| Author |
Message |
Christopher Yorke
Guest
|
 Posted:
Wed Jan 19, 2005 3:04 am Post subject:
Unable to execute response... |
|
|
I am receiving Event 21221 in my application log on my MOM server about 4
times per minute! It states "The response processor was unable to locate
the definition of a processing rule, and was therefore unable to execute
responses on an event or alert". It then specifies the Rule id Item id.
How can I determine which rule / alert is the culprit? I tried using the
"Find Rules" wizard, but apparently you cannot search for rules by their
ID's.
The rule and item ID's are:
Item id: {82CEBFEA-647D-435F-B466-29326598C375}
Rule id: {CCEDD3AA-C6E3-11D3-881C-0090270D4908}
I don't know if this is related, but I had tried a management pack from
JalaSoft to monitor my Cisco devices and recently removed it. I cannot
delete the providers ("There are Rules associated with the provider"). I
removed all of the rules and alerts with the same results. When I try to
delete the entire management pack, it says that it cannot delete the rules
as they are associated with alerts (even after I have resolved all open
alerts).
I know there is a lot of info there, just trying to provide as much
pertinent info as possible. Any thoughts or suggestions would be
appreciated!
Thanks
Chris |
|
| Back to top |
|
 |
Murugesan Vivekananthan [
Guest
|
| Posted:
Wed Jan 19, 2005 4:53 am Post subject:
Re: Unable to execute response... |
|
|
Hi Chris:
Unfortunately you cannot locate the Rule using the GUID in the UI. We'll
make sure that this gets fixed in the next release.
To locate the Rule by Guid, use the following query in the SQL Query
Analyzer [on OnePoint Database]
select * from processrule where idProcessRule =
'CCEDD3AA-C6E3-11D3-881C-0090270D4908'
Regarding Deleting Providers:
Providers cannot be deleted if the rules associated with them are not
deleted permanently.
In Authoring Mode, we define RuleGroup ownership options. this is set to
"Export as a customer created/modified rule" by default. When the rule is
set to this type, the user can't delete a rule permanently. To delete a rule
permanently the user should select the following option "Export as a vendor
produced rule.... " [Any one of the option related to vendor is fine]
Steps:
1. Right Click on "Rule Groups" and select "Enable Authoring Mode" if you
are not in authoring mode.
2. View the properties of the Rule to delete
3. Select "Advanced" TAB
4. In the rule ownership options select any one of the "Export as a vendor
produced rule"
5. Click OK
6. Delete the rule and select "Remove rule from the database" option
NOW, you can delete the provider
--
---------------------------------------------------------
Murugesan Vivekananthan [MSFT]
MOM Test Team
This posting is provided "AS IS" with no warranties, and confers no rights.
---------------------------------------------------------
"Christopher Yorke" <Chris@mch.com> wrote in message
news:erRqCFa$EHA.2032@tk2msftngp13.phx.gbl...
| Quote: | I am receiving Event 21221 in my application log on my MOM server about 4
times per minute! It states "The response processor was unable to locate
the definition of a processing rule, and was therefore unable to execute
responses on an event or alert". It then specifies the Rule id Item id. How
can I determine which rule / alert is the culprit? I tried using the "Find
Rules" wizard, but apparently you cannot search for rules by their ID's.
The rule and item ID's are:
Item id: {82CEBFEA-647D-435F-B466-29326598C375}
Rule id: {CCEDD3AA-C6E3-11D3-881C-0090270D4908}
I don't know if this is related, but I had tried a management pack from
JalaSoft to monitor my Cisco devices and recently removed it. I cannot
delete the providers ("There are Rules associated with the provider"). I
removed all of the rules and alerts with the same results. When I try to
delete the entire management pack, it says that it cannot delete the rules
as they are associated with alerts (even after I have resolved all open
alerts).
I know there is a lot of info there, just trying to provide as much
pertinent info as possible. Any thoughts or suggestions would be
appreciated!
Thanks
Chris
|
|
|
| Back to top |
|
|
JesseH
Guest
|
| Posted:
Wed Jan 19, 2005 5:07 am Post subject:
Re: Unable to execute response... |
|
|
This should probably be a knowledge article on the MS website...
"Murugesan Vivekananthan [MSFT]" <vivekm@online.microsoft.com> wrote in
message news:e$lwTCb$EHA.2580@TK2MSFTNGP15.phx.gbl...
| Quote: | Hi Chris:
Unfortunately you cannot locate the Rule using the GUID in the UI. We'll
make sure that this gets fixed in the next release.
