Quick Post – SCOM An account specified in the Run As profile Microsoft.SystemCenter.Omonline.OutsideIn.RunAsProfile…

During a recent install of SCOM the health state of 4 management servers turned suddenly to critical and the 2 others stayed healthy. The setup consists of totally 6 management servers split up into 3 Resource Pools (Windows, Unix/Linux, Network/SNMP) and several gateway servers. It was somewhat suspicious, because for a long time the management group stayed healthy and didn’t have any issues. The alert I received looked like this…

image

The interesting part is here…

….

Management Group:
Run As Profile: Microsoft.SystemCenter.Omonline.OutsideIn.RunAsProfile.Configuration
Account SSID: 007EFD0C5AC560C1B24DF51301135E7F0C415DC48B0000000000000000
0000000000000000000000

….

This alert tells us, that there must be a Run As Profile which contains a Run As Account that is not distributed to all Health Services, in this case the 4 unhealthy management servers. We get here a pretty go hint as we see the SSID of the account, but not how can find out which Run As account is hiding behind this long number?

While checking the SCOM cmdlets online to get this hacked, I basically I ran into the solution on the TechNet forum pages here (all credits to the authors!).

Get-SCOMRunAsAccount | Sort Name | % {$string = $null;$_.SecureStorageId | % {  $string = $string + “{0:X2}” -f $_} $_.Name;”  $string” }

These few lines of PowerShell will show you the SSID of Run As Account you need to modify…

image

I checked the Global Service Monitor Run As Account Configuration…

image

…and added the missing Resource Pools to the Distribution tab…

22

After that the management servers turned all healthy automatically.

6 Comments

  1. Interesting but PS return the following error:

    + CategoryInfo : InvalidArgument: (:) [ForEach-Object], ParameterBindingException
    CannotConvertArgumentNoMessage,Microsoft.PowerShell.Commands.ForEachObjectCommand

  2. Pingback: Find SCOM Account by SecureID | Words of Dre

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s