In SCOM 2007 R2 during the installation process you were ask to enter a SCOM administrator group. This group was automatically added in the SCOM console to Administration/User Roles/Profile: Administrator/Operations Manager Administrators. In SCOM 2012 per default the server local BUILTIN\Administrators group will be added.
So far so good. If you decide to remove this group and replace it through a Active Directory domain local/global group make sure you add the SCOM accounts from your server local BUILTIN\Administrators group to your new domain group. In most cases this will be the Management Server Action Account and the SDK Config Account. If you forget the SDK Config account you will hit an error if you try to discover new servers using the Discovery Wizard. It will look like this…
Run Discovery Wizard…
Enter your credentials…
After you hit discover you will receive this error…
The user [SDK-Account] does not have sufficient permission to perform the operation.
at Microsoft.EnterpriseManagement.Common.Internal.ServiceProxy.HandleFault(String methodName, Message message)
Solution: Add your SDK Config service account to the Operations Manager Administrators group in SCOM.
3 Replies to “SCOM 2012 Agent Discovery – The user does not have sufficient permission to perform the operation”
Great post. I am dealing with a few of these issues as well.
Great that it helped you!