Installing the Configuration Manager 2007 System Health Validator point results in the creation of a number of Performance counters for the object Configuration Manager System Health Validator. This allows you to baseline and monitor the following:
- How often the Configuration Manager System
Health Validator point processes statements of health.
- When a newly installed client hasn't yet
downloaded its Configuration Manager NAP policies.
- How often a statement of health (SoH) is out
of date.
- How often a client is non-compliant with
Configuration Manager NAP policies and requires software
updates.
- The number of compliant clients and the
number of non-compliant clients.
- Configuration Manager clients that have the
Network Access Protection agent disabled.
- Failures that occur on either the
Configuration Manager client or the System Health Validator
point.
These counters can be monitored by the Configuration Manager 2007 Management Pack for Operations Manager 2007, which can also monitor events the SMS_SYSTEM_HEALTH_VALIDATOR writes to the Windows Application event log on the Network Policy Server.
The individual Configuration Manager System Health Validator counters are listed in the following table:
Counter Name | Description |
---|---|
Compliance is invalid |
Total number of statement of health responses where the client SoH had invalid compliance information. This condition usually indicates some kind of data corruption between the client and the System Health Validator point. |
Compliance information missing |
Total number of statement of health responses where the client SoH was missing the compliance information. This condition occurs when the Network Access Protection client agent is enabled but the computer has not yet downloaded the site Configuration Manager NAP policies. This condition occurs with new clients. The System Health Validator point will give a client in this condition a health state of compliant so that it can locate its site and management point to download Configuration Manager NAP policies and assess its compliance. |
Compliance newer than health state reference |
Total number of statement of health responses where the client SoH had compliance information that was newer than the health state reference. This condition occurs when the client returns a compliance status using Configuration Manager NAP policies that are newer than the site health state reference. The statement of health is considered current. |
No ConfigMgr NAP policies |
Total number of statement of health responses where the client SoH had compliance information that indicated that no Configuration Manager NAP Policy had been defined yet. This condition occurs when the Configuration Manager Network Access Protection client agent is enabled but no software updates are marked for NAP evaluation. |
Compliance out of date |
Total number of statement of health responses where the client was non-compliant because the client compliance information was older than the health state reference. This condition occurs when the client's compliance information is older than the health state reference. The System Health Validator point will give a client in this condition a non-compliant health state so that it can download the latest Configuration Manager NAP policies and re-evaluate its compliance. |
Compliance matches health state reference |
Total number of statement of health responses where the client SoH had compliance information that matched the health state reference and was hence deemed compliant by the Configuration Manager System Health Validator. This condition occurs when the client's compliance information matches the health state reference. The statement of health is considered current. |
Software updates not installed |
Total number of statement of health responses where the client was non-compliant because all the required software updates were not installed. This condition occurs when the client does not have applicable software updates by the Effective Date as defined in the Configuration Manager NAP policies. The System Health Validator point will give a client in this condition a health state of non-compliant so that it can be remediated to install the software updates required for compliance. |
ConfigMgr NAP client agent disabled |
Total number of statement of health responses where the client was considered compliant because Configuration Manager NAP client agent was disabled (or client had no Configuration Manager NAP Client Agent policy. This condition occurs under the following circumstances:
|
SoH Expired (Absolute Date) |
Total number of statement of health responses where the client was non-compliant because the SoH failed the time validation - Date created must be after. This condition occurs when a client's statement of health is created before the date and time setting Date created must be after, which is configured in the System Health Validator Point Component Properties. The System Health Validator point will give a client in this condition a health state of non-compliant so that it can be remediated to produce a newer statement of health. The client will be instructed to re-evaluate its statement of health. |
SoH Expired (TTL) |
Total number of statement of health responses where the client was non-compliant because the SoH failed the time validation - Validity period. This condition occurs when a client's statement of health is outside the Validity period configured in the System Health Validator Point Component Properties. The System Health Validator point will give a client in this condition a health state of non-compliant so that it can be remediated to produce a newer statement of health. The client will be instructed to re-evaluate its statement of health. |
SoH Requests Total |
Total number of statement of health requests received by the Configuration Manager System Health Validator. |
SoH Requests/second |
Number of statement of health requests received per second by the Configuration Manager System Health Validator. |
SoH Response Failures |
Number of times an error condition prevented the Configuration Manager System Health Validator from generating a statement of health response |
SoH Response: Client Failures |
Total number of statement of health responses where client failures were detected. This condition occurs when the client is unable to assess its compliance because of an error condition on the client, which is either a component failure or a communication failure. These failures can result in a health state of compliant or non-compliant, depending on how the Configuration Manager System Health Validator is configured on the Windows Network Policy Server. By default, both client failure categories are configured as non-compliant. |
SoH Response: Compliant |
Total number of statement of health responses where the client was compliant. This condition occurs when the client's compliant status is successfully validated by the System Health Validator point because all the following apply:
A failure did not occur on either the Configuration Manager client or the System Health Validator point. |
SoH Response: Non-compliant |
Total number of statement of health responses where the client was non-compliant. This condition occurs when one of these situations apply:
|
SoH Response: Server Failure |
Total number of statement of health responses where server failures were detected. This condition occurs when the System Health Validator point is unable to validate a client statement of health because of an error condition on the server, which is either a component failure or communication failure. These failures can result in a health state of compliant or non-compliant, depending on how the Configuration Manager System Health Validator is configured on the Windows Network Policy Server. By default, both server failure categories are configured as non-compliant. |
SoH Response: Unknown |
Total number of statement of health responses where the client compliance could not be validated. This condition occurs when the client's site was not known to the System Health Validator point. This can happen if Active Directory replication has not yet completed for a new Configuration Manager site or if the client is outside its Configuration Manager hierarchy. This failure can result in a health state of compliant or non-compliant, depending on how the Configuration Manager System Health Validator is configured on the Windows Network Policy Server. By default, this error condition is configured as non-compliant. |
See Also
Tasks
How to Configure the System Health Validator Active Directory Domain Services Query IntervalHow to Specify the Option 'Date created must be after' for the Statement of Health
How to Specify the Validity Period for the Statement of Health
Concepts
Configuring Failure Categories for Configuration Manager Network Access ProtectionAbout NAP Health State References in Network Access Protection
System Health Validator Point: Validation Process for Network Access Protection