none
How to find the RunAsAccount from the SSID RRS feed

  • Question

  • Hello,

    I receive the following error

    Description: An account specified in the Run As profile "Microsoft.SQLServer.SQLProbeAccount" cannot be resolved.

    This condition may have occurred because the account is not configured to be distributed to this computer. To resolve this problem, you need to open the Run As profile specified below, locate the account entry as specified by its SSID, and either choose to distribute the account to this computer if appropriate, or change the setting in the profile so that the target object does not use the specified account.
    Note: you may use the command shell to get the Run As account display name by its SSID.

    Management Group:  XXX
    Run As Profile:  Microsoft.SQLServer.SQLProbeAccount
    Account SSID:  00E803F4CC528FD742FFF7EC9C8E67D3DA251623E700000000000000000000000000000000000000

    Now before I start to look at the Run As Account and Profiles in the GUI, I want to know which account the above SSID related to. Looking at the properties of a RunAsAccount in PowerShell i.e.

    Get-RunAsAccount | get-member

    From this of returned properties I can only assume the Property named SecureStorageID example below from one of the account

    SecureStorageId   : {0, 41, 177, 242...}

    therefore I did the following

    Get-RunAsAccount | select -expand SecureStorageID

    Basically I get a long list of numbers a few on each time (as the above is the out out of an array due to the , between the numbers)

    Therefore the following will not work

    Get-RunAsAccount | where {$_.SecureStorageID -match "00E803F4CC528FD742FFF7EC9C8E67D3DA251623E700000000000000000000000000000000000000"}

    (I am not even sure the SSID is the SecureStorageID, but a reasonable guess)

    Therefore I another way to match the SSID in the error message the the actual RunAsAccount display name.

    Can anyone help me on this one please?

    Thanks all

    Jo

    Saturday, June 23, 2012 11:04 AM

Answers

  • Hi Thanks very much Alexey much appreciated. I also saw a similar post to this,

    http://michielw.blogspot.co.uk/2011/02/scom-account-specified-in-run-as.html,

    At the bottom of the post a contributor called Ernie added some more code to make it list this

    param([Parameter(Mandatory=$true,HelpMessage="Please enter the SSID")][string]$SSID)

    Get-RunAsAccount | Sort Name | % {$string = $null;$_.SecureStorageId | % {
     $string = $string + "{0:X2}" -f $_}

    $RunAsAccountName = $_.Name
    [string]$RunAsAccountSSID = $string
    if ($SSID -match $RunAsAccountSSID) {write-host "The Run As Account is .. $RunAsAccountName"}
    }

    Thanks for the help,

    Jo

    Monday, June 25, 2012 11:44 AM

All replies

  • Hello Jo,

    try this:

    Get-RunAsAccount | Sort Name | % {$string = $null;$_.SecureStorageId | % {  
    
    $string = $string + "{0:X2}" -f $_} 
    
    $_.Name;"  $string" 
    
    } 


    http://OpsMgr.ru/

    Saturday, June 23, 2012 11:33 AM
    Moderator
  • Hi Thanks very much Alexey much appreciated. I also saw a similar post to this,

    http://michielw.blogspot.co.uk/2011/02/scom-account-specified-in-run-as.html,

    At the bottom of the post a contributor called Ernie added some more code to make it list this

    param([Parameter(Mandatory=$true,HelpMessage="Please enter the SSID")][string]$SSID)

    Get-RunAsAccount | Sort Name | % {$string = $null;$_.SecureStorageId | % {
     $string = $string + "{0:X2}" -f $_}

    $RunAsAccountName = $_.Name
    [string]$RunAsAccountSSID = $string
    if ($SSID -match $RunAsAccountSSID) {write-host "The Run As Account is .. $RunAsAccountName"}
    }

    Thanks for the help,

    Jo

    Monday, June 25, 2012 11:44 AM
  • Hello,

    I tried the script but got an error:

    >./SSID-2007.ps1
    
    cmdlet SSID-2007.ps1 at command pipeline position 1
    Supply values for the following parameters:
    (Type !? for Help.)
    SSID: !
    "!" cannot be recognized as a valid Prompt command.
    SSID: !?
    Please enter the SSID
    SSID: 00707C686769F3C0C9897403644020F428FEC723C300000000000000000000000000000000
    00
    Get-RunAsAccount : The 'Path' parameter is empty or the required provider locati
    is not set."
    At C:\users\rmppqx\desktop\SSID-2007.ps1:4 char:1
    + Get-RunAsAccount | Sort Name | % {$string = $null;$_.SecureStorageId | % {
    + ~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidArgument: (:String) [Get-RunAsAccount], Arg
       entOutOfRangeException
        + FullyQualifiedErrorId : InvalidParameter,Microsoft.EnterpriseManagement.Op
       ationsManager.ClientShell.GetRunAsAccountCmdlet

    Any idea?

    Thanks,
    Dom


    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

    Friday, January 22, 2016 5:52 PM