SCOM 2007 AD Mgt Pack Question
Good morning everyone! I was following up on an error I recieved after putting my domain controllers into SCOM 2007. The error seems to be pretty common: AD Replication Monitoring : encountered a permissions error. The script failed to update this DCs monitoring object in the naming context 'DC=ForestDnsZones,DC=think,DC=local' because access was denied. Alter the permissions for this naming context so that the script can add this container, or change the parameters for this script to stop monitoring this naming context. The error returned was: 'Access is denied. ' (0x80070005) So everyone says to fix this you have to add the ACTION ACCOUNT to the SECURITY of the OPSMGRLATENCYMONITORS object using ADSIEDIT. I opted to add my action account to the DOMAIN ADMINS group since it already had full permissions to that object. My question is this; How do I get SCOM to retry? I tried restarting the SYSTEM CENTER MANAGEMENT service yesterday AND I left it overnight to see if it would retry, but I don't think it did. The error is still there as well. The OPSMGRLATENCYMONITORS object has objects representing my DCs under it but they are empty!! Thanks in advance for any help in this matter. Kevin
January 21st, 2011 9:43am

If there are any doubts, just restart the health service. It will retry :) Microsoft Corporation
Free Windows Admin Tool Kit Click here and download it now
January 21st, 2011 11:25am

Well, I have tried that twice now and the alert is still there. I have added the SCOM ACTION ACCOUNT to the DOMAIN ADMINS group which does indeed have FULL security on the OPSMGRLATENCYMONITORS object. The funny thing is that created folders under that object before I added that account to the DOMAIN ADMINS group. Is it trying to create another object??? Me personally I don't think it retried when restarting the HEALTH SERVICE. Shouldn't there be some history that it retried and failed again?? I looked at the HISTORY TAB on the alert and it is showing only the original alert. Thanks for the reply Dan! Anyone else ?? Kevin
January 21st, 2011 12:18pm

Well I went to the OPSMGR event log on the DC that was reporting the error and on that day I saw where it was trying to create it and it was saying access denied but then a few minutes later it was having errors saying that the object already exists. I also saw no new errors in the log since I restarted the HEALTH SERVICE on the RMS. So does that mean that the error condition is cleared? Can I close the alert? As I stated in the OP....the object did exist and had 2 folders (DC names) under that object. Kevin
Free Windows Admin Tool Kit Click here and download it now
January 21st, 2011 12:45pm

Hi Kevin, Please try the method in the following post to check permissions: Active Directory Management Pack - Replication Monitoring Account Permissions http://blogs.technet.com/b/mgoedtel/archive/2007/11/22/active-directory-management-pack-replication-monitoring-account-permissions.aspx Meanwhile, please double check the configurations of AD MP referring to the following post: Active Directory Management Pack Checklist http://blogs.technet.com/b/momteam/archive/2007/07/19/active-directory-management-pack-checklist.aspx Hope this helps. Regards, Leon Leon Liu - Technical Lead
January 25th, 2011 2:42am

Hi Kevin If this is a rule (which I think it is but don't have a system to hand to check), then keep an eye on the repeat count. If that isn't going up then you can close the alert. You don't see the repeat count field by default so you need to right click at the top of the alert view and choose personalise view. Repeat count is right towards the bottom. Do you now see the Domain Controllers listed under the OpsMgrLatencyMonitors object? Cheers GrahamView OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/
Free Windows Admin Tool Kit Click here and download it now
January 25th, 2011 2:58am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics