, Datacenter x86 Edition, Core role installed
Windows Server 2008, Datacenter x64 Edition, Core role installed
Yes = Supported operating system. Setup does not prevent installation.
No = Setup prevents installation or upgrade.
There is one potential hotfix required if deploying an agent to a Windows Server 2008-based domain controller computer. Details can be found within http://support.microsoft.com/kb/919154 (The MOM service does not start and event 9014 is logged when you deploy a Microsoft Operations Manager 2005 agent to a domain controller that is running Windows Server 2008)
Issue 1: Event log Descriptions for collected Windows Server 2008 Security event logs (Source=Microsoft-Windows-Security-Auditing) for rules utilizing the Security event log provider return “Unable to find Security source Microsoft-Windows-Security-Auditing message [nnnn]” in the description.
Workaround 1: None. Event log Descriptions and any collected parameters are otherwise unaffected. Rules using the Security event log provider which may specifically use the ‘From Source’ with parameter Security criterion may need to be duplicated for Windows Server 2008-based computers or have the ‘From Source’ criterion removed to allow successful collection of security events.
Issue 2: A low privilege agent action account is unable to monitor Windows Server 2008-based event logs.
Workaround 2: In addition to the requirement specified for a low privilege action account discussed in the MOM 2005 Security Guide whitepaper, the following additional requirements must be met:
· The low privilege action account also needs to be a member of the ‘Event Log Readers’ local group on Windows Server 2008.
· The Network Service built-in account requires explicit Read privileges on the following registry key of Windows Server 2008-based computers running the MOM agent
o HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\Security
Issue 3: Internet Information Server (IIS) log collection does not work on Windows Server 2008-based servers running IIS using the Internet Information server Web server log MOM provider.
Workaround 3: None. W3C logs within IIS7 are in UNICODE format by default and log names preceded with u_ which the MOM Web server log provider is unable to read.