While deploying new distribution points at a client SCCM site, our team experienced issues trying to distribute packages to the newly deployed server.
While verifying the eventviewer of the specific server we notices there was a time sync issue between the server and the Domain controller. The server was a virtual machine hosted on an ESX server and the time synchronistation with the ESX server was set to disabled ( since the ESX server had no NTP servers defined ).
But apparently the virtual machine had an issue and the time difference was to big to be automatically resolved by the client. So we had to modify the time settings and all was back ok. My questions was : why did SCOM not report any issue on that specific server ?
Acoording to the monitoring agent all was good. Strange , so we decided to create a custom monitor in order to verify time sync issues. This is how we did it :
- Create a simple unit monitor in SCOM.
- Choose simple event detection, Windows event reset and save in a custom MP.
- Add the necesarry properties, choose targets and parent monitor.
- Specify the system event log.
- Create the Unhealthy event expression.
- Specify the system event log ( for the healthy event )
- And create the healthy event expression.
- Configure the health. In this case we want a critical alert when time sync is off.
- Now create the alert settings.
- And test !
You can use the following Powershell script for testing