CA Automation Point cannot interpret remote SolarWinds Orion Event Log Message after Orion upgrade
Article ID: 191807
Updated On:
Products
Automation Point
Issue/Introduction
We are running SolarWinds Orion to monitor our Open Systems environment, and using AP to monitor the Orion server event log to integrate our mainframe and Open Systems alerting.
I have had to upgrade Orion to get it to supported levels and in doing so they seem to have introduced a change to the application event log records written, and although a small change in the "Provider Name" string, AP no longer can read the text and interpret it.
The old event messages from the "Alerting Engine" are still written which still work fine with AP, but the new ones from "SolarWinds.BusinessLayerHost Action" causes AP to throw up these types of error messages:
The description for Event ID (3003) in Source (SolarWinds.BusinessLayerHost Action) could not be found. It contains the following insertion string(s): HEART R
S=NMA-P-SWINDS-A1 V=9.5 G C=Disk-Data T=20200519-1756
The description for Event ID (3003) in Source (SolarWinds.BusinessLayerHost Action) could not be found. It contains the following insertion string(s): HEART R
S=NMA-P-SWINDS-A1 V=43.5 G C=Disk-Data T=20200519-1756
The description for Event ID (3003) in Source (SolarWinds.BusinessLayerHost Action) could not be found. It contains the following insertion string(s): HEART P
S=NMA-P-SWINDS-A1 V=9.5 G C=Disk-Data T=20200519-1756
The description for Event ID (3003) in Source (SolarWinds.BusinessLayerHost Action) could not be found. It contains the following insertion string(s): HEART P
S=NMA-P-SWINDS-A1 V=43.5 G C=Disk-Data T=20200519-1756
I have had to upgrade Orion to get it to supported levels and in doing so they seem to have introduced a change to the application event log records written, and although a small change in the "Provider Name" string, AP no longer can read the text and interpret it.
The old event messages from the "Alerting Engine" are still written which still work fine with AP, but the new ones from "SolarWinds.BusinessLayerHost Action" causes AP to throw up these types of error messages:
The description for Event ID (3003) in Source (SolarWinds.BusinessLayerHost Action) could not be found. It contains the following insertion string(s): HEART R
S=NMA-P-SWINDS-A1 V=9.5 G C=Disk-Data T=20200519-1756
The description for Event ID (3003) in Source (SolarWinds.BusinessLayerHost Action) could not be found. It contains the following insertion string(s): HEART R
S=NMA-P-SWINDS-A1 V=43.5 G C=Disk-Data T=20200519-1756
The description for Event ID (3003) in Source (SolarWinds.BusinessLayerHost Action) could not be found. It contains the following insertion string(s): HEART P
S=NMA-P-SWINDS-A1 V=9.5 G C=Disk-Data T=20200519-1756
The description for Event ID (3003) in Source (SolarWinds.BusinessLayerHost Action) could not be found. It contains the following insertion string(s): HEART P
S=NMA-P-SWINDS-A1 V=43.5 G C=Disk-Data T=20200519-1756
Environment
Release : 11.5
Component : CA Automation Point
Resolution
To monitor any remote Windows server events created by an application, Automation Point (AP) requires that the event messages dll for the application be registered locally on the AP server.
To enable successful event monitoring for the previous version of SolarWinds Orion these steps had been done:
1. Copied the Orion EventLogMessages.dll from the Orion Server to the AP Server.
2. On the AP server under registry key "HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application" created a new sub-key with the name of the Source/Provider Name ("Alerting Engine") . Under the new sub-key added an Expandable String Value (REG_EXPAND_SZ) with name "EventMessageFile" assigned to the full path of the EventLogMessages.dll file.
The Orion upgrade added an additional component "SolarWinds.BusinessLayerHost Action" resulting in the AP server errors "The description for Event ID (3003) in Source (SolarWinds.BusinessLayerHost Action) could not be found ...".
To resolve the problem a new registry key similar to above was created for the new component i.e.
Under "HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application" create new sub-key with the name of the new Source/Provider Name "SolarWinds.BusinessLayerHost Action" and under that new sub-key add an Expandable String Value (REG_EXPAND_SZ) with name "EventMessageFile" assigned to the full path of the EventLogMessages.dll file.
To enable successful event monitoring for the previous version of SolarWinds Orion these steps had been done:
1. Copied the Orion EventLogMessages.dll from the Orion Server to the AP Server.
2. On the AP server under registry key "HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application" created a new sub-key with the name of the Source/Provider Name ("Alerting Engine") . Under the new sub-key added an Expandable String Value (REG_EXPAND_SZ) with name "EventMessageFile" assigned to the full path of the EventLogMessages.dll file.
The Orion upgrade added an additional component "SolarWinds.BusinessLayerHost Action" resulting in the AP server errors "The description for Event ID (3003) in Source (SolarWinds.BusinessLayerHost Action) could not be found ...".
To resolve the problem a new registry key similar to above was created for the new component i.e.
Under "HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application" create new sub-key with the name of the new Source/Provider Name "SolarWinds.BusinessLayerHost Action" and under that new sub-key add an Expandable String Value (REG_EXPAND_SZ) with name "EventMessageFile" assigned to the full path of the EventLogMessages.dll file.
Feedback
Yes
No
Powered by