To locate the Rule by Guid, use the following query in the SQL Query
Analyzer [on OnePoint Database]
select * from processrule where idProcessRule =
'CCEDD3AA-C6E3-11D3-881C-0090270D4908'
Regarding Deleting Providers:
Providers cannot be deleted if the rules associated with them are not
deleted permanently.
In Authoring Mode, we define RuleGroup ownership options. this is set to
"Export as a customer created/modified rule" by default. When the rule is
set to this type, the user can't delete a rule permanently. To delete a
rule
permanently the user should select the following option "Export as a
vendor
produced rule.... " [Any one of the option related to vendor is fine]
Steps:
1. Right Click on "Rule Groups" and select "Enable Authoring Mode" if you
are not in authoring mode.
2. View the properties of the Rule to delete
3. Select "Advanced" TAB
4. In the rule ownership options select any one of the "Export as a vendor
produced rule"
5. Click OK
6. Delete the rule and select "Remove rule from the database" option
NOW, you can delete the provider
--
---------------------------------------------------------
Murugesan Vivekananthan [MSFT]
MOM Test Team
This posting is provided "AS IS" with no warranties, and confers no
rights.
---------------------------------------------------------
"Christopher Yorke" <Chris@mch.com> wrote in message
news:erRqCFa$EHA.2032@tk2msftngp13.phx.gbl...
I am receiving Event 21221 in my application log on my MOM server about 4
times per minute! It states "The response processor was unable to locate
the definition of a processing rule, and was therefore unable to execute
responses on an event or alert". It then specifies the Rule id Item id.
How
can I determine which rule / alert is the culprit? I tried using the
"Find
Rules" wizard, but apparently you cannot search for rules by their ID's.
The rule and item ID's are:
Item id: {82CEBFEA-647D-435F-B466-29326598C375}
Rule id: {CCEDD3AA-C6E3-11D3-881C-0090270D4908}
I don't know if this is related, but I had tried a management pack from
JalaSoft to monitor my Cisco devices and recently removed it. I cannot
delete the providers ("There are Rules associated with the provider"). I
removed all of the rules and alerts with the same results. When I try
to
delete the entire management pack, it says that it cannot delete the
rules
as they are associated with alerts (even after I have resolved all open
alerts).
I know there is a lot of info there, just trying to provide as much
pertinent info as possible. Any thoughts or suggestions would be
appreciated!
Thanks
Chris
|
|
|
| Back to top |
|
|
Christopher Yorke
Guest
|
| Posted:
Thu Jan 20, 2005 1:32 am Post subject:
Re: Unable to execute response... |
|
|
Thanks for the help! I was able to locate the "offensive" rule and fix it.
I was also able to remove (most) of the Providers and Rules for the obsolete
management pack. Some of the Rules still state that there are open alerts,
and cannot be delete, but I will conquer those!
Thanks for your assistance.
-Chris
"Murugesan Vivekananthan [MSFT]" <vivekm@online.microsoft.com> wrote in
message news:e$lwTCb$EHA.2580@TK2MSFTNGP15.phx.gbl...
| Quote: | Hi Chris:
Unfortunately you cannot locate the Rule using the GUID in the UI. We'll
make sure that this gets fixed in the next release.
To locate the Rule by Guid, use the following query in the SQL Query
Analyzer [on OnePoint Database]
select * from processrule where idProcessRule =
'CCEDD3AA-C6E3-11D3-881C-0090270D4908'
Regarding Deleting Providers:
Providers cannot be deleted if the rules associated with them are not
deleted permanently.
In Authoring Mode, we define RuleGroup ownership options. this is set to
"Export as a customer created/modified rule" by default. When the rule is
set to this type, the user can't delete a rule permanently. To delete a
rule permanently the user should select the following option "Export as a
vendor produced rule.... " [Any one of the option related to vendor is
fine]
Steps:
1. Right Click on "Rule Groups" and select "Enable Authoring Mode" if you
are not in authoring mode.
2. View the properties of the Rule to delete
3. Select "Advanced" TAB
4. In the rule ownership options select any one of the "Export as a vendor
produced rule"
5. Click OK
6. Delete the rule and select "Remove rule from the database" option
NOW, you can delete the provider
--
---------------------------------------------------------
Murugesan Vivekananthan [MSFT]
MOM Test Team
This posting is provided "AS IS" with no warranties, and confers no
rights.
---------------------------------------------------------
"Christopher Yorke" <Chris@mch.com> wrote in message
news:erRqCFa$EHA.2032@tk2msftngp13.phx.gbl...
I am receiving Event 21221 in my application log on my MOM server about 4
times per minute! It states "The response processor was unable to locate
the definition of a processing rule, and was therefore unable to execute
responses on an event or alert". It then specifies the Rule id Item id.
