locked
SCSM 2010 SP1 - Event 33652 SM Implicit UserRole Administrator RRS feed

  • Question

  • While testing a backup scenario, I took the DB offline and renamed the ServiceManager DB to ServiceManager.bak and tried to restore from a different server without success. After trying to rollback to the original DB by renaming the .bak to ServiceManager.Mdf and restarting SQL, I try to start SCSM and get the following error:


    Implicit user role administrator is unable to configure the implied user role because of System Center Data Access service errors.
     The following errors were encountered:
     Exception message: Unable to perform the operation because of authorization store errors.
     

    Implicit user role administrator name: Microsoft.EnterpriseManagement.SystemCenter.ImplicitUserRoleAdministrator
    Instance name: Subscriptions Workflow Target
    Instance ID: {3FDD292D-04CF-E893-9AE2-76740BA4E017}
    Management group: ******

    and:

    An exception was thrown while processing GetImpliedUserRoles for session ID uuid:f8568f98-1a95-410d-90b1-098df39cedcf;id=189.
     Exception message: The creator of this fault did not specify a Reason.
     Full Exception: System.ServiceModel.FaultException`1[Microsoft.EnterpriseManagement.Common.UnknownAuthorizationStoreException]: The creator of this fault did not specify a Reason. (Fault Detail is equal to Microsoft.EnterpriseManagement.Common.UnknownAuthorizationStoreException: Unable to perform the operation because of authorization store errors. ---> System.Runtime.InteropServices.COMException (0x80070006): The handle is invalid. (Exception from HRESULT: 0x80070006 (E_HANDLE))
       at Microsoft.Interop.Security.AzRoles.IAzApplication2.InitializeClientContextFromToken(UInt64 ullTokenHandle, Object varReserved)
       at Microsoft.EnterpriseManagement.Mom.Sdk.Authorization.AzManHelper.AccessCheck(String accessCheckContext, Int32[] operationIds, IntPtr hToken, String stringSid, Int32[] accessCheckReturnCodes, List`1[] accessCheckScopes)
       --- End of inner exception stack trace ---).

    Any help would be most appreciated

    Civitas


    civitas hall
    Thursday, April 28, 2011 2:58 PM

Answers

  • I have successfully recreated this error in our environment.  It was caused by adding a plain SQL logon as a user on the ServiceManager database.  This in turn hoses the authorization store and causes all sorts of havoc with the management servers and the self-service portal.
    The early bird gets the worm. The second mouse gets the cheese.
    Friday, May 20, 2011 9:23 PM

All replies

  • I would first try re-importing the management server key.  If that does not work, you should probably get Microsoft Support on the line.
    The early bird gets the worm. The second mouse gets the cheese.
    Thursday, April 28, 2011 5:37 PM
  • Have you double checked the permissions on the database?

    Regards
    //Anders


    Anders Asp | Lumagate | www.lumagate.com | Sweden | My blog: www.scsm.se
    Tuesday, May 3, 2011 10:34 AM
  • Oddly enough, I am now getting this error.  I will be contacting MS Support shortly.
    The early bird gets the worm. The second mouse gets the cheese.
    Tuesday, May 17, 2011 3:23 PM
  • I have successfully recreated this error in our environment.  It was caused by adding a plain SQL logon as a user on the ServiceManager database.  This in turn hoses the authorization store and causes all sorts of havoc with the management servers and the self-service portal.
    The early bird gets the worm. The second mouse gets the cheese.
    Friday, May 20, 2011 9:23 PM