SQL error on SCOM server
Getting the below error occuring on the SQL back-end server which SCOM uses. Any ideas ? it is logging every few seconds. I have checked dbo owner on the ops db and dw db.
Event Type: Error
Event Source: MSSQLSERVER
Event Category: (2)
Event ID: 28005
Date: 2/14/2012
Time: 11:27:29 AM
User: N/A
Computer: SCOMSRV01
Description:
An exception occurred while enqueueing a message in the target queue. Error: 15404, State: 19. Could not obtain information about Windows NT group/user 'domain1\scomaccount', error code 0x5.
thanks in advance.
February 14th, 2012 11:32am
See if this helps
http://social.msdn.microsoft.com/Forums/en-US/sqlreplication/thread/db71f793-3f28-4d38-a353-b58e5ed88a8b
KarlMy Blog: http://unlockpowershell.wordpress.com
My Book:
Windows PowerShell 2.0 Bible
My E-mail: -join ("6B61726C6D69747363686B65406D742E6E6574"-split"(?<=\G.{2})",19|%{[char][int]"0x$_"})
Free Windows Admin Tool Kit Click here and download it now
February 14th, 2012 11:58am
error code 0x5 is mostly access is denied, so please check check the account pemissions..
Check the SDK service account permissions to the databases. It should has the following rights on the OperationsManager database
db_owner, configsvc_users, db_datareader, dbdatawriter, db_ddladmin, sdk_users
Regards,
Mazen
February 14th, 2012 12:10pm
Check this KB
http://support.microsoft.com/default.aspx?scid=kb;EN-US;938994
Free Windows Admin Tool Kit Click here and download it now
February 14th, 2012 12:26pm
I tried change the SQL agent to use a domain account with rights and restarted services as per the tech note and this made no difference but the fact it mentioned around discovery does sound like it might have been on the right path.
Whilst checking the ops manager database security permissions I notice that the owner account is not available in the list of accounts which you can browse for, why might this be ? the account appears under the main SQL security users but not the ops
database users. Do you need to add the users in both places ?
February 14th, 2012 1:09pm
it should be in both location.. did you moved your database recently?!
Check the SDK service account permissions to the databases. It should has the following rights on the OperationsManager database
db_owner, configsvc_users, db_datareader, dbdatawriter, db_ddladmin, sdk_users
Regards,
Mazen
Free Windows Admin Tool Kit Click here and download it now
February 14th, 2012 1:12pm
Database has not been moved. I will confirm again the SDK service account rights.
February 15th, 2012 4:14am
Hi
You might want to change the database owner to either the SDK account or to sa.
Permissions required for each account on each database are listed here:
http://systemcentersolutions.wordpress.com/2009/08/11/opsmgr-database-security-requirements/
Cheers
GrahamNew SCOM 2012 Blog! - http://www.systemcentersolutions.com/blog/
View OpsMgr tips and tricks at
http://systemcentersolutions.wordpress.com/
Free Windows Admin Tool Kit Click here and download it now
February 15th, 2012 4:23am
Graham, when drilling down under ops mgr database in sql studio and then selecting security and users and then go into the properties of the SDK user it has the following for database role membership but I don't see Public listed as an available role for
it to belong. Is this normal under this view ?
Db_datareader
Db_datawriter
Db_ddladmin
Configsvc_user
Dwsynch_users
Sdk_Users
February 15th, 2012 5:06am
Hi
It depends how you are using SQL Management Studio.
If you start from the database, security, users and then right click the user and properties then you don't see the public role.
If you start at Security, Logins, then right click the user then you'll see Server roles (which includes public) and then User Mapping which includes the databases and permissions they have (which will include public).
Cheers
GrahamNew SCOM 2012 Blog! - http://www.systemcentersolutions.com/blog/
View OpsMgr tips and tricks at
http://systemcentersolutions.wordpress.com/
Free Windows Admin Tool Kit Click here and download it now
February 15th, 2012 5:11am
Enabled SA and configured for this account to be owner of ops db and dw db which has now stopped the error. The error 'An exception occurred while enqueueing a message in the target queue. Error: 15404, State: 19. Could not obtain information about
Windows NT group/user 'domain1\scomaccount', error code 0x5.' seems strange event to occur based on db ownership and the fact that it can query AD for this account.
Couple of final questions. Any ideas why ownership of the db account would generate this event ? and what impact does having SQL sa rather than a domain account as owner have ?
February 15th, 2012 5:33am
Hi
Just to clarify a couple of points as I think we've had some confusion.
1) You don't need to enable sa - just make it the owner of the database.
2) And by owner, I mean right click on the database and go to properties, then files and you'll see at the top of the window:
- Database Name
- Owner
I don't mean making sa db_owner of the database.
There is a discussion on the pro's and cons of database ownership on a number of SQL threads and forums:
http://weblogs.sqlteam.com/dang/archive/2008/01/13/Database-Owner-Troubles.aspx
http://www.sqlservercentral.com/Forums/Topic758243-146-1.aspx
You can look to change the owner back to a low privileged account but i would work with your DBAs on this. My suggestion to change it sa for this was to troubleshoot that it was indeed a permissions \ authentication issue.
Cheers
Graham
New SCOM 2012 Blog! - http://www.systemcentersolutions.com/blog/
View OpsMgr tips and tricks at
http://systemcentersolutions.wordpress.com/
Free Windows Admin Tool Kit Click here and download it now
February 15th, 2012 5:52am
As part of making sa owner I checked the configuration of this account and had assumed it might also need to be enabled but it appears not so have left in disabled state.
I'll maybe explore some of the other reasons why the domain accounts are generating these events when owner although looking at some of the guidelines around db owner having it as SQL sa is not necessarily a bad thing.
Thanks for your input.
February 15th, 2012 6:44am
Graham's answer solved my issue.
Also fixed discovery not working in SCOM 2007 R2 cu6.
Free Windows Admin Tool Kit Click here and download it now
June 13th, 2012 2:16am