System Center Operations Manager 2016 Step by Step– Part 12 – Installing agents on DC servers

In process of migration or installation of SCOM agents you will come across DC servers eventually. There is one catch there. You installed agent and for some reason it is grayed out, and it is not working. You use SYSTEM account for SCOM agent. Additionally you will get errors in SCOM shown on  picture, and some errors on client itself

 

image

Log Name:      Operations Manager
Source:        HealthService
Date:          29.3.2017. 9:33:19
Event ID:      7017
Task Category: Health Service
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      grdc2.contoso.com

Description:
The health service blocked access to the windows credential NT AUTHORITY\SYSTEM because it is not authorized on management group scom-hteronet.  You can run the HSLockdown tool to change which credentials are authorized.

Log Name:      Operations Manager
Source:        HealthService
Date:          29.3.2017. 9:48:49
Event ID:      1102
Task Category: Health Service
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      grdc2.contoso.com
Description:
Rule/Monitor “Microsoft.SystemCenter.ManagementServicePool.AvailabilityMonitor” running for instance “grdc2.contoso.com” with id:”{20408967-8F5C-F9C4-836A-6BCE494F61DD}” cannot be initialized and will not be loaded. Management group “scom-hteronet”

So what is the problem? Go directly on DC server and open command prompt like admin.  Navigate to C:\Program Files\Microsoft Monitoring Agent\Agent. Run command hslockdown /L. You will  see that NT AUTHORITY\System account is denied for usage on SCOM agent.

image

To solve this problem you will remove SYSTEM account from denied with next command

HSLockdown.exe <YouManagementGroupName> /R “NT AUTHORITY\SYSTEM”

image

Restart agent and it should start working!

image