Monthly Archives: August 2014

SCOM: AD MP – Journal Wrap error on SYSVOL Rule

We realized in our SCOM 2012 SP1 environment that the rule “Journal Wrap error on SYSVOL” of the Active Directory Management Pack was not detecting correctly.

I have checked the rule A_journal_wrap_error_has_occurred_on_the_Sysvol_5_Rule in the Microsoft.Windows.Server.AD.2008.Monitoring.xml (Version 6.0.8228.0).

It looked ok, the only thing which could be a problem is the Description search. It uses this expression:


<SimpleExpression>
<ValueExpression>
<XPathQuery>Params/Param[1]</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>DOMAIN SYSTEM VOLUME (SYSVOL SHARE)</Value>
</ValueExpression>
</SimpleExpression>

I disabled the rule and created a new one with this Description search:

<RegExExpression>
<ValueExpression>
<XPathQuery Type=”String”>EventDescription</XPathQuery>
</ValueExpression>
<Operator>ContainsSubstring</Operator>
<Pattern>DOMAIN SYSTEM VOLUME (SYSVOL SHARE)</Pattern>
</RegExExpression>

Now the event was detected correctly and an alert was created.

So if you recognize the same problem, then I suggest to also create a new custom management pack with this rule and disable the original rule.

You can download my sample MP here.