hullo,

We run 2 Direct Access 2012 server boxes, in a muticast NLB cluster to give failover.  The DA servers have a single NIC and work just fine.

I've recently installed Ops Manager, and imported packs and deployed the agent onto the DA servers.

I am not running a 'local system' but on a domain user (service account) which has full admin rights to these servers.

I've left it overnight to digest, I can see in health explorer it has deployed/detected the need for the Remote Access Seed only, but there is no green tick (so nothing is being monitored).  No Remote access services at all have been detected on the fully functional DA boxes.  I am still learning ops Manager (as fast as I can!); I've been looking for a server 2012 NLB pack, but I cannot find one thinking this may be the issue, but I am not confvinced as the powershell commands the monitor needs to run, and the GPO it needs to access are all accessible using the agent runas account I have specified.

As I am such a ops manger newb, can someone give me advice on how to diagnose, and possible force the DA monitor to run on these servers even if it is having issues 'discovering' the Direct Access 2012 installed service?

Any and all advice gratefully received.

After much faffing about; it looks like you need to run the best practice analizer one time before it can start monitoring the services; is this true of all Windows Server 2012 machines, and if so is there a way to automate the BPA to run on a schedule as part of ops manager?

Hi!

I have the samme issue and running the BPA doesnt solve it.

Are there some other thing you have to do to make it work?

Hi Leon,

we are having the same issues as well. Running the BPA does not seem to work. I've added the Microsoft Windows Server RemoteAccess 2012 MP and made sure the action account has enough rights on our 2012 DirectAccess servers. Yet they still do not show up in the view:

Any other thoughts ?

Problem solved.

Had to change the Run as Account for the DirectAccess server to a domain account that where both
local admin on the DirectAccess server and had permissions to read the GPO.

Can be found under Administration -> Run As Configuration -> Profiles -> Default Action Account, choose

properties and change account for the server.

Hi Onners,

I've changed the account from local to a service account which has local admin rights. Just to be sure, the System Center Management Service still runs on "Local System" right ?

I'm still having troubles discovering the roles;

RemoteAccessServerDiscovery] Starting Discovery at (DA1.WHATEVER.LOCAL)
[RemoteAccessServerDiscovery] identity is WHATEVER\SA-SCOM2012-AA
[RemoteAccessServerDiscovery] Error occured while running Discovery at (DA1.WHATEVER.LOCAL)
[RemoteAccessServerDiscovery] Error Data: You do not have permissions to access GPO WHATEVER.local\{60774023-79BB-4D27-B3E6-94B6B4E635FF}.
[RemoteAccessServerDiscovery] Discovery Complete

I dont dare to answer if the System Center Management Service  still runs as "Local System".

However, does the account you changed to have permission to read to GPO?

I'm also having an issue with this the 2012 Remote Access MP.  The DA servers by default have access to the GPO to function.  My Action Account has Read access to the GPO as well.  I've run the BPA twice on both servers i'm testing with.  After three days my SCOM 2012 SP1 server doesn't recognize the servers as having Remote Access services.  Please advise.

I just got my environment working by manually going to each Direct Access Server and running the agent control panel @ C:\Program Files\System Center Operations Manager\Agent and manually setting the action account.  Going thru the server didn't help.  Maybe this will work for others.

Hi Fast-Eddie,

is your System Center Management Service now running as your action account or still as "Local System" ?

I've tried your solution but that didn't seem to work.

Is it a Domain Account you changed it to?

A local account on the DA server wont work.

Yes, i've added a service account which is in our domain.

Hey guys,

You need to configure the direct access logging on the Remote Access console for SCOM to pickup the DA installation.

(many late nights spent trying to solve

Hi Leon

What you mean exactly

I cant find your Settings.

You mean the Scom Server or the DA Server.

Please give us a little more Infos!

The service is still running as Local System, however in the control panel, the action account is listed as a domain account.  

I opened a case and the documentation is wrong for the MP.  You need full access to the Direct Access GPO for the Run As Account.  Read Access will not work.

Many thanks this solved my problem.