Sign in
 
Home2012Previous VersionsLibraryForumsGallery
System Center TechCenter >
Agent Installation fails with SCOM 2007 R2

Answered Agent Installation fails with SCOM 2007 R2

  • Monday, February 04, 2013 1:18 PM
     
     
    Sign In to Vote
    0

    Hi

    I'm a novice to SCOM. We have an issue with agent installation. In SCOM there are 2 accounts mentioned as Action Account. One is Local System and another is domain user account. With the discovery wizard it's failing to install the agent and showing the domain user account instead of System account. If we add the domain user account as local system admin on new servers then the installation succeeds. So does this mean the agent installation always take the domain user account for agent installation? Also with "Profiles / Default Action Account" all other managed servers are showing Local System Action account except one server with domain user account, this makes us confused with Action Account. can someone clarify this

    Thanks in Advance

    LMS

     

All Replies

  • Monday, February 04, 2013 2:34 PM
     
     
    Sign In to Vote
    0

    Pls refer to the following bog

    http://blog.scomfaq.ch/2011/12/27/scom-2012-agent-discovery-the-user-does-not-have-sufficient-permission-to-perform-the-operation/

    Roger

     
  • Monday, February 04, 2013 3:42 PM
     
     Answered
    Sign In to Vote
    0

    Hello,

    When you are pushing the SCOM agent from the console, then it uses the Scom Action Account which has to be a local admin on the agent managed server. Once the agent is installed, it will show as Local System, unless you select the "Other user Account" and discover and install the agent using that account.

    If you are installing the agent manually (not from the SCOM console), then you can use Local System to install the agent manually. 

    Note: when you are installing agent manually, you need to change the security setting "to review manually installed agents" in the Administration Tab. 

    Also please check the link above by Microsoft Hopeless Guy to get a better under standing

    Hope this answers your question.

    Regards,

    Abdul Karim. (http://sites.google.com/site/scomblogs Twitter:@Abdul_SCOM)

     
  • Monday, February 04, 2013 3:47 PM
     
     Proposed
    Sign In to Vote
    0

    Based on the agent you trying to discover the account differs. Its all about the permission of the particular account configured for. Check whether your action account has admin access to the concern server, based on that you can choose the Action account or Specific account which have admin access.

    Regards,

    Sandy

    • Proposed As Answer by Sandoss Kumar Tuesday, February 05, 2013 10:31 AM
    •  
     
  • Tuesday, February 05, 2013 6:31 AM
     
     
    Sign In to Vote
    0

    Thanks All for replying. So what I understood is as follows

    a) While installing the agent add the Action Account to local admin group of that particular server

    b) Then the service will run with Local System privilages on that server and also with Profiles / Default action account it will show Local System Action Account and as you mentioned we can change that to the other Action account

    c) Now after instaling the agent we can remove the Action Account from local system Administrators group and provide only required permissions (Member of the local Users group, Member of the local Performance Users group, Allow Log On Locally)

    So we can make sure that the account has only a limited set of permissions on those servers.

    Please let me know whether my understanding is right. 

    Thanks

    LMS

    • Proposed As Answer by Sandoss Kumar Tuesday, February 05, 2013 10:31 AM
    • Unproposed As Answer by Sandoss Kumar Tuesday, February 05, 2013 10:31 AM
    •