locked
"Client Security Script Failed to Access Non-MOM API" Error RRS feed

  • Question

  • My workstation is showing below errors in MOM 2005. Someone had a post here about editing the script that it is complaining about and adding the SQL Server name in there. Anyone has a fix for this error? Thanks...


    Repeat Count: 5
    Age: 
    Source: Microsoft Forefront Client Security Microsoft Forefront Client Security Script Name = Microsoft Forefront Client Security - Report Trend Precalculation Runner Error Number = -2147217843
    Alert Id: b2eed08e-30e8-43fa-827a-e36fb48850d2
    Rule (enabled): Microsoft Forefront Client Security\Common Rules\Client Security Script Failed to Connect to the Collection Database

    Description:
    When the MOM server processed a Client Security script, the script failed to connect to the collection database (MOM database).
    - Error code: -2147217843
    - Error description: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
    - Connection string: Server=CWB05;Database=Onepoint;Trusted_Connection=yes;
    - Rule name: Run History Precalculation Script - Alerts List History
    - Script name: Microsoft Forefront Client Security - Report Trend Precalculation Runner

    To investigate and resolve this incident, make sure that the collection database is running and that the MOM Action Account has permission to access it.


    ----------------------------------------------


    Repeat Count: 79
    Age: 
    Source: Microsoft Forefront Client Security Microsoft Forefront Client Security Script Name = Microsoft Forefront Client Security - Report Trend Precalculation Runner API Name = GetRegistryValue(REG_SQL_SERVER_FOR_ONEPOINT_DB) Error Number = 2
    Alert Id: 9624673c-f62f-4578-9f4b-28620cf35962
    Rule (enabled): Microsoft Forefront Client Security\Common Rules\Client Security Script Failed to Access Non-MOM API

    Description:
    When the MOM server processed a Client Security script, the script failed to access a non-MOM API.
    - API name: GetRegistryValue(REG_SQL_SERVER_FOR_ONEPOINT_DB)
    - Error code: 2
    - Error description: Unknown runtime error
    - Rule name: Run History Precalculation Script - Alerts List History
    - Script name: Microsoft Forefront Client Security - Report Trend Precalculation Runner

    Wednesday, August 8, 2007 3:34 PM

Answers

  • Hello All,

     

    DanNichols is likely correct in his assessment; but technically it is the Action account, not the DAS account, if you chose to use different accounts for the two.  The action account on the Collection server role is used to run server-side scripts in the FCS MOM management pack.  It does this in MOMHost.exe which runs under the identity of the Action account specified during setup.

     

    These server side scripts do things like pre-calculate historical reporting data, approve new computers that have been installed, and monitor for event floods.  To do this work they require additional permission on the Collection server and the OnePoint database.  Unfortunately, in certain configuration serversetup.exe does not grant all of the necessary permissions and errors such as these arise if the deployment guide steps are not used, for example the Grant the correct permissions for the service accounts section at : http://technet.microsoft.com/en-us/library/bb404215.aspx

     

    If you follow those instructions, and then bounce the MOM service on the Collection server to allow the MOMHost.exe to update its access token, the script failures should go way.

     

    Thanks,

    Craig

     

    Tuesday, September 25, 2007 9:56 PM

All replies

  • Hello!

    Are you running the RTM (eval or paid) version of FCS?  We've seen errors like this with pre-release editions

     

    Thanks

    Chris

    Saturday, August 11, 2007 1:55 AM
  •  

    I'm seeing the same error and I am running the paid version of FCS. Anyone has a solution to this error?

     

    Thursday, August 23, 2007 9:27 PM
  •  

    Adding the MOM DAS account to the local administrators group on the MOM management server resolves this alert. Not sure if it can be resolved by granting more granular permissions?

     

    Anyone @ MSFT care to comment?

    Saturday, August 25, 2007 9:01 AM
  • It´s easy to view. Look. NT AUTHORITY. This problems is because the credentials are not correct. Please check your credentials in the mom server.

     

    Thanks

     

        Pablo Ale

    Geminis Computer

        Argentina

    Friday, September 14, 2007 5:43 AM
  • Hello All,

     

    DanNichols is likely correct in his assessment; but technically it is the Action account, not the DAS account, if you chose to use different accounts for the two.  The action account on the Collection server role is used to run server-side scripts in the FCS MOM management pack.  It does this in MOMHost.exe which runs under the identity of the Action account specified during setup.

     

    These server side scripts do things like pre-calculate historical reporting data, approve new computers that have been installed, and monitor for event floods.  To do this work they require additional permission on the Collection server and the OnePoint database.  Unfortunately, in certain configuration serversetup.exe does not grant all of the necessary permissions and errors such as these arise if the deployment guide steps are not used, for example the Grant the correct permissions for the service accounts section at : http://technet.microsoft.com/en-us/library/bb404215.aspx

     

    If you follow those instructions, and then bounce the MOM service on the Collection server to allow the MOMHost.exe to update its access token, the script failures should go way.

     

    Thanks,

    Craig

     

    Tuesday, September 25, 2007 9:56 PM