locked
SCOM Lync 2013 Management Pack does not discover workgroup Edge servers. SQL authentication error. RRS feed

  • Question

  • SCOM "Lync Server 2013 Management Pack Guide" p.5 says "Lync Server 2013 Edge Servers are not required to be domain-joined."

    The SCOM agent was locally installed to a workgroup Lync Edge server using certificates (trusted root certificate and computer certificate).  Windows o/s monitors work fine.  It communicates with a gateway server.

    In the SCOM Console, under Monitoring - Microsoft Lync Server 2013 Health - Topology Discovery - Discovery State View, jumping to alerts show an error message with the alert context containing: 

    DiscoverMachine.ps1 : -------------------------------------------------------------------------------- -Script Name: Lync Server MP Machine Topology Discovery -Run as account: nt authority\network service -Execution Policy: Bypass -------------------------------------------------------------------------------- Value of Source Id is {2469342F-3092-2CD4-2CE3-D45CA920984C}. Value of ManagedEntity Id is {05896141-0A17-A488-E0FF-8624120D43D9}. Value of Target Computer is xxxxx. Lync Server Module is added Successfully initialize discovery data. An exception occurred during discovery script, Exception : Could not connect to SQL server : [Exception=System.Data.SqlClient.SqlException (0x80131904): Cannot open database "xds" requested by the login. The login failed. Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.

    There is no override option in the discover to specify a different account to use.

    The xds database is on a different server that is in the domain.


     
    Friday, March 22, 2013 11:07 PM

Answers

  • Hi!

    We had same problem. I connected to rtclocal\xds on frontend remotely by Management Studio and saw security settings. I found several local groups there and I found NETWORK SEVICE in 2 of this groups - "RTC Component Local Group" and "RTC Local Administrators".

    I decided that rtclocal\xds have same roles and permissions on the edge and checked 2 above groups membership on it. On the edge server these 2 groups didn't include NETWORK SEVICE account.

    I've added NETWORK SEVICE to these local groups on the edge server, restart service under this account (for re-authentication and group membership forcing) and after some time discovery was succesfull.


    • Proposed as answer by Roman1974 Tuesday, March 26, 2013 12:50 PM
    • Edited by Roman1974 Tuesday, March 26, 2013 12:51 PM
    • Marked as answer by Yog Li Friday, March 29, 2013 11:11 AM
    Tuesday, March 26, 2013 12:20 PM

All replies

  • Hi!

    We had same problem. I connected to rtclocal\xds on frontend remotely by Management Studio and saw security settings. I found several local groups there and I found NETWORK SEVICE in 2 of this groups - "RTC Component Local Group" and "RTC Local Administrators".

    I decided that rtclocal\xds have same roles and permissions on the edge and checked 2 above groups membership on it. On the edge server these 2 groups didn't include NETWORK SEVICE account.

    I've added NETWORK SEVICE to these local groups on the edge server, restart service under this account (for re-authentication and group membership forcing) and after some time discovery was succesfull.


    • Proposed as answer by Roman1974 Tuesday, March 26, 2013 12:50 PM
    • Edited by Roman1974 Tuesday, March 26, 2013 12:51 PM
    • Marked as answer by Yog Li Friday, March 29, 2013 11:11 AM
    Tuesday, March 26, 2013 12:20 PM
  • Thank you.  that worked fine.
    Tuesday, April 9, 2013 6:54 PM
  • Adding the Network Service acccount to RTC Local Read-only Administrators on the Lync Edge Server will be enough rights to grant.  The SCOM Agent on the Edge is not trying to read the CMS SQL DB(xds) on the Lync front end, but the local CMS Replica on the Edge.
    Friday, November 29, 2013 1:28 PM
  • thank you 
    Wednesday, October 22, 2014 2:14 PM
  • I have added to "RTC Component Local Group" only and it works as well. Wondering which group is better to add the account.
    Thursday, March 7, 2019 10:52 AM