Saturday, September 19, 2015

Skype for Business Server 2015 (formely Lync) Watcher Node Synthetic Transactions failed

Recently I've got issue when I worked on deployment of Skype for Business Server 2015 and SCOM monitoring for this deployment.
Assume following config:

  • Skype for Business Server 2015;
  • System Center Operations Manager 2012R2;
  • Skype for Business Server 2015 SCOM Management pack installed;
  • S4B watcher node in a "Trusted Server authentication method" mode

After configuration (using ms technet) I've got issues with basic synthetic transactions (I can assume some extended tests are also affected): Presence, AvConference, P2PAV, IM, GroupIM.
SCOM reported failed transactions and following messages:

Presence:
Presence Synthetic Transaction failed.
The following error message was returned by the Synthetic Transaction test commandlet: Presence notification is not received within 240 seconds. 
AvConference:

Audio Video Conferencing Synthetic Transaction failed.

The following error message was returned by the Synthetic Transaction test commandlet: This operation has timed out.

IM:
Instant Messaging Synthetic Transaction failed.
The following error message was returned by the Synthetic Transaction test commandlet: 504, Server time-out
P2PAV:
Peer To Peer Audio Video Synthetic Transaction failed.
The following error message was returned by the Synthetic Transaction test commandlet: 480, Temporarily Unavailable 
GroupIM: 
Instant Message Conferencing Synthetic Transaction failed.
The following error message was returned by the Synthetic Transaction test commandlet: This operation has timed out.
These errors are typically due to firewall problems. When a synthetic transaction is executed, that transaction runs under the MonitoringHost.exe process; in turn, MonitoringHost.exe starts an instance of the PowerShell.exe process. If either MonitoringHost.exe or PowerShell.exe is blocked by your firewall then the synthetic transaction will fail and will generate mentioned errors. To resolve this issue, you should manually create inbound firewall rules for both MonitoringHost.exe and PowerShell.exe: 
netsh advfirewall firewall add rule name="Watcher Node PowerShell" dir=in action=allow program="%SystemRoot%\System32\WindowsPowershell\V1.0\powershell.exe" enable=yes
netsh advfirewall firewall add rule name="Watcher Node SCOM agent" dir=in action=allow program="%ProgramFiles%\Microsoft Monitoring Agent\Agent\MonitoringHost.exe" enable=yes
So basically by default this rule is not created and you most likely will get this issue. Hope this helps you guys to monitor your S4B servers.