Kevin Holman's System Center Blog

Posts in this blog are provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified in the Terms of UseAre you interested in having a dedicated engineer that will be your Mic

DNS MP – Noisy resolution time alerts, and how to deal with them

DNS MP – Noisy resolution time alerts, and how to deal with them

  • Comments 20
  • Likes

This is a problem in the 6.0.6480.0 version of the DNS MP.

You will likely see a lot of DNS Resolution Time alerts popping into your console – then disappearing.

This is because these alerts are generated by a monitor, which is frequently changing state.  These alerts get auto-resolved when the monitor flips back to healthy status, by design. 

The root cause of the problem, if often that the server is busy when we run our script to check the local DNS resolution response… and the default threshold is set to 1 second.





Even in some of the best DNS environments, with good hardware… we will find DNS servers on Domain Controllers can get busy… and this is compounded by SCOM running multiple scripts at the same time – from the ADMP and DNS MP… sometimes we cannot return results in less than 1 second.


The best thing to do – is to chart out your current environment, using the provided performance views in the MP…. and adjust this moniotr for your servers:


What I can see – is that my Server 2003 DC/DNS server, with only 1 zone, but running on a PIII 933 mhz CPU, with 512mb of RAM…. is taking a baseline of 2-3 seconds.  I will override this monitor for this SERVER, or for ALL 2003 DNS servers… to be 5 seconds. 




Granted – our expectation is that our DNS servers can respond to a DNS query faster than 5 seconds – but this number is relative… due to how OpsMgr is collecting it.  So the goal here, is to look at what is normal when the server is functioning well, establish that as our baseline, and set the threshold just above it.


Now – my Server 2008 DC/DNS server, which has 1GB of ram, and is a VM on very fast disk, and has a better CPU available, has a baseline of .2 seconds… so I will leave this monitor alone, since it is obviously not changing state so frequently.




When a real problem arises, load increases, or DNS is performaing poorly, we will be alerted – because we will breach our *baseline*.

  • Very true, unfortunately the monitor uses only a single sample, so spike's will throw the alert only to be cleared on the next sample 15 minutes later.

    Unfortunately since the data is from a script it isn't practical to do this over a number of samples.  The false alerts are so high on this monitor on some machines that we simply turned it off.

  • Then I would simply follow the logic here... if spikes are that frequent - I would create a baseline off the spikes.

    In the customer environments I have worked in... we were always able to tune this monitor using the method outlined about.  The only rare cases were older DC's that were having trouble with memory pressure.

  • I'm having trouble seeing the value in this monitor being rolled up as Availability since it does not indicate availability at all but moreso performance.  

    It would probably be better to have this as an alert generating rule so you can specify consecutive occurrences for suppression.


  • I'm getting alot of alerts on one of my DNS servers that is running Windows Server 2008 R2.  It is a DNS Resolution Time alert.  When I look at the event view, I see alot of erros with the description "DNS Server Resolution Check: The DNS service is not running.  Monitoring script cannot continue."  But when I log on to the server and look at the services, the DNS Server service is started and running.  Any idea if this is an error?

  • The current DNS MP does not support 2008 R2.

    There is supposed to be an updated MP in the works - but I dont know anything about release timing.

  • Has anyone run into an increase in DNS resolution time after virtualizing a server?

  • We have, our physical server is fine and doesnt generate DNS resolution alerts. However we get them from our VM's

  • Same here, physical servers don't generate this alert but virtual ones do.

  • Good posting, I appreciate it.  We enabled this and got a bunch.  This posting was a good quick explanation.

  • Thanks for posting these tips; it helped me solve this problem for a few servers.

  • Yep, thanks from me too, adjusted both 2003 and 2008 response times to 10 secs and all good :-)

  • Greetings,

    I know this article is quite old but I see recent comments on it so I permit myself to do so :)

    I have created an override for the *critical* state of this monitor just like you suggested and everything works fine;

    However I have an issue with the *warning* state of this monitor :

    On the Knowledge tab of the health explorer I see this:

    Green:Worst Time less than Threshold and Success Count greater than 0 and Failure Count=0

    Yellow:Failure Count greater than 0 and Success Count greater than 0

    Red:Best Time >Threshold or Success Count=0

    so my warning state (Yellow) is when I have some failure and , indeed, I have a failure count of 1.

    In our environment, having such failure is not a problem at all and can happen quite frequently. I would like to override this value to 3 or 5 but I do not find where I can do that. In the Override Properties window I have lots of settings, but nothing seeming to be related with the failure count.

    Any idea how I can do that ?  

  • Hi

    We see the same issue as Bix. Zeros in all categories. Any ideas?

  • Hello*,  when will there be a new release of DNS-MP that is suited for Windows 2008 R2?

  • Yes - the new DNS MP for Server 2008 R2 should be shipping very soon.  There are not many changes in it, as DNS has not changed much functionally from 2008 to 2008R2.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
Search Blogs