Skip to main content
Version: On prem: 14.0.16

Monitoring system configuration

To properly maintain, plan, audit, and troubleshoot a system, it is vital to monitor many of its important configuration settings. Omada Identity registers several types of information in logs to use for tracking issues, compliance, usage, and more.

This chapter describes the location of the logs and the way you can use the logs in Omada Identity Data Warehouse (ODW). In this section, you can find descriptions of the logs found in Omada Identity, Windows Event Viewer, and Omada Identity Data Warehouse.

info

You can access the logs in either the Omada Identity Portal or the Omada Identity database. You must have access to use the SQL server and the Windows Event Viewer on the machine on which you have installed Omada Identity.

In addition to the logs, Omada Identity provides four system statistics reports to complete the monitoring tools.

Monitoring the status of Omada Identity Data Warehouse configuration is important for maintaining high performance. By analyzing the findings of the monitoring activities, you can speed up both imports and reports, and you can avoid inefficient use of disk space.

It is also important to monitor the outcome of each Omada Identity Data Warehouse's import to make sure that the data in ODW is accurate and up to date.

Location of logs

Depending on the type of logged data, you can monitor system functionality in the Omada Identity Portal, the Omada Identity Data Warehouse database, or the Windows Event Viewer. The following table presents the types of logged data:

ComponentsLogs available
Enterprise ServerPage activity log, code method log, email log, data exchange log, system log, and timer log.
Omada Identity PortalCode method log, email log, data exchange log, timer log, and system statistics.
Omada Identity Data WarehouseImport log, Omada Identity Data Warehouse Syssislog.
Windows Event ViewerEnterprise Server errors log, RoPE errors log.
SQL Management StudioSQL Server Agent Jobs log.

Event viewer

To find the Event Viewer, go to Start > Control Panel > Administrative Tools > Event Viewer.

The source name for errors is Omada Enterprise, and errors are logged to Windows logs > Application.

You can use the filter in the Event Viewer to locate these errors quickly.

The logs are placed in a category according to their EventId.

Logging of missing code methods and access modifiers

When you start using Omada Identity, the system checks and verifies that all configured code methods and access modifiers are located in the specified assemblies.

If the system cannot find one or more code methods or access modifiers, Omada Identity records an event in the event log.

Log overview

Expand each section to learn more about given log type:

Page activity log

All user access to web pages that are a part of the Omada Identity are logged in to the dbo.tblActLog table in the database.

Writing logs to the dbo.tblActLog table can be managed by setting the EnableActivityLog customer setting to the desired value:

  • If this setting is enabled, logs are written to tblActLog table. This is the default value for on-premise customers.
  • If this setting is disabled, logs are not written to tblActLog table. This is the default value for Cloud customers.
  • If this setting is not defined, logs are written to tblActLog table.
note

Web request activity information is always written to the configured OIS logging targets, regardless of the EnableActivityLog customer setting.

Only Platform Administrators can change the value of the EnableActivityLog setting.

dbo.tblActLog

The dbo.tblActLog table to which the logs are written includes many different columns, such as:

  • ID - unique ID is assigned to each new page access.
  • UserId - the IDs for the user and customer accessing the page.
  • CreateTime - the time when the user first accessed the page.
  • PageName - he name of the page that the user accessed, for example, dataobjviewdlg.aspx.
  • PagePath - he complete path to the page, for example, /webservice/oim_systemonboarding.asmx.
  • QueryString - the query string is used to call the page, for example, op=pushconfiguration.
  • EndTime - the time when the user finished accessing the page.
  • IP - the IP address from which the access to the page came.

