Hey Kevin sorry for the delay been swamped....the red is the error I get and I have seen your blog on this error but nothing works.
Yes I am using the SCAA, it doesn't matter if I type in the credentials it still fails with this: The Operations Manager Server failed to open service control manager on computer Test3.uspsoig.gov. Therefore, the Server cannot complete configuration of agent on the computer. Operation: Agent Install Install account: USPSOIG\SCAA Error Code: 80070005 Error Description: Access is denied. Using the Local system for the agent action account. From: listsadmin@lists.myitforum.com [mailto:listsadmin@lists.myitforum.com] On Behalf Of Kevin Holman Sent: Wednesday, April 20, 2016 10:47 AM To: ms...@lists.myitforum.com Subject: [msmom] RE: SCOM 2012 R2 RU8 (SQL crash and moved DB's) Are you using the action account to push agents? What happens when you type in credentials that already have rights on the agent machines? When you install agents - what default agent action account are the agents using for their own monitoring services? From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> [mailto:listsadmin@lists.myitforum.com] On Behalf Of Shemory, Chris Sent: Wednesday, April 20, 2016 7:05 AM To: 'ms...@lists.myitforum.com' <ms...@lists.myitforum.com<mailto:ms...@lists.myitforum.com>> Subject: [msmom] SCOM 2012 R2 RU8 (SQL crash and moved DB's) Let me start by saying I have a Microsoft ticket open on this issue that has been open for a while now and was escalated to Tier 3 and we have been actively working but no resolution. I wanted to see if anyone else had input that we have not tried. Original Build: 2 MGMT servers (Server 2012 R2) VM's 1 SQL Server (standalone with reporting, Server 2012 R2 with SQL 2012) VM's Everything was working good then I lost the SQL VM, came in after we lost power and everything went down hard to a screen that said no OS found. So at this time we decided that this was a good time to move the DB's to the SQL cluster. So now all the SCOM DB's reside on a 4 node cluster. Existing Build: 2 MGMT servers (Server 2012 R2) VM's 4 Node SQL Cluster (SQL 2012/instance) Db's were restored and MGMT servers were honed to the sqlserver\instance, and everything is working like it should with the exception of installing the SCOM agent. Now the fun part trying to explain this. This is reproducible, so hopefully I can explain this without confusing. Scenario: Our 2012 R2 servers are locked down by STIG and we use restricted groups to allow admins on the servers via GPO's. This has been working up till the SQL crash. Example: Security Group "SCOM Servers" Members: "myself and SCAA" (SCOM Action Account) My account and SCAA can log into the servers so I know they are locked down and Admin access is successful. SCOM Agent install: If "SCOM Servers" security Group exists the agent will install or I can use any other existing SG If the "SCOM Servers" security group is newly created, SCOM agent will fail with Access denied, now the funny part about this is that about after a week or two the agent will install without any changes being made. While working with Microsoft we have tested and collected logs from all of the machines involved but have not been able to resolve yet. I am hoping this reaches someone with the ah ha you need to check or do this. Any recommendations would greatly be appreciated. It seems to be related to the SCAA account and newly created security groups. AD is healthy and replication is not an issue. Didn't know if there is something in SCOM I need to check or the DB's or a script I need to run. Thanks Chris
