A container for the management group MANAGEMENTGROUP NAME either does not exist in domain DOMAIN NAME or the Run As Account associated with the AD based agent assignment rule does not have access to the container. Please run MomADAdmin for this Management Group before configuring assignment rules and make sure the associated Run As Account is the member of the Operations Manager Administrator role.
When one looks in the AD the SCP (Service Connection Point) is present, so what goes wrong?
Most of the time, the issue is that the MOMADAdmin.exe tool has been used with the wrong syntax. The tool doesn't generate an error, it even creates a SCP (a faulty one that is) so one tends to think all is well.
The solution is straight forward:
First Step
Remove the current SCP with this command:
momadadmin -d MANAGEMENT_GROUP_NAME FQDN_DOMAIN_NAME
Second Step
Create the new SCP with this command:
MomADAdmin MANAGEMENT_GROUP_NAME GROUP_WITH_ADMINPERMISSIONS_IN_SCOM RMS_NAME FQDN_DOMAIN_NAME
After a while (an hour after the last EventID 11464 has been logged) EventID 11470(even multiple, depending on your SCOM environment) should show up:
AD assignment module successfully added xx computers to SecurityGroup xx_PrimarySG_45962 in domain FQDN DOMAIN NAME since the result of the assignment ldap query has changed.The SCP is now up & running.
No comments:
Post a Comment