You can extract the data and paste it into a more reading-friendly format, for example, in a Microsoft Excel spreadsheet. You can also use the IIS page log for this type of information. To do this, follow these steps:

  1. Open IIS Manager on your computer.

  2. Locate the properties for the relevant view.

  3. Open the Logging feature.

    Logging

  4. In the Logging feature, select Enable in the Actions pane and specify the format for the log in the Format field.

    EnableLogging

  5. To set up the log schedule, delect from the available log schedules in the Log File Rollover section.

  6. To set the location of the log file directory, click Browse in the Log file section and select the specific location of the file. The path is displayed in the Directory field.

Performance counters

A set of performance counters can support the monitoring of the health of the Omada Identity. Performance counters are a Windows functionality.

They include the following counters:

  • Web Pages
  • Web Service Calls
  • Response Time
  • DataObject Created
  • DataObject Updated
  • DataObject Deleted
  • DataObject Purged
  • Timer Heartbeat
  • RoleEngine Heartbeat
  • RoleEngine Identity Calculated
  • Session Count

You can find the counters on the application server under the Omada Enterprise category:

PerfMonitor

Synthetic transactions

There are two functions in the Web Application for synthetic transactions. External monitoring tools can use the transactions to check the availability of the Omada Identity. PingDatabase.aspx is a webpage that shows the message OK when the application is up and running.

The Web Service's end-point is WebService/MasterWebService.asmx. It contains the web service called PingDatabase(), which returns the message OK when the application is up and running.

Code method log

You can use code methods to modify many configurations, for example, data objects, forms, processes, and users. Code methods are included in the basic setup, but users can also create and modify more code methods to suit their particular configuration. Code methods are linked to events, such as creating or modifying objects or the transition of a process.

Whenever someone uses a code method, the use is logged in the Code Method Log. You can find this log in the System Management menu. The code method log can assist you with monitoring the use of code methods and if the code methods are successful.

Find the Code method log view by going to Setup > Logs> Code Method Log. The main view displays a list of code methods that the system has run, as shown in the following image:

CodeMethodLog

The complete list view includes the following information:

  • Class path and method - shows the name of the class path and code method.
  • Code assembly - show the code assembly that the code method used.
  • Call time - shows the time when the code method was called.
  • Success - shows if the code method ran successfully. This can be Yes or No.
  • Action object - shows the target of the code method’s action.

When you click a code method in the list, a page opens to display the complete details of the code method that has run.

CodeMethodDetails

The details on the page include:

  • Assembly - shows the code assembly used by the code method.
  • Executed on - shows the time and date on which the code method ran.
  • Execution time - shows how long time it took to run the code method.
  • Executed by - shows the User ID of the user who called the code method.
  • Call parameters
  • Result parameters
  • Success - shows if the code method ran successfully. This can be Yes or No.
  • Action object - shows the object on which the code method action took place.

The Code Method Execution Details page can help you troubleshoot a code method if it has not worked successfully. You can also find details about the code methods in the SQL Server database table dbo.tblCodeMethodLog.

Enterprise Server logs

All errors, warnings, and information messages from the Enterprise Server are recorded in the Windows event log on the computer in the Application log. You can access this log from the Event Viewer.

