locked
a Run As Account failed verification on Management server - account not even deployed to this server ? RRS feed

  • Question

  • we have a SCOM SQL service account.
    I have checked the Run As account, under administration, there is one windows type account with that specific SQL service account. But this Run As Account has a more secure distribution, and this management server is NOT in the list of computers where the account should be distributed to

    and yet, each time we get this warning state on one management server (always MS03 - we have 4 management servers)

    I have tried flushing the cache, I added the server to this Run As account, saved it and then removed it again, but I keep getting the warning back...

    I checked the user profiles on this management server, and the profile does not exist
    I stepped thru all of our Run As accounts defined in SCOM, and the account is only used where it should be...

    Event 7002:
    The Health Service could not log on the RunAs account xxxxx\SCOM_SQL for management group MG_SCOM because it has not been granted the "Allow log on locally" right.

    it's really puzzling me... I can override it, but it should not happen in the first place... :(

    Monday, January 26, 2015 1:03 PM

Answers

  • Greetings,

    Based on the log, the action account which runs the health service does require log on locally rights.

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, January 27, 2015 7:40 AM