Strange things happen all the time but sometimes nobody can explain them why they happen. A relatively new SCOM 2012 installation was functioning well until a certain moment. I would like to blog about this behavior it might help somebody to get the same or similar problem solved.
As I mentioned before this new and perfectly setup SCOM 2012 infrastructure started to log an event id 31557 saying that the management server action account does not have permission to access the Data Warehouse.
MVP Marcel Zehner (http://blog.scsmfaq.ch) provided me with this delicate case, thanks Marcel!
In the event log it looked like this:
1) The first check was to verify that all permissions for the management server action account are set correctly. A check of the SQL Server logs did not show any wrong login attempts at all either.
2) Next we will check the data writer account configured in the Data Warehouse. To find this information you could run the following query against the OperationsManagerDW database:
Select * from ManagementGroup
As we can see another account is configured for the data writer account, which is correct. If another account is being used as configured in the WriterLoginName in the query result above, the management server will block the transaction first before sending the request to the SQL Server database.
3) If we look more closely at the error in the event it says svc-scom-action account is used to access the Data Warehouse which is the management server action account.
Therefore, we are going to check the management server and its Run As accounts.
4) Go to Administration/Run As Configuration/Accounts and click each of the two accounts Data Warehouse Action Account and Data Warehouse Report Deployment Account.
By checking these accounts Data Warehouse Action Account and Data Warehouse Report Deployment Account both seem configured properly, as you can see here…
5) Next we are going to check the Run As profiles. Go to Administration/Run As Configuration/Profiles and again we are looking at the Data Warehouse Account and Data Warehouse Report Deployment Account profiles.
By checking these two profiles we found the problem.
Data Warehouse Account profile list was empty…
…and also the Data Warehouse Report Deployment Account profile list was empty…
This means no Run As account was associated anymore with each of its corresponding Run As profile. Therefore, the default action account had been used and this was in my case svc-scom-action.
Lessons learned – never ever assume anything. Check always your settings twice!
27 Replies to “SCOM 2012 – Event ID 31557 Health Service Modules”
I ran into this exact issue recently. I have no idea how the DW profiles became somehow disassociated from their accounts but they did. Thanks for the useful post!
Cool, great to hear that I could help!
This happen when I imported SCOM 2007 MPs into 2012.
Thank You for the info!
Great find, found this problem in my 2012 R2 install and couldn’t figure it out. Thanks!
hi… i need your help
I have a Troubleshoot with “Data Werehouse SQL Authentication Account”
what classes should I configure??
SCOM in a standard configuration, does not have any special account / classes configured for the Data Warehouse SQL Server Authentication Account profile.
You saved my day:) Thank you!-Ala
Thanks for this great post. How do I all the Classes added to the Run As? e.g Data Set It is not given me the option to add more than 1. Please help!
I get it now. Thanks
Good article help me a lot!! Tks
Rodrigo Moro- Brasil
I am also experiencing the above problem, but how to resolve it.. can you please provide me the steps to resolve it as I am new in SCOM 2012.
The way descriped is for SCOM 2012.
I understand the post, In my case also I have the same scenario above and how to correct this ?
Good post! Any idea how they could have become disassociated?
I haven’t investigated this issue any deeper, but I heared from different SCOM admins that they also faced this issue.
Thanks for sharing the excellent tips…
But i am facing same issue in my environment after changing the passwords for action account and dw reader account.I verified all the settings which you mentioned in the blog but however i am getting login failure intermittently once connected to data-warehouse.
we also encountered this issue but is there any reason why the accounts/profiles suddenly disappears?
I have no clue, why this happened.
Nice article. Thanks a lot.
Thanks a lot for the article this was almost the same issue in my Lab equipment. Then i saw the query shows a different account than the one in the event log.
I changed it to the correct one but still does not reflect in the DB. So manually edited the table and updated the correct account and the events stopped appearing.
Could not have done without this article.
Great that it helped :D!
In my case the query returns empty table i.e. no account is specified in the table. How can this be fixed without reinstalling SCOM?
Afternoon, If you still monitor this, I could use some really use some advice/assistance. Someone went in and changed these Accounts at some point and now even after doing simple changes according to your post, things still do not work.
Data Warehouse Action account was changed to a “read instead of write account”
Data Warehouse Report Deployment Account- changed to use the default scom data access account. I want to change this back to be as the other environments I run, which would be:
Data Warehouse Action Account= svc-scomsqlw
Data Warehouse Report Deployment Acct.= svc-scomsqlr
I cannot find documentation that would provide details necessary for putting these accounts back the way they should be everywhere I need to touch?
Any ideas, pointers, articles would be extremely helpful.
Thanks in advance,
Kevin has an Excel for SCOM 2012 SP1 which shows the account permissions in detail https://blogs.technet.microsoft.com/manageabilityguys/2013/05/02/scom-2012-sp1-security-accounts-matrix/ .This will help you to set the proper permissions.
Morning and thank you for the response. Yes, I have a copy of that and it has turned out to be very useful. My concern is that even though I can follow that and your article, do I need ot make changes elsewhere, like the reporting server settings or IIS, I just do not know.