EventIdNameDescription
10000OtherUncategorized error.
10001LogErrorError in the log configuration.
10002ServerConfigurationServer configuration error.
10003LicenseErrorLicensing error.
10100ObjectNotFoundObject not found.
10200SqlCommonUncategorized SQL error. This can be a syntax error.
10201SqlTimeOutSQL error caused by a locked resource or a long-running statement.
10202SqlNetworkErrorCannot access the SQL Server. Can be caused by a connection string with errors.
10203SqlLoginFailedAccess to the SQL server is denied. The username or password may not be correct.
10204SqlTransientErrorSQL transient error.
10205SqlUniquenessErrorSQL uniqueness error.
10206SqlRollbackFailureSQL rollback error.
10300CacheLockTimeoutA cache refresh failed because of a locked resource.
10400LogonFailureA user has failed to log in to the application.
10401SamlResponseFailedSAML response failed.
10402OpenIDResponseFailedOpenID response failed.
10403UserAuthFailed to set user password.
10404LogonUserIsInactiveUser is inactive.
10405TooManyLogonAttemptsToo many logon attempts.
10406PasswordExpiredPassword has expired.
10407SamlConfigurationSAML configuration error.
10408LogConfigurationLog configuration error.
10409LogonSuccessfulLogon successful.
10410LogoffInitiatedLog off initiated.
10411LogInitializedLog in initialized.
10500CodeMethodExceptionA code method has failed.
10501CodeMethodFriendlyExceptionA code method has thrown a non-fatal exception.
10502CodeMethodMalConfigurationA code method has been configured which contains errors.
10503CodeMethodValidationCode method validation error.
10504AccessModifierValidationAccess modifier validation error.
10505AccessDataUploadErrorAccess data upload error.
10506ReferencedObjectDeletedReferenced object deleted.
10550XmlSchemaFileUpdateErrorError in the XML schema file updated.
10600DatabasePathAppliedA database patch has been installed.
10601DatabaseScriptExecuteDatabase script executed.
10602AppStringsImportedApp strings imported.
10603UpdateActionAssemblyErrorError in the assembly update action.
10604UpdateActionExpectedErrorError in the action expected update.
10700MailTooManyReceiversA function was prevented from sending notifications because it would send out too many e-mails, resulting in spam.
10701MailNoValidEmailAddressAn e-mail notification could not be sent because no valid e-mail was found.
10702MailCannotSendMailAn error occurred while sending an email notification. This may be because of an email relay problem.
10703MailCannotBeQueuedMail cannot be queued.
10704MailCannotDecryptVarUnable to decrypt mail variable.
10705MailCannotRemoveMailFromQueueCannot remove mail from queue.
10706MailCannotAddMailLogCannot save mail to log.
10707MailSentMail sent.
10708MailConnectionMail connection error.
10709MailAuthenticationMail authentication error.
10800EventDefTooManyObjectsAn event definition did not trigger on all filtered objects because the threshold number of objects was exceeded.
10900ILMExportFailedA MIM export to Enterprise Server failed.
11000TraceInformationTrace information from a code method or another function.
11001WebRequestWeb request failed.
12003SimulationHubRunSimulation service failed.
12100RunArchiveBatchArchiving cycle failed.
13000WebserviceErrorWeb service request failed.
13200PasswordResetSuccededPassword reset success.
13201PasswordResetFailedPassword reset failure.
13202PasswordResetOneTimeCodePassword reset one time code.
13203PasswordResetBruteForceDetectedPassword reset brute force attempt detected.
13204PasswordResetMissingDelegateMethodPassword reset missing the delegate method.
13205PasswordResetNotificationFailedPassword reset notification not sent.
13206PasswordResetVerifyPasswordFailedPassword reset verify password failure.
