Loading
TAG | management server
Jun/10
2
Secondary Management Server install fails if Reporting is already installed when DW action account and RMS action account are the same
No comments · Posted by Christopher Keyaert in OpsMgr / Scom
Issue:
If you try to install a secondary Management Server (MS) in a scenario with Root Management Server(RMS) and Reporting installed with Data Warehouse(DW) action account and Root Management Server action account (default action account) is the same, the secondary Management Server setup rolls back with an error (value 3) in the setup log:
Error from log file:
**********************
AddRunAsProfilesCA: Error: Index was out of range. Must be non-negative and less than the size of the collection.
Parameter name: index,
Stack: at System.ThrowHelper.ThrowArgumentOutOfRangeException(ExceptionArgument argument, ExceptionResource resource)
at System.ThrowHelper.ThrowArgumentOutOfRangeException()
at System.Collections.Generic.List`1.get_Item(Int32 index)
at Microsoft.MOMv3.Setup.MOMv3ManagedCAs.AddRunAsProfile(String profleGuid,
MonitoringObject hostedHealthService, ManagementGroup managementGroup, String currentActionUserDomain, String currentActionUserName)
at Microsoft.MOMv3.Setup.MOMv3ManagedCAs.AddRunAsProfiles(Session session)
Cause:
In OpsMgr Service Pack 1 setup if DW Action account is same as RMS action account we do not configure DW RunAs profile. So, when you attempt to install second MS we try to configure its DW RunAs profile with DW Action account by looking at RMS DW RunAs profile which is empty. (This happens when default action account is same as DW action account and installation scenario is: RMS and Reporting is installed and then second MS is attempted to install).
Workaround:
Create a ‘Windows’ Run As Account with same domain user as that of RMS Action Account.
Associate this account to ‘Data Warehouse Account’ RunAs profile
Associate this account to ‘DW Configuration and Synchronization Reader Account’ profile (in SP1 this is called as ‘Reserved’, there would be three Reserved profiles in SP1, this one is third in the list). Re-run Management Server setup.
Note that this workaround is only applicable to SP1 release, if you’ve SCOM R2, you have to contact Microsoft Support.
A KB already exists for that issue : http://support.microsoft.com/kb/957566/en-us
Edit : The script provided by Microsoft (No Warranty, please do a backup before apply it)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 | ###################################################### # This script is provided "AS IS" with no warranties, # and confers no rights. Use of included script # samples are subject to the terms specified at # http://www.microsoft.com/info/cpyright.htm # # Nathan Davenport Dec2009 ##################################################### ############### PROCESS CMD LINE ARGS ############### # Usage: # PS> CreateHealthServiceReferences.ps1 "dw action account" # ##################################################### $usage = "PS> CreateHealthServiceReferences.ps1 <dw action account>" $accountname = "" if([String]::IsNullOrEmpty($args[0])) { write-output "" write-output "Error: DW Action Account Not Specified." write-output "Usage: $($usage)" write-output "" exit } else { $accountname = $args[0] } #################### LOAD DLLS ##################### $SCOMRootDir = $env:ProgramFiles + "\System Center Operations Manager 2007" [System.Reflection.Assembly]::LoadFile("$SCOMRootDir\SDK Binaries\Microsoft.EnterpriseManagement.OperationsManager.dll") ############### DW RUNAS PROFILES GUIDS ############## # GUIDS SIGNED # DW Action Account # 5D09EF12-F56A-002E-3A80-A6602F86DD21 # DW Configuration and Synchronization Reader Account # 7E81C844-04F6-94D1-D6A2-4EA0B726F175 # DW Reporting Deployment Action Account # DB7B5DC1-3016-7043-9F63-48A3E89B2764 # # GUIDS DEBUG # DW Action Account # B032E10C-614B-7723-C785-EA51C2456524 # DW Configuration and Synchronization Reader Account # 696F1382-F1F9-B7AC-87F4-B7604EE38C9F # DW Reporting Deployment