During a recent install of SCOM the health state of 4 management servers turned suddenly to critical and the 2 others stayed healthy. The setup consists of totally 6 management servers split up into 3 Resource Pools (Windows, Unix/Linux, Network/SNMP) and several gateway servers. It was somewhat suspicious, because for a long time the management group stayed healthy and didn’t have any issues. The alert I received looked like this…
The interesting part is here…
….
Management Group:
Run As Profile: Microsoft.SystemCenter.Omonline.OutsideIn.RunAsProfile.Configuration
Account SSID: 007EFD0C5AC560C1B24DF51301135E7F0C415DC48B0000000000000000
0000000000000000000000
….
This alert tells us, that there must be a Run As Profile which contains a Run As Account that is not distributed to all Health Services, in this case the 4 unhealthy management servers. We get here a pretty go hint as we see the SSID of the account, but not how can find out which Run As account is hiding behind this long number?
While checking the SCOM cmdlets online to get this hacked, I basically I ran into the solution on the TechNet forum pages here (all credits to the authors!).
Get-SCOMRunAsAccount | Sort Name | % {$string = $null;$_.SecureStorageId | % { $string = $string + “{0:X2}” -f $_} $_.Name;” $string” }
These few lines of PowerShell will show you the SSID of Run As Account you need to modify…
I checked the Global Service Monitor Run As Account Configuration…
…and added the missing Resource Pools to the Distribution tab…
After that the management servers turned all healthy automatically.
Interesting but PS return the following error:
+ CategoryInfo : InvalidArgument: (:) [ForEach-Object], ParameterBindingException
CannotConvertArgumentNoMessage,Microsoft.PowerShell.Commands.ForEachObjectCommand
Hi
Did you copy paste the command? If so, please check the double quotes ‘”‘ and replace them. If you copy / paste code from the site there might be “bad” characters.
Cheers,
Stefan
Thank you very much but the issue was that the code must be insert in PS1 file.
Best regards
S.
Well, a ps1 file is not a must, but if it worked in your case, I am happy to hear that :).
This is for SCOM 2012 … as the command looks different in SCOM 2007… Get-RunAsAccount…