SCOM 2012 Agent Discovery – The user does not have sufficient permission to perform the operation

In SCOM 2007 R2 during the installation process you were ask to enter a SCOM administrator group. This group was automatically added in the SCOM console to Administration/User Roles/Profile: Administrator/Operations Manager Administrators. In SCOM 2012 per default the server local BUILTIN\Administrators group will be added.

image

So far so good. If you decide to remove this group and replace it through a Active Directory domain local/global group make sure you add the SCOM accounts from your server local BUILTIN\Administrators group to your new domain group. In most cases this will be the Management Server Action Account and the SDK Config Account. If you forget the SDK Config account you will hit an error if you try to discover new servers using the Discovery Wizard. It will look like this…

Run Discovery Wizard…

Discovery1

Enter your credentials…

Discovery2

After you hit discover you will receive this error…

DiscoveryError

Microsoft.EnterpriseManagement.Common.
UnauthorizedAccessEnterpriseManagementException:
The user [SDK-Account] does not have sufficient permission to perform the operation.
   at Microsoft.EnterpriseManagement.Common.Internal.ServiceProxy.HandleFault(String methodName, Message message)

Solution: Add your SDK Config service account to the Operations Manager Administrators group in SCOM.

3 Comments

  1. Pingback: How To Change The Action Account In Scom 2007 | Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s