locked
Changing RMS cluster Health Service account to domain account RRS feed

  • Question

  • We have clustered Windows 2003 configuration where SCOM RMS resides. SCOM was installed with RTM version. Now we found out that there are best practices not to install RMS cluster Health Service with the local system anymore. If I remember right, there is also for example the management pack version check rule which doesn't even work with local system account for some reason.

    Now i would like to query if someone has done this change on a RMS cluster to change Health Service from local system to domain user account.

    I got this error message when tried and everything works now again fine after going back to local system.

    Event Type: Error
    Event Source: HealthService
    Event Category: Health Service
    Event ID: 104
    Date:  30.11.2009
    Time:  16:24:40
    User:  N/A
    Computer: ABC123
    Description:
    The Health Service can only supports running as the local system user account.  The service was configured to run under a different user account so it can not start.  Please reset the service configuration back to the default setting.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


    Thanks for all ideas in advance!

    -Tero


    MCT | MCSE | MCITP | MCTS SCOM & SCCM
    Monday, November 30, 2009 3:03 PM

Answers

  • Hi Marnix,

    I started going through the documentation where I found out this stuff and it seems I was mistaken. I went through the SCOM R2 deployment docs and there is indeed mentioning about all the other accounts to be domain accounts except the health service.

    Then I went on to read about the rule to check the MP's from MS web service and there is only mentioning about action account... and the action account can always be defined...

    http://technet.microsoft.com/en-us/library/dd279609.aspx

    "The Operations Manager Management Pack includes the Check for Updated Management Packs rule, which checks whether an updated version of an installed management pack is available. The rule runs a script, Powershell.exe, which requires the action account on the RMS to be a member of the Operations Manager Administrators Group."

    You know, sometimes you can notice how stupid the question was afterwards!

    Thx for help anyway! :)

    -Tero


    MCT | MCSE | MCITP | MCTS SCOM & SCCM
    • Marked as answer by Tero Ilenius Tuesday, December 1, 2009 11:57 AM
    Tuesday, December 1, 2009 11:57 AM

All replies

  • Hi Tero.

    Can you tell me more about those best practices? For myself I do not know these for the Health Service. I do know the best practices for the SCOM Accounts like Agent Action, SDK, Datware House Read and Write. It is better to have these accounts run under a AD account, not local system.

    To my best knowledge I would not change the account under which the Health Service runs.
    Best regards, Marnix Wolf

    (Thoughts on OpsMgr)
    Tuesday, December 1, 2009 7:24 AM
  • Hi Marnix,

    I started going through the documentation where I found out this stuff and it seems I was mistaken. I went through the SCOM R2 deployment docs and there is indeed mentioning about all the other accounts to be domain accounts except the health service.

    Then I went on to read about the rule to check the MP's from MS web service and there is only mentioning about action account... and the action account can always be defined...

    http://technet.microsoft.com/en-us/library/dd279609.aspx

    "The Operations Manager Management Pack includes the Check for Updated Management Packs rule, which checks whether an updated version of an installed management pack is available. The rule runs a script, Powershell.exe, which requires the action account on the RMS to be a member of the Operations Manager Administrators Group."

    You know, sometimes you can notice how stupid the question was afterwards!

    Thx for help anyway! :)

    -Tero


    MCT | MCSE | MCITP | MCTS SCOM & SCCM
    • Marked as answer by Tero Ilenius Tuesday, December 1, 2009 11:57 AM
    Tuesday, December 1, 2009 11:57 AM
  • Hi Tero,

    to my opinion questions NOT being asked are the stupid ones. All other questions are valid. So no worries.
    Best regards, Marnix Wolf

    (Thoughts on OpsMgr)
    Tuesday, December 1, 2009 12:00 PM