13207PasswordResetAccountLookupFailedPassword reset account lookup failure.
13208PasswordResetSystemLookupFailedPassword reset system lookup failure.
13209PasswordFilterFailedPassword filter failure.
13210PasswordChangedPassword changed.
13211PasswordResetClientLoadFailureFailure to load the password reset client.
13300AccessRequestStatusConfigErrorError in the configuration of the access request status.
13350PolicyCheckConfigurationErrorError of the policy check configuration.
13351PolicyCheckExecutionErrorError of the execution of the policy check.
13400ODataErrorOData error.
13500GraphQLErrorGraphQL error.
14000AjaxGridErrorAjax grid error.
14001AjaxGridPossibleSqlInjectionPreventedPossible SQL injection in the Ajax grid has been prevented.
15000SurveyFeatureInfoSurvey feature information.
15001SurveyOwnershipNotAcceptedOwnership of a survey has been rejected.
16000ComplexDataSetBuilderErrorError in the complex data set builder.
16001CrossDatabaseQueryDetectedCross database query detected.
17000KPIEvaluationErrorKPI evaluation error.
18000VirtualPropertyResolverErrorVirtual property resolver error.
19000AssigneeExpressionPathResolutionInfoInformation message about assignee expression path resolution.
19001AssigneeExpressionPathResolutionWarningWarning message about assignee expression path resolution.
20000OPEJobNotificationOPE job notification.
21000TimeZoneAlignmentTime zone alignment.
21001CustomerSettingRangeErrorCustomer setting range error.
22000FIMPasswordResetFIM password reset.
220001ConfigurationChangeImportConfiguration change import.
22100UpgradeSyncOfflineSystemsUpgrade sync offline systems.
23001SystemEventCat_Employments_IdentityDisabledIdentity has been disabled.
23002SystemEventCat_Employments_IdentityLockedIdentity has been locked.
23003SystemEventCat_Employments_IdentityReEnabledIdentity has been reenabled.
23101SystemEventCat_AccessRequests_RequestSubmittedAccess request submitted.
23102SystemEventCat_AccessRequests_RequestApprovedAccess request approved.
23103SystemEventCat_AccessRequests_RequestRejectedAccess request rejected.
23201SystemEventCat_Configuration_MembersAddedMembers added.
23202SystemEventCat_Configuration_MembersRemovedMembers removed.
23203SystemEventCat_Configuration_ResourceChangedResource has been changed.
23204SystemEventCat_Configuration_ApprovalConfigurationChangedApproval configuration has been changed.
23205SystemEventCat_Configuration_AssignmentPolicyChangedAssignment policy has been changed.
23206SystemEventCat_Configuration_ConstraintChangedConstraint changed.
23207SystemEventCat_Configuration_PrioritizationPolicyChangedPrioritization policy changed.
23301SystemEventCat_Governance_SurveyStartedSurvey started.
23302SystemEventCat_Governance_SurveyCompletedSurvey completed.
23303SystemEventCat_Governance_SystemOwnersChangedSystem owners changed.
23304SystemEventCat_Governance_SystemClassificationChangedSystem classification changed.
23305SystemEventCat_Governance_IdentityCreatedIdentity created.
23306SystemEventCat_Governance_IdentityModifiedIdentity modified.
23307SystemEventCat_Governance_IdentityManagersChangedManagers of the identity have been changed.
23308SystemEventCat_Governance_OrgUnitManagersChangedManagers of the organization unit have been changed.
23401SystemEventCat_SystemOperation_NewSystemOnboardedNew system onboarded.
23402SystemEventCat_SystemOperation_TechnicalIdentityRequestedTechnical identity has been requested.
23403SystemEventCat_SystemOperation_WarehouseImportSucceededSuccessful Data Warehouse import.
23404SystemEventCat_SystemOperation_WarehouseImportPartiallySucceededPartially successful Data Warehouse import.
23405SystemEventCat_SystemOperation_WarehouseImportFailedFailure of the Data Warehouse import.
Email log