How can I determine which rule / alert is the culprit? I tried using the
"Find Rules" wizard, but apparently you cannot search for rules by their
ID's.
The rule and item ID's are:
Item id: {82CEBFEA-647D-435F-B466-29326598C375}
Rule id: {CCEDD3AA-C6E3-11D3-881C-0090270D4908}
I don't know if this is related, but I had tried a management pack from
JalaSoft to monitor my Cisco devices and recently removed it. I cannot
delete the providers ("There are Rules associated with the provider"). I
removed all of the rules and alerts with the same results. When I try to
delete the entire management pack, it says that it cannot delete the
rules as they are associated with alerts (even after I have resolved all
open alerts).
I know there is a lot of info there, just trying to provide as much
pertinent info as possible. Any thoughts or suggestions would be
appreciated!
Thanks
Chris
|
|
|
| Back to top |
|
|
Yann Gainche
Guest
|
| Posted:
Thu Jan 20, 2005 2:28 am Post subject:
Re: Unable to execute response... |
|
|
Disable the Management Pack and wait for the grooming jobs to delete the
open alerts. Then you will be able to completly remove the Management Pack.
--
YANN GAINCHE
Technical Account Manager
MCT - MCSE2003:Security
Transcript: http://www.microsoft.com/learning/mcp/transcripts (ID: 672181
Access code: tscript2004)
"Christopher Yorke" <Chris@mch.com> a écrit dans le message de news:
uJ6Pq2l$EHA.1524@TK2MSFTNGP09.phx.gbl...
| Quote: | Thanks for the help! I was able to locate the "offensive" rule and fix
it. I was also able to remove (most) of the Providers and Rules for the
obsolete management pack. Some of the Rules still state that there are
open alerts, and cannot be delete, but I will conquer those!
Thanks for your assistance.
-Chris
"Murugesan Vivekananthan [MSFT]" <vivekm@online.microsoft.com> wrote in
message news:e$lwTCb$EHA.2580@TK2MSFTNGP15.phx.gbl...
Hi Chris:
Unfortunately you cannot locate the Rule using the GUID in the UI. We'll
make sure that this gets fixed in the next release.
To locate the Rule by Guid, use the following query in the SQL Query
Analyzer [on OnePoint Database]
select * from processrule where idProcessRule =
'CCEDD3AA-C6E3-11D3-881C-0090270D4908'
Regarding Deleting Providers:
Providers cannot be deleted if the rules associated with them are not
deleted permanently.
In Authoring Mode, we define RuleGroup ownership options. this is set to
"Export as a customer created/modified rule" by default. When the rule is
set to this type, the user can't delete a rule permanently. To delete a
rule permanently the user should select the following option "Export as a
vendor produced rule.... " [Any one of the option related to vendor is
fine]
Steps:
1. Right Click on "Rule Groups" and select "Enable Authoring Mode" if you
are not in authoring mode.
2. View the properties of the Rule to delete
3. Select "Advanced" TAB
4. In the rule ownership options select any one of the "Export as a
vendor
produced rule"
5. Click OK
6. Delete the rule and select "Remove rule from the database" option
NOW, you can delete the provider
--
---------------------------------------------------------
Murugesan Vivekananthan [MSFT]
MOM Test Team
This posting is provided "AS IS" with no warranties, and confers no
rights.
---------------------------------------------------------
"Christopher Yorke" <Chris@mch.com> wrote in message
news:erRqCFa$EHA.2032@tk2msftngp13.phx.gbl...
I am receiving Event 21221 in my application log on my MOM server about 4
times per minute! It states "The response processor was unable to locate
the definition of a processing rule, and was therefore unable to execute
responses on an event or alert". It then specifies the Rule id Item id.
How can I determine which rule / alert is the culprit? I tried using the
"Find Rules" wizard, but apparently you cannot search for rules by their
ID's.
The rule and item ID's are:
Item id: {82CEBFEA-647D-435F-B466-29326598C375}
Rule id: {CCEDD3AA-C6E3-11D3-881C-0090270D4908}
I don't know if this is related, but I had tried a management pack from
JalaSoft to monitor my Cisco devices and recently removed it. I cannot
delete the providers ("There are Rules associated with the provider"). I
removed all of the rules and alerts with the same results. When I try
to delete the entire management pack, it says that it cannot delete the
rules as they are associated with alerts (even after I have resolved all
open alerts).
I know there is a lot of info there, just trying to provide as much
pertinent info as possible. Any thoughts or suggestions would be
appreciated!
Thanks
Chris
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in