0 Replies Latest reply on May 6, 2013 9:38 AM by fdisker69

    Alert manager not triggering on Exchange 2007-2010 Hub Transport Role Service and Counters (Basic) Poison Queue Length.

    fdisker69

      Challenge for the masses.  Running Core 2012.2.2 and SAM 5.5.0.  We have determined one of the fastest ways for us to be notified that some one tagged with spamming trojans has gotten us blacklisted it to monitor Poison Queue Length in either Exchange 2007-2010 Hub Transport Role Service and Counters (Basic) or Exchange 2007-2010 Edge Transport Role Service and Counters (Basic). Since I want to be woken up at 3 am for this so I created an advanced alert definition for when Poison Queue Length is > 0 (have also tried >= 1...). For testing I have also tried = 0, has data or even is empty. The problem comes in when I try to test the alert.  When I hit test and fire the event I get an email for Exchange 2007-2010 Client Access Role Services and Counters (Basic) Service: Exchange Active Directory Topology.  ?!?!?!?!


      In testing I have found I can do an event for:

      Component Status = Up

      Application Name = Exchange 2007-2010 Hub Transport Role Service and Counters (Basic)

      Component Name = Poison Queue Length (picked from the list not typed in so no typo)

      Statistic Data Is Not Empty

       

      For the Trigger Action I just have it sending me ${NodeName} ${ApplicationName} ${ComponentName}

       

      Doing this I'm just seeing what data I can possibly pull maybe guess why Poison Queue Length isn't showing up.

       

      When I hit Test > Select the CAS and fire the Test Alert Trigger, this generates a series of emails that show me:

      {NodeName spelled out} Exchange 2007-2010 Hub Transport Role Service and Counters (Basic) Unreachable Queue Length

      {NodeName spelled out} Exchange 2007-2010 Hub Transport Role Service and Counters (Basic) Retry Remote Delivery Queue Length

      {NodeName spelled out} Exchange 2007-2010 Hub Transport Role Service and Counters (Basic) Retry Mailbox Delivery Queue Length

      {NodeName spelled out} Exchange 2007-2010 Hub Transport Role Service and Counters (Basic) Submission Queue Length

      {NodeName spelled out} Exchange 2007-2010 Hub Transport Role Service and Counters (Basic) Active Non-Smtp Delivery Queue Length

      {NodeName spelled out} Exchange 2007-2010 Hub Transport Role Service and Counters (Basic) Active Remote Delivery Queue Length

      {NodeName spelled out} Exchange 2007-2010 Hub Transport Role Service and Counters (Basic) Aggregate Delivery Queue Length (All Queues)

      {NodeName spelled out} Exchange 2007-2010 Hub Transport Role Service and Counters (Basic) Active Mailbox Delivery Queue Length

      {NodeName spelled out} Exchange 2007-2010 Client Access Role Services and Counters (Basic) Service: Exchange Active Directory Topology


      I then change to Statistic Data Is Empty and repeat.


      This generates a series of emails that show me

      {NodeName spelled out} Exchange 2007-2010 Hub Transport Role Service and Counters (Basic) Service: Exchange Active Directory Topology

      {NodeName spelled out} Exchange 2007-2010 Hub Transport Role Service and Counters (Basic) Service: Exchange Monitoring

      {NodeName spelled out} Exchange 2007-2010 Hub Transport Role Service and Counters (Basic) Service: Exchange Transport Log Search

      {NodeName spelled out} Exchange 2007-2010 Hub Transport Role Service and Counters (Basic) Service: Exchange Anti-spam Update

      {NodeName spelled out} Exchange 2007-2010 Hub Transport Role Service and Counters (Basic) Service: Exchange Transport

      {NodeName spelled out} Exchange 2007-2010 Hub Transport Role Service and Counters (Basic) Service: Exchange EdgeSync

      {NodeName spelled out} Exchange 2007-2010 Client Access Role Services and Counters (Basic) Service: Exchange Active Directory Topology


      So I'm thinking I have identified a bug. Maybe two.  First is why is Exchange 2007-2010 Client Access Role Services and Counters (Basic) Service: Exchange Active Directory Topology showing up at all.  Secondly, where did Poison Queue Length go?


      Has anyone seen this?  Anyone have a workaround/suggestion for a better alert config?


      Is this the correct config for this?

      Component Status = Up

      Application Name = Exchange 2007-2010 Hub Transport Role Service and Counters (Basic)

      Component Name = Poison Queue Length

      Statistic Data > 0

       

      There are no suppression's.  Reset is set the same except Statistic Data is < 1.  I've also tried with no reset specified.