The Omada Identity’s system administrator can view a log of all emails that the system has generated.

Omada Identity does not log emails that include sensitive material to the email log, for example, emails that include passwords. Find the log by going to Setup > Administration > System Management > Email Log. The initial view shows an overview of generated emails.

The email log shows:

  • The To and From names
  • The Subject of the email
  • The Date and Time sent.

View the details of a sent email by clicking the Subject in the list view. The details for the email are shown in the Sent Email dialog box.

SentMail

You can also find details about sent emails in the SQL Server's database table dbo.tblMailLog.

Data Exchange log

Whenever you have run a data exchange, a log entry of the data exchange is added to the data exchange log. To find the log for data exchange, go to Setup > Administration > Connectivity > Data Exchange.

In the initial view, right-click the data exchange you want to view and select History. The Data Exchange Log dialog box opens and shows all the data exchanges that have taken place on your system.

Click any of the listed data exchanges to see the Data exchange log details for this data exchange. The Data exchange log details include the date and length of the time when the exchange ran, the status of exchange, the number of objects created or updated, and more.

DataExchangeDetails

Timer execution log

The timer log list displays a list of all timer runs times. To see this log, go to Setup > Administration > Data management > Timers, click the ellipsis (...) menu for a given timer, and select History. The Timer Execution Log will be displayed.

TimerExecutionLog

The Timer Execution Log lists the history of whenever a timer ran:

  • The name of the timer
  • When the timer ran
  • The name of the triggering server

You can also find these details in the Enterprise Server's database. The timer log is stored in a table called dbo.tblTimerLog.

Omada Role and Policy Engine log

The Role and Policy Engine creates a log for the Event Viewer with the application name Omada Role and Policy Engine with many events to log.

IDNameDescription
100GeneralInfoThe 100-series are information messages.
101CycleRunStartedRoPE has started a calculation cycle.
102CycleRunCompletedRoPE has completed a calculation cycle.
103ManagementAgentInfoInformation from the FIM Management Agent.
104RequeuedPreviousFailuresRoPE has automatically queued identities that previously failed calculation again.
105QueuedIdentitiesWithRecent
ActivationsOrExpirations		The engine has automatically queued identities that either have:

An assignment that was pre-valid at the time of calculation, but has meanwhile entered its validity period

Or:

An assignment that is enabled but with a date in the Valid To setting that is in the past.
106DeletedHistoricCalculationsThe engine has completed the periodic deletion of historic calculations for all identities
107TraceOutputInfo written for problem tracing purposes.
108PausedRoPE paused.
109RollbackFailureDatabase rollback failure.
200GeneralWarningThe 200-series are warning messages.
201MasterDataIssueA non-fatal issue exists in the engine's master data configuration.
300GeneralErrorThe 300-series are error messages.
301LockAndLoadQueued
IdentitiesError		The entire batch is discarded if one or more identities in it failed to load.
302GeneralExecutionErrorError running cycle.
303IdentityCalculationErrorError calculating identity.
304BatchProcessingErrorError calculating queued identity.
305ServiceExecutionErrorError occurred while running cycle.
306ODWBusinessKeyResolution
Error		Could not resolve an Omada Identity Data Warehouse composed business key to a data object in ES.
307ResourcePoolWithMissing
ODWBusinessKeyError		One or more systems/resource pools detected that has a system category and thus is expected to be present in the Omada Identity Data Warehouse but does not have a business key in the ES.
308SimulationErrorSimulation failed.
309RemoteAPIAuthentication
Failed		Authentication of the RemoteAPI client failed.
900Other
Omada Provisioning Service logs

OPS creates a log for the Event Viewer with the application name Omada Provisioning Service with many events to log.

EventIdNameDescription
101FailedToLoadExtensionOPS failed to load extension method.
102UnexpectedDatabaseErrorUnexpected database error.
103EntityValidationErrorsErrors in the entity validation.
130UnhandledErrorUnhandled error.
151FailedParsingConnectionStringFailed parsing of the connection string.
152UpgradeFailedUpgrade failure.
201FailedToLoadSystemConfigurationFailed to load system configuration.
202UnexpectedErrorInSystemManagerUnexpected error in system manager.
203JobDeemedDuplicateDuplicate jobs error.
204ErrorSavingBatchOPS batch could not be saved.
205FailedToInitializeSystemConfigurationFailed to initialize the system configuration.
206FailedToNotifyQueuedFailed to notify queued.
207IntegrityCheckerIntegrity checker.
301TaskProcessingExceptionTask processing exception.
302TaskProcessingFailedTask processing failure.
303JobProcessingFailedJob processing failure.
304NoConnectorsAvailableInPoolNo connectors available in pool.
305ErrorDequeuingJobDequeuing job error.
401StatisticsRefreshedStatistics have been refreshed.
402ThresholdExceededThreshold has been exceeded.
403NotificationErrorNotification error.
501NotificationFailedNotification failed.
502NotificationQueueNotification queue.
601ErrorArchivingJobsJobs could not be archived.
602FailedToInitializeSystemConfigurationInitialization of the system configuration failed.
603UnexpectedErrorInSystemManagerUnexpected error in system manager.
701ErrorPurgingJobsError purgin jobs.
702FailedToInitializeSystemConfigurationFailed to initiatlize system configuration.
703UnexpectedErrorInSystemManagerUnexpected error in system manager.
1001DequeueJobDequeuing of jobs.
1002LoadJobFromStoreJob loaded from store.
1003TaskProcessingConnectorTask processing connector.
1004ProcessingJobJob processed.
1005PersistBatchBatch persisting.
1006PersistBatchDetailsBatch persisting details.
1007PersistBatchDetailsTasksBatch persisting details tasks.
System log on-prem

