Configuration Troubleshooting

SCOM 2012 – Event ID 31557 Health Service Modules

Strange things happen all the time but sometimes nobody can explain them why they happen. A relatively new SCOM 2012 installation was functioning well until a certain moment. I would like to blog about this behavior it might help somebody to get the same or similar problem solved.

As I mentioned before this new and perfectly setup SCOM 2012 infrastructure started to log an event id 31557 saying that the management server action account does not have permission to access the Data Warehouse.

MVP Marcel Zehner (http://blog.scsmfaq.ch) provided me with this delicate case, thanks Marcel!

In the event log it looked like this:

image

1) The first check was to verify that all permissions for the management server action account are set correctly. A check of the SQL Server logs did not show any wrong login attempts at all either.

2) Next we will check the data writer account configured in the Data Warehouse. To find this information you could run the following query against the OperationsManagerDW database:

Use OperationsManagerDW
GO
Select * from ManagementGroup

image

As we can see another account is configured for the data writer account, which is correct. If another account is being used as configured in the WriterLoginName in the query result above, the management server will block the transaction first before sending the request to the SQL Server database.

3) If we look more closely at the error in the event it says svc-scom-action account is used to access the Data Warehouse which is the management server action account.

image

Therefore, we are going to check the management server and its Run As accounts.

4) Go to Administration/Run As Configuration/Accounts and click each of the two accounts Data Warehouse Action Account and Data Warehouse Report Deployment Account.

image

By checking these accounts Data Warehouse Action Account and Data Warehouse Report Deployment Account both seem configured properly, as you can see here…

DWAction1 DWAction2
DWReport1 DWReport2

5) Next we are going to check the Run As profiles. Go to Administration/Run As Configuration/Profiles and again we are looking at the Data Warehouse Account and Data Warehouse Report Deployment Account profiles.

image

By checking these two profiles we found the problem.

Data Warehouse Account profile list was empty…

DWActionProfile

…and also the Data Warehouse Report Deployment Account profile list was empty…

DWReportDepAccount

This means no Run As account was associated anymore with each of its corresponding Run As profile. Therefore, the default action account had been used and this was in my case svc-scom-action.

Lessons learned – never ever assume anything. Check always your settings twice!

27 Replies to “SCOM 2012 – Event ID 31557 Health Service Modules

  1. I ran into this exact issue recently. I have no idea how the DW profiles became somehow disassociated from their accounts but they did. Thanks for the useful post!

  2. hi… i need your help

    I have a Troubleshoot with “Data Werehouse SQL Authentication Account”
    what classes should I configure??

    thanks

    1. Hi

      SCOM in a standard configuration, does not have any special account / classes configured for the Data Warehouse SQL Server Authentication Account profile.

      Cheers,

      Stefan

  3. Thanks for this great post. How do I all the Classes added to the Run As? e.g Data Set It is not given me the option to add more than 1. Please help!

  4. I am also experiencing the above problem, but how to resolve it.. can you please provide me the steps to resolve it as I am new in SCOM 2012.

  5. Hi Stefan,

    Thanks for sharing the excellent tips…

    But i am facing same issue in my environment after changing the passwords for action account and dw reader account.I verified all the settings which you mentioned in the blog but however i am getting login failure intermittently once connected to data-warehouse.

  6. we also encountered this issue but is there any reason why the accounts/profiles suddenly disappears?

    1. Stefan,

      Thanks a lot for the article this was almost the same issue in my Lab equipment. Then i saw the query shows a different account than the one in the event log.

      I changed it to the correct one but still does not reflect in the DB. So manually edited the table and updated the correct account and the events stopped appearing.

      Could not have done without this article.

  7. In my case the query returns empty table i.e. no account is specified in the table. How can this be fixed without reinstalling SCOM?

  8. Afternoon, If you still monitor this, I could use some really use some advice/assistance. Someone went in and changed these Accounts at some point and now even after doing simple changes according to your post, things still do not work.
    Data Warehouse Action account was changed to a “read instead of write account”
    Data Warehouse Report Deployment Account- changed to use the default scom data access account. I want to change this back to be as the other environments I run, which would be:
    Data Warehouse Action Account= svc-scomsqlw
    Data Warehouse Report Deployment Acct.= svc-scomsqlr
    I cannot find documentation that would provide details necessary for putting these accounts back the way they should be everywhere I need to touch?
    Any ideas, pointers, articles would be extremely helpful.
    Thanks in advance,
    Tony

      1. Morning and thank you for the response. Yes, I have a copy of that and it has turned out to be very useful. My concern is that even though I can follow that and your article, do I need ot make changes elsewhere, like the reporting server settings or IIS, I just do not know.
        Thanks again,
        Tony

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.