We are using SCOM 2012 to monitor our environment. There is a logic implemented to suppress alerts (using maintenance mode) when Windows Updates cause system reboot. We followed:<o:p></o:p>
http://operatingquadrant.com/2009/08/15/scom-automatically-starting-maintenance-mode-when-servers-are-rebooted-for-patching/<o:p></o:p>
Basically when in system event log event id 1074 appears then system is put in Maintenance mode. There is a problem with some IIS web servers - they generate a lot of alerts when Windows Updates are installed (e.g. Microsoft Windows Internet Information Services 2003 Application Pool is Unavailable) and before windows reboot. In details:
5:08 AM - Windows update installation in event log (event id 19)e.g.
Installation Successful: Windows successfully installed the following update: Security Update for Microsoft .NET Framework 4 on Windows Server 2003, Vista, Windows 7, Server 2008 x86 (KB2972106)
5:09 AM - SCOM generates alerts: Microsoft Windows Internet Information Services 2003 Application Pool is Unavailable
5:17 AM - event id 1074: The process winlogon.exe has initiated the restart of computer. SCOM put this server in Maintenance mode.
After 5:17 AM no more alerts generated by SCOM
We cannot change our logic and put system in maintenance mode based on event ID 19 (windows update installation) because there are a
lot of event ID 19 events generated almost every day. So we do not want to put our server in maintenance mode each time when windows updates are installed. Just when windows update installation cause some IIS features stops. Any idea?