Getting the below error occuring on the SQL back-end server which SCOM uses. Any ideas ? it is logging every few seconds. I have checked dbo owner on the ops db and dw db. Event Type: Error Event Source: MSSQLSERVER Event Category: (2) Event ID: 28005 Date: 2/14/2012 Time: 11:27:29 AM User: N/A Computer: SCOMSRV01 Description: An exception occurred while enqueueing a message in the target queue. Error: 15404, State: 19. Could not obtain information about Windows NT group/user 'domain1\scomaccount', error code 0x5. thanks in advance.

See if this helps http://social.msdn.microsoft.com/Forums/en-US/sqlreplication/thread/db71f793-3f28-4d38-a353-b58e5ed88a8b KarlMy Blog: http://unlockpowershell.wordpress.com My Book: Windows PowerShell 2.0 Bible My E-mail: -join ("6B61726C6D69747363686B65406D742E6E6574"-split"(?<=\G.{2})",19|%{[char][int]"0x$_"})

error code 0x5 is mostly access is denied, so please check check the account pemissions.. Check the SDK service account permissions to the databases. It should has the following rights on the OperationsManager database db_owner, configsvc_users, db_datareader, dbdatawriter, db_ddladmin, sdk_users Regards, Mazen

Check this KB http://support.microsoft.com/default.aspx?scid=kb;EN-US;938994

I tried change the SQL agent to use a domain account with rights and restarted services as per the tech note and this made no difference but the fact it mentioned around discovery does sound like it might have been on the right path. Whilst checking the ops manager database security permissions I notice that the owner account is not available in the list of accounts which you can browse for, why might this be ? the account appears under the main SQL security users but not the ops database users. Do you need to add the users in both places ?

it should be in both location.. did you moved your database recently?! Check the SDK service account permissions to the databases. It should has the following rights on the OperationsManager database db_owner, configsvc_users, db_datareader, dbdatawriter, db_ddladmin, sdk_users Regards, Mazen

Database has not been moved. I will confirm again the SDK service account rights.

Hi You might want to change the database owner to either the SDK account or to sa. Permissions required for each account on each database are listed here: http://systemcentersolutions.wordpress.com/2009/08/11/opsmgr-database-security-requirements/ Cheers GrahamNew SCOM 2012 Blog! - http://www.systemcentersolutions.com/blog/ View OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/

Graham, when drilling down under ops mgr database in sql studio and then selecting security and users and then go into the properties of the SDK user it has the following for database role membership but I don't see Public listed as an available role for it to belong. Is this normal under this view ? Db_datareader Db_datawriter Db_ddladmin Configsvc_user Dwsynch_users Sdk_Users

Hi It depends how you are using SQL Management Studio. If you start from the database, security, users and then right click the user and properties then you don't see the public role. If you start at Security, Logins, then right click the user then you'll see Server roles (which includes public) and then User Mapping which includes the databases and permissions they have (which will include public). Cheers GrahamNew SCOM 2012 Blog! - http://www.systemcentersolutions.com/blog/ View OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/

Enabled SA and configured for this account to be owner of ops db and dw db which has now stopped the error. The error 'An exception occurred while enqueueing a message in the target queue. Error: 15404, State: 19. Could not obtain information about Windows NT group/user 'domain1\scomaccount', error code 0x5.' seems strange event to occur based on db ownership and the fact that it can query AD for this account. Couple of final questions. Any ideas why ownership of the db account would generate this event ? and what impact does having SQL sa rather than a domain account as owner have ?

Hi Just to clarify a couple of points as I think we've had some confusion. 1) You don't need to enable sa - just make it the owner of the database. 2) And by owner, I mean right click on the database and go to properties, then files and you'll see at the top of the window: - Database Name - Owner I don't mean making sa db_owner of the database. There is a discussion on the pro's and cons of database ownership on a number of SQL threads and forums: http://weblogs.sqlteam.com/dang/archive/2008/01/13/Database-Owner-Troubles.aspx http://www.sqlservercentral.com/Forums/Topic758243-146-1.aspx You can look to change the owner back to a low privileged account but i would work with your DBAs on this. My suggestion to change it sa for this was to troubleshoot that it was indeed a permissions \ authentication issue. Cheers Graham New SCOM 2012 Blog! - http://www.systemcentersolutions.com/blog/ View OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/

As part of making sa owner I checked the configuration of this account and had assumed it might also need to be enabled but it appears not so have left in disabled state. I'll maybe explore some of the other reasons why the domain accounts are generating these events when owner although looking at some of the guidelines around db owner having it as SQL sa is not necessarily a bad thing. Thanks for your input.

Graham's answer solved my issue. Also fixed discovery not working in SCOM 2007 R2 cu6.