Troubleshooting

SCOM 2012 Agent Discovery – The user does not have sufficient permission to perform the operation

In SCOM 2007 R2 during the installation process you were ask to enter a SCOM administrator group. This group was automatically added in the SCOM console to Administration/User Roles/Profile: Administrator/Operations Manager Administrators. In SCOM 2012 per default the server local BUILTIN\Administrators group will be added.

image

So far so good. If you decide to remove this group and replace it through a Active Directory domain local/global group make sure you add the SCOM accounts from your server local BUILTIN\Administrators group to your new domain group. In most cases this will be the Management Server Action Account and the SDK Config Account. If you forget the SDK Config account you will hit an error if you try to discover new servers using the Discovery Wizard. It will look like this…

Run Discovery Wizard…

Discovery1

Enter your credentials…

Discovery2

After you hit discover you will receive this error…

DiscoveryError

Microsoft.EnterpriseManagement.Common.
UnauthorizedAccessEnterpriseManagementException:
The user [SDK-Account] does not have sufficient permission to perform the operation.
   at Microsoft.EnterpriseManagement.Common.Internal.ServiceProxy.HandleFault(String methodName, Message message)

Solution: Add your SDK Config service account to the Operations Manager Administrators group in SCOM.

3 Replies to “SCOM 2012 Agent Discovery – The user does not have sufficient permission to perform the operation

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.