none
AD Replication Monitoring : encountered a permissions error. RRS feed

  • Question

  • Hi,

    I have SCOM 2012 and i installed GW on Another Company site ,which we dont have any AD trust, to monitor all their servers.

    Im recieving the following alerts.

    AD Replication Monitoring : encountered a permissions error.
    The script
    failed to create the OpsMgrLatencyMonitors container in the naming context
    'DC=DomainDnsZones,DC=ihs,DC=se' because access was denied. Alter the
    permissions for this naming context so that the script can add this container,
    or change the parameters for this script to stop monitoring this naming
    context.

    The error returned was: 'General access denied error' (0x80070005)

    now its obviously a permission issue. I read around and all articles are stating to make sure that the Action Account have a proper permission on OpsMgrLatencyMonitor container. Now this is only when it comes to local AD. but as i mentioned above that the AD that im monitoring is not where the SCOM is locating but in Another site which does not have any federation or trust between. I used the "local system" account when i installed discovered the server and installed the agent. Now which account and what permission should i add to the OpsMgrLatencyMonitor container to make sure that monitoring AD replication is working.

    thanks in advance


    Please remember to click “Mark as Answer” on the post that helps you. This posting is provided "AS IS" with no warranties. knowledge is valid only if it is shared by All.

    Monday, February 25, 2013 12:04 PM

Answers

  • I re-discovered the agent using domain admin account and local system to install the agent and it worked.


    Please remember to click “Mark as Answer” on the post that helps you. This posting is provided "AS IS" with no warranties. knowledge is valid only if it is shared by All.

    • Marked as answer by Laith_IT Tuesday, March 5, 2013 2:05 PM
    Tuesday, March 5, 2013 2:05 PM

All replies

  • try to manually create OpsMgrLatencyMonitors container

     To configure the OpsMgrLatencyMonitors container
    1. To perform this procedure, you must be a member of the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure.
    2. In ADSI Edit, right click the ADSI Edit object in the navigation pane, and then click Connect To.
    3. In the Connection Settings dialog box under Connection Point, ensure that Select a well known Naming Context is selected, and then click Configuration in the drop-down menu.
    4. In the Computer section, select the domain controller on which you want to complete the configuration, and then click OK.
    5. In the navigation pane, expand the Configuration object. An object with CN=Configuration followed by LDAP path of the forest appears.
    6. If you do not see the OpsMgrLatencyMonitors container immediately below the CN=Configuration object in the navigation pane, create the container:
    a. Right-click the CN=Configuration object, click New, and then click Object.
    b. In the Create Object dialog box, select the container, and then click Next.
    c. In Value, type OpsMgrLatencyMonitors, and then click Next. Click Finish.
    7. In the navigation pane of ADSI Edit, right-click CN=OpsMgrLatencyMonitors, and then click Properties.
    8. Click the Security tab, click Advanced, and then click Add.
    9. Use the Select users, Computers, Service Accounts or Groups dialog box to locate the Action Account, and then click OK.
    10. In the Permissions Entry for OpsMgrLatencyMonitors dialog box, ensure that Apply to reads This object and all descendant objects.
    11. In Permissions, select the Allow box that corresponds to the Create container objects permission.
    12. Click the Properties tab, and then set Apply to so that it reads All descendant objects.
    13. In Permissions, select the Allow box that corresponds to Read all properties.
    14. Select the Allow box that corresponds to Write adminDescription, and then click OK three times to close the open dialog boxes.

    Roger

    • Proposed as answer by bvkm Thursday, August 22, 2013 1:41 AM
    Monday, February 25, 2013 1:43 PM
  • Hi ,

    thanks for you answer

    the OpsMgrLatencyMonitors container is already exist. My question is that when im using "local system" account to install the agent on the server what is the account that i have to add to the OpsMgrLatencyMonitors container security?


    Please remember to click “Mark as Answer” on the post that helps you. This posting is provided "AS IS" with no warranties. knowledge is valid only if it is shared by All.

    • Proposed as answer by bvkm Thursday, August 22, 2013 1:40 AM
    • Unproposed as answer by bvkm Thursday, August 22, 2013 1:41 AM
    Tuesday, February 26, 2013 8:23 AM
  • I re-discovered the agent using domain admin account and local system to install the agent and it worked.


    Please remember to click “Mark as Answer” on the post that helps you. This posting is provided "AS IS" with no warranties. knowledge is valid only if it is shared by All.

    • Marked as answer by Laith_IT Tuesday, March 5, 2013 2:05 PM
    Tuesday, March 5, 2013 2:05 PM