Action Account # F483770B-F112-44C6-EF30-0B012B623ECF ##################################################### ############# GET THE MANAGEMENT GROUP ############# $mg = new-object Microsoft.EnterpriseManagement.ManagementGroup("localhost") ################ GET RUNAS PROFILES ################ # DW Action Account RunAs Profile GUID $DWActionAccountProfile = "5D09EF12-F56A-002E-3A80-A6602F86DD21" # DW Configuration and Synchronization Reader Account $DWReaderAccountProfile = "7E81C844-04F6-94D1-D6A2-4EA0B726F175" # DW Reporting Deployment Action Account $DWRepDeployProfile = "DB7B5DC1-3016-7043-9F63-48A3E89B2764" # Get RunAs Profile write-output "Getting DW RunAs Profiles..." $profile1 = $mg.GetMonitoringSecureReference($DWActionAccountProfile) write-output $profile1.Name $profile2 = $mg.GetMonitoringSecureReference($DWReaderAccountProfile) write-output $profile2.Name $profile3 = $mg.GetMonitoringSecureReference($DWRepDeployProfile) write-output $profile3.Name write-output "" ################ GET RUNAS ACCOUNTS ################ $accounts = $mg.GetMonitoringSecureData() $account = "" write-output "Getting the specified DW RunAs Account..." foreach($acct in $accounts) { if($acct.Name.ToLowerInvariant().Equals($accountname.ToLowerInvariant())) { $account = $acct } } if([String]::IsNullOrEmpty($account)) { write-output "" write-output "Error: RunAs Account '$($accountname)' not found" exit } else { write-output $account.Name write-output "" } ############# GET RMS HEALTHSERVICE ID ############# write-output "Getting RMS and Hosted Health Service..." $admin = $mg.GetAdministration() $hostname = $env:computername + "." + $env:userdnsdomain $criteria = new-object Microsoft.EnterpriseManagement.Administration.ManagementServerCriteria("Name = '" + $hostname + "'") $ms = $admin.GetManagementServers($criteria) $healthservice = $ms[0].HostedHealthService write-output "RMS is hosting health service '$($healthservice.Id)'" write-output "" ##### CREATE SECUREDATAHEALTHSERVICEREFERENCES ##### # Create a new SecureDataHealthServiceReference write-output "Creating MonitoringSecureDataHealthServiceReferences..." $newref1 = new-object Microsoft.EnterpriseManagement.Monitoring.Security.MonitoringSecureDataHealthServiceReference($account.Id, $profile1.Id, $healthservice.Id) write-output "MonitoringSecureDataHealthServiceReference created for RunAs Profile '$($profile1.Name)'" write-output "Link between Health Service '$($healthservice.Id)' and RunAs Account '$($account.Name)' created." write-output "" $newref2 = new-object Microsoft.EnterpriseManagement.Monitoring.Security.MonitoringSecureDataHealthServiceReference($account.Id, $profile2.Id, $healthservice.Id) write-output "MonitoringSecureDataHealthServiceReference created for RunAs Profile '$($profile2.Name)'" write-output "Link between Health Service '$($healthservice.Id)' and RunAs Account '$($account.Name)' created." write-output "" $newref3 = new-object Microsoft.EnterpriseManagement.Monitoring.Security.MonitoringSecureDataHealthServiceReference($account.Id, $profile3.Id, $healthservice.Id) write-output "MonitoringSecureDataHealthServiceReference created for RunAs Profile '$($profile3.Name)'" write-output "Link between Health Service '$($healthservice.Id)' and RunAs Account '$($account.Name)' created." write-output "" ### INSERT NEW SECUREDATAHEALTHSERVICEREFERENCES ### write-output "Inserting MonitoringSecureDataHealthServiceReferences..." $mg.InsertMonitoringSecureDataHealthServiceReference($newref1) $mg.InsertMonitoringSecureDataHealthServiceReference($newref2) $mg.InsertMonitoringSecureDataHealthServiceReference($newref3) trap [Microsoft.EnterpriseManagement.Common.UnknownDatabaseException] { write-debug "Microsoft.EnterpriseManagement.Common.UnknownDatabaseException: MonitoringSecureDataHealthServiceReferences may already exist." # write-error $($_.Exception.GetType().Name); # write-error $($_.Exception.Message); continue; } |
deployment · hotfix · kb · management server · microsoft · ms · rms · run as acocount · Scom · support