You can use the system log to collect specific data that your organization requires. The system log is stored in a table called dbo.tblSystemLog found in the SQL Server.

For example, you could configure code methods that monitor that a specific process is completed and record the details of when they take place. You can configure your code methods to use the .NET methods that are found in a particular Enterprise Server class to produce logs in a readable format for reports and audits.

The benefits of the system log are flexibility of planning and the ability to create code methods to customize the data to log.

Password reset log on-prem

The Enterprise Server database contains a table tblPasswordResetLog which contains both successful and failed password reset attempts.

The log is only accessible via the SQL Server Management Studio.

The columns are:

ColumnsDescription
IdentityID_The integer ID of the Identity Data Object.
IdentityIdentThe username / IDENTITYID.
ActionTimeThe date and time of the attempt.
Actionsee values in the table below.
MessageDescription of the attempt.
IPthe IP address of the remote client / caller.
Originreference the provisioning service OriginId.

The values of the column Action are:

ValueDescription
Enrolled = 0User enrolled to password reset.
ResetSucceeded = 1Reset success.
ChallengeResponsFailed = 2User failed to answer challenge questions.
ResetFailed = 3Operation failed.
SoftLocked = 4Threshold for failed attempts exceeded (temporary lock).
HardLocked = 5Threshold for failed attempts exceeded (locked).
IdentityIdentFailed = 6The entered username was not recognized.
Submitted = 7The password change has been handed over to a provisioning service.
Throttling = 8Password reset web page is throttling because of many failed requests.
Unlocked = 9Identity was unlocked by an administrator.
PartialSuccess = 10The password reset action partially succeeded.
ConfigurationError = 11Wrong configuration of password reset handlers.

System statistics

In addition to the various logs that you can view to monitor the system performance, you can use the five statistics reports available in Omada Identity.

To see System statistics, go to in Setup > Administration > More > System Statistics.

The reports are available from the initial System statistics view and are as follows:

  • Request count statistics - select a customer (solution) from the drop-down list and the date grouping (year, month, day) to generate a report that lists the number of requests for the solution on a daily, monthly, or yearly basis.
  • Avg page processing time - select a customer (solution) from the drop-down list and the date grouping (year, month, day) to generate a report that lists the average processing time in milliseconds of a server request per page on a daily, monthly, or yearly basis.
  • Database table rows - this option generates a report that shows the table rows in the database, along with their allocated space; there are no parameters to select.
  • Performance statistics - select a customer (solution) from the drop-down list, a date range using the From and To date fields, and a date grouping (year, month, day) for this report. The output shows the number of hits and average processing time for each page on a daily, monthly, or yearly basis. It also compares these values with the values from the previous period and shows the change in percent.
  • Code Method statistics - select the grouping (year, month, day) in the drop-down-list to generate a report that lists the code method that was called. The lists include details on ClassPath, method, date, number of calls, the average and maximum processing times.

The system generates the reports as CSV files that you can export and open in a spreadsheet, for example, Microsoft Excel.

