locked
SQL MP 2012 Cluster Run As Account RRS feed

  • Question

  • Hi,

    SCOM 2012 R2, Windows Server 2012 - Cluster, SQL2012 2 box cluster, newest SQL MP.

    I received the sa account from the DBA, and assigned it as the Run As account for the MP per instructions (only for the SQL discovery and monitoring profiles).  That worked, and the SQL info is populating in SCOM - great!

    Now I am receiving this error "The System Center Management Health Service could not log on the specified Run As account" on both of the windows boxes.  Details show it is trying to use the sa account for the Health Service.

    If I back out the Run As account from the SQL profiles, the error goes away, but of course now I cant see the SQL MP info.

    Does this mean that I must use a Domain Admin acct, and give it SQL SA rights so that it can do both SQL and the agent health service?

    Or is their another way to pull these two apart?

    Thank you!

    Thursday, February 20, 2014 7:42 PM

Answers

  • Hi,

    Please grant the 'Log On Locally' right to the specified run as Account using either Group Policy or Local Computer Policy.

    (It is under Computer Configuration -> Security Settings -> User Rights Assignment)

    Also check if the Run As Account to more secure.


    Niki Han

    TechNet Community Support

    • Marked as answer by Niki Han Tuesday, March 4, 2014 1:42 AM
    Tuesday, February 25, 2014 9:20 AM
  • we use domain admin account in our case for running SCOM sdk and config service. this account is also the scom action account with scom admin privileges. then we add this domain account in SQL giving it SA rights.

    alternatively you can grant "log on locally" rights to your run as account.


    Thanks, S K Agrawal

    • Marked as answer by Niki Han Tuesday, March 4, 2014 1:42 AM
    Wednesday, February 26, 2014 3:12 AM

All replies

  • Hi,

    Please grant the 'Log On Locally' right to the specified run as Account using either Group Policy or Local Computer Policy.

    (It is under Computer Configuration -> Security Settings -> User Rights Assignment)

    Also check if the Run As Account to more secure.


    Niki Han

    TechNet Community Support

    • Marked as answer by Niki Han Tuesday, March 4, 2014 1:42 AM
    Tuesday, February 25, 2014 9:20 AM
  • we use domain admin account in our case for running SCOM sdk and config service. this account is also the scom action account with scom admin privileges. then we add this domain account in SQL giving it SA rights.

    alternatively you can grant "log on locally" rights to your run as account.


    Thanks, S K Agrawal

    • Marked as answer by Niki Han Tuesday, March 4, 2014 1:42 AM
    Wednesday, February 26, 2014 3:12 AM