Microsoft Knowledge Base Email Alertz
All KB/RSS Links  |  Hot Kb!  |  New Kb!  |  Scott Cate  |  FAQ / KB  |  Web Hosting  |  Unsubscribe  

(883323) - Describes an issue where MOM 2004 Agent restarts and then sends invalid packets to the MOM 2000 configuration group. Then, OnePoint Operations 9200 events are logged in the Application event log on a Microsoft Operations Manager DCAM Server.

Search KbAlertz

Advanced Search

Receive Microsoft Knowledge Base articles by E-Mail?

Every night we scan the Microsoft Knowledge Base. If technologies you're interested in are updated, we'll send you an e-mail. You only get one e-mail a day, and only when new articles are added.
Click here to create a
FREE account
Already have an account?
[Click here to Login]











Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks
Article ID: 883323 - Last Review: October 27, 2006 - Revision: 1.2

OnePoint Operations 9200 events may be logged in the Application event log on a Microsoft Operations Manager DCAM Server

View products that this article applies to.

SYMPTOMS

Assume the following: A computer with the Microsoft Operations Manager (MOM) 2005 agent installed is managed by a MOM 2000 Data Access Server/Consolidator-Agent Manager (DCAM) server that is running MOM 2000 Service Pack 1 (SP1). In this scenario, the MOM 2005 agent may send packets that are not valid to the MOM 2000 configuration group. Therefore, many OnePoint Operations 9200 events that are similar to the following may be logged in the Application event log on the MOM 2000 SP1 DCAM server:

Event Type: Error
Event Source: OnePoint Operations
Event Category: None
Event ID: 9200
Date: 11/20/2003
Time: 11:54:10 AM
User: DomainName\UserName
Computer: ComputerName
Description: The socket server on port 1270 received a malformed packet. This may indicate a possible hacking attempt. The binary data for this event contains the data received.

Note Although this event text indicates a possible hacking attempt, it does not indicate where the packet originated.
Back to the top

CAUSE

This issue may occur if the following conditions are true:
  • You have two or more configuration groups that are running MOM 2000 SP1.
  • One or more of the MOM agents are multihomed and report to two or more configuration groups.
  • You upgrade one of the MOM 2000 SP1 configuration groups to MOM 2005.
When you upgrade a MOM 2000 SP1 configuration group to MOM 2005, all MOM 2000 SP1 agents that report to the upgraded MOM 2005 configuration group are upgraded to MOM 2005. The MOM 2005 agent supports two protocol types for communication: the MOM 2000 SP1 protocol and the MOM 2005 protocol.

When the MOM 2005 service starts, it first tries to communicate with the MOM server by using the MOM 2005 protocol. If this communication attempt is unsuccessful, the MOM 2005 agent then uses the MOM 2000 SP1 protocol. Because the MOM 2000 SP1 server does not understand the MOM 2005 protocol, the MOM 2000 SP1 server generates the 9200 event that is described in the "Symptoms" section. However, when the MOM 2005 agent uses the MOM 2000 SP1 protocol, the MOM 2000 SP1 server accepts communication with the MOM 2005 agent.

Additionally, the MOM 2005 agent service retains the MOM protocol type only while the MOM 2005 service is running. When the MOM 2005 service restarts or encounters network problems, the MOM 2005 agent must redetermine the protocol type. Therefore, the MOM 2005 agent first tries to communicate with the MOM 2000 SP1 server by using the MOM 2005 protocol and then by using the MOM 2000 SP1 protocol. If the server has been upgraded to MOM 2005, the communication attempt is successful, and no error events are logged.
Back to the top

STATUS

This behavior is by design.
Back to the top
APPLIES TO
  • Microsoft Operations Manager (MOM) 2005
  • Microsoft Operations Manager 2000 Service Pack 1
Back to the top
Keywords: 
kbtshoot kbprb KB883323
Back to the top
        

Community Feedback System

Very often, it takes hours to solve a problem. Very often, you've looked high and low, and have tried a lot of solutions. When you finally found it, chances are, it was because someone else helped you. Here's your chance to give back. Use our community feedback tool to let others know what worked for you and what didn't.

Please also understand that the community feedback system is not warranted to be correct, it's simply a system that we've built to let people try and help each other. If something in a feedback response doesn't make sense to you, or you're not comfortable making changes that the feedback talks about (like registry edits), please consult a professional.

Thank you for using kbAlertz.com Feedback System.

-- Scott Cate

Copyright © 2002-2007 KBALERTZ.COM.  All Rights Reserved. Terms / PrivacyDiscount ASP.NET Hosting