ODW export errors

The ODWDashboardExportErrors dashboard widget shows objects that have resulted in export errors in the ODW Export to Enterprise Server. The Retries column shows the number of times the object has been retried.

If you click the link for the ComposedBusinessKey, a detailed error message opens that allows you to investigate the cause of the error.

ExportErrorsDetails

In the default version of the Operations Dashboard, the ODWDashboardExportErrors widget is included, but you can include it in any custom dashboard by including the following widget definition in a dashboard definition:

{

  name: 'ODWDashboardExportErrors',

  height: 300,

  title: 'ODW Export errors',

  params: {},

  isHiddenEvaluator: function() { return !appPageVars.isODWEnabled; }

}

Import logs on-prem

The history and outcome of imports are logged in several ways. This section describes the locations of these logs and their usage.

SQL Server Agent jobs logs

If you use SQL Server Agent jobs to run imports, the history and outcome of imports are available under Job History in the Log File Viewer. You can right-click the job for which you want to view the history and select View History.

note

The SQL Server Agent Job can register success even if the containing packages register a failure. This means that you should not use the SQL Server Agent Job as the sole method for verifying that an import has been successful.

Find the SQL Server Agent node at the bottom of the Object Explorer pane in SQL Server Management Studio.

Omada Identity Data Warehouse Sysssislog

All imports are logged to the Omada Identity Data Warehouse’s system table Sysssislog. In addition, it is shown in the execution log for imports in the Omada Identity Portal.

The following events are logged:

  • PackageStart
  • PackageEnd
  • OnPreExecute
  • OnPostExecute
  • OnWarning
  • OnError
  • ScriptComponentLogEntry

It is important to note that one error often produces several error rows in the log table, as errors are spread in the internal task hierarchy of the Omada Identity Data Warehouse’s SSIS packages. Along the way, each task independently logs the event until the system reaches a level capable of handling errors.

The table contains everything logged since the database was created. If you want to clean up or empty the tables, you must do this manually. To do this, you can edit the sysssislog using T-SQL, which makes it useful for troubleshooting.

If you run the following query, you can find the latest import:

WHERE source = 'Omada ODW Run' and (event = 'PackageStart') order by starttime desc;

If you want to find any errors in the latest import, you should run the following query, where you write the starttime value below with the value for your latest import:

WHERE starttime > '2016-09-04 13:33' and event like '%error%';

Import log file

You can log the events of an import to a log file by running imports from the command line and specifying a log file name and path.

Example of an import of configuration packages:

DTExec /DTS "\MSDB\Omada\ODW\Omada ODW Run" /SERVER "localhost" /DECRYPT OmadaEncryptionKey /CHECKPOINTING OFF /REPORTING V /SET "\package.variables[ProfileID].Value";"7b7c852d-1896-40d5-b478-992ae014627c" /SET "\package.variables[ProfileType].Value";"config" >"C:\Program Files\Omada Identity Suite\Import Logs\dtlog.txt”

Example of a complete import:

DTExec /DTS "\MSDB\Omada\ODW\Omada ODW Run" /SERVER "localhost" /DECRYPT OmadaEncryptionKey /CHECKPOINTING OFF /REPORTING V /SET "\package.variables[ProfileID].Value";"9b424828-0b8a-4d2b-a4ba-30ca79b0cdcb" >"C:\Program Files\Omada Identity Suite\Import Logs\dtlog.txt”

The command above creates a log file with the filename dtlog.txt in a folder called Import Logs. The log files are overwritten unless you specify a unique name each time you run an import.

Specify /REPORTING V to show a complete status (Verbose) or /REPORTING E to only display errors. If you do not specify a file name, events are logged to the command prompt window.

A verbose log file supplies more information than the Sysssislog table, so the verbose log file may be useful for troubleshooting. If an import fails, you can find the cause of the error by doing a simple search in the log file. Search for errors in the log file using Error: or End Error. By using these two expressions, you exclude information or warning events that simply contain the word error, for example:

Error: 2013-08-21 12:00:14.54
  Code: 0x00000001
  Source: SCR Check License
  Description: License is invalid
End Error

If you run dtexec from anything other than a command line, you cannot see or capture this log output, but the database-based logging described in the next section is always available.

ODW SSIS Job status on-prem

The ODWDashboardStatusDetails widget shows rows (events) from the sysssislog, which is the table that SQL Server Integration Services uses for logging.

It shows data about the latest run of the three jobs Omada ODW Import, Omada ODW OIS Sync, and Omada ODW Export. You can filter the jobs from the dropdown in the Source column.

  • If a job has been completed successfully, two rows are shown: PackageStart and PackageEnd. With these two rows, you can identify when the job was run and for how long it was running.
  • If a job has resulted in errors, the OnError event and all PackageStart and PackageEnd events are shown. These events let you identify in which part of the process the error occurred. The error message is shown in the Message column.
  • If a job has not been completed within 12 hours, all PackageStart and PackageEnd events are shown. This allows you to identify what is currently happening.

In the default version of Operations Dashboard, the ODWDashboardStatusDetails widget is included, but you can also include it in any custom dashboard by including the following widget definition in a dashboard definition:

{
  name: 'ODWDashboardStatusDetails',
  height: 300,
  title: 'ODW SSIS job status',
  params: { getStatusDetails: 'Omada ODW Import,Omada ODW OIS Sync,Omada ODW Export' },
  isHiddenEvaluator: function() { return !appPageVars.isODWEnabled; }
}

Monitoring RAM, TEMP directory and tempdb size on-prem

The ODW import requires available temporary storage space, especially on the SSIS Server. You should set the Page File to a certain minimum level, depending on the size of the ODW imports. For large workloads, SSIS writes data to the TEMP directory of the account running the import. It may also write data to the tempdb system database.

For optimal performance, you must make sure of the following things:

  • The Page File on the SSIS Server is large or able to grow.
  • The TEMP directory of the account running the import is located on a drive with a large amount of free space.
  • The tempdb database has room for temporary growth.

To make sure that you have these items configured for optimal performance, it is important to monitor the items, and increase their size when required.

Recommendations on the location of temporary storage

Omada recommends that the temporary storage is not placed on the C: drive.

Dynamic data, including data in the temp folder, should not be located on the system drive but rather on a data drive because:

  • You cannot extend the system drive without taking the server down, but you can extend other drives.
  • If the system drive is full, the server stops running, but if another drive is full, the server itself can continue to run. Only the processes that use the drive that is full driven are affected.

Performance counters

You can add relevant Omada Identity Data Warehouse counters to the Windows Server Performance Monitor to view the performance of your system.

SSIS Server performance counters

Omada recommends that you add counters for the following items on the SSIS Server to monitor ODW imports.

GroupCounter
SQLServer: SSIS Service 11.0SSIS Package Instances
SQLServer: SSIS Pipeline 11.0* Buffer memory
* Buffers in use
Process (dtexec)* Virtual Bytes
* Virtual Bytes Peak
.NET CLR Memory (dtexec)* # total committed Bytes
* # total reserved Bytes
Paging file* % usage
* % usage peak
Processor (_Total)% Processor time

You can create a custom data collector set in the Performance Monitor to log this information. Schedule the collector set to run during import to allow yourself to view reports on the data collected.

SQL Server performance counters

Omada recommends that you add counters for the following items on the SSIS Server to monitor ODW imports.

GroupCounter
SQLServer:Memory Manager* Target Server Memory
* Total Server Memory
Pagine File* % Usage
* % Usage Peak
Processor (_Total)% Processor Time

You can create a custom data collector set in the Performance Monitor to log this information. You can schedule the collector to run during imports. This allows you to view reports about the data that has been collected.