none
SCOM 2012 Lync Server 2013 Management Pack discovery error

    Question

  • I'm attempting to deploy a Lync 2013 monitoring solution across a non-trusted boundary. My management servers are hosted in my local domain (mydomain.com). I have a gateway server deployed at the partner site (scomgw.partnerdomain.com). The partner already has Lync Server 2013 deployed with one standard edition front end (se.partnerdomain.com) and a dedicated SQL server to host the monitoring database (sql.partnerdomain.com). The sql.partnerdomain.com server is not a trusted application and does not host the xds database.

    They also have a single edge server, but so far I've left that out of the deployment - first things first.

    I have imported both of the Lync Server 2013 management packs, and - because I'm also monitoring my own, local Lync 2010 deployment - the Lync 2010 management pack. I have not yet gotten to the stage of deploying a synthetic transaction watcher node, as I'd like to get basic monitoring working first (again, first things first).

    When deploying the agents at partnerdomain.com everything appears to go well - the two servers are discovered and the agents look like they're deploying just fine. However, after a few minutes sql.partnerdomain.com goes red and I see the following alert:

    Path: sql.partnerdomain.com

    Source: Discovery Script on sql.partnerdomain.com

    Name: An internal exception has occurred during discovery

    The alert context shows Health Service Script event 223. When I pull that event it looks like this:

    ProviderName : Health Service Script

    Id           : 223

    Message      : DiscoverMachine.ps1 :

                  

                   ----------------------------------------------------------------

                   ----------------

                   -Script Name:      Lync Server MP Machine Topology Discovery

                   -Run as account:   nt authority\network service

                   -Execution Policy: Bypass

                   ----------------------------------------------------------------

                   ----------------

                   Value of Source Id is {2469342F-3092-2CD4-2CE3-D45CA920984C}.

                   Value of ManagedEntity Id is

                   {1CE84D05-B9B8-68C7-D517-DA09E4CC34A2}.

                   Value of Target Computer is sql.partnerdomain.com.

                   Lync Server Module is added

                   Successfully initialize discovery data.

                   An exception occurred during discovery script, Exception :

                   Could not connect to SQL server :

                   [Exception=System.Data.SqlClient.SqlException (0x80131904):

                   Cannot open database "xds" requested by the login. The login

                   failed.

                   Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.

                      at System.Data.SqlClient.SqlInternalConnection.OnError(SqlExc

                   eption exception, Boolean breakConnection, Action`1

                   wrapCloseInAction)

                      at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(T

                   dsParserStateObject stateObj, Boolean callerHasConnectionLock,

                   Boolean asyncClose)

                      at System.Data.SqlClient.TdsParser.TryRun(RunBehavior

                   runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream,

                   BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject

                   stateObj, Boolean& dataReady)

                      at System.Data.SqlClient.TdsParser.Run(RunBehavior

                   runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream,

                   BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject

                   stateObj)

                      at System.Data.SqlClient.SqlInternalConnectionTds.CompleteLog

                   in(Boolean enlistOK)

                      at System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneL

                   ogin(ServerInfo serverInfo, String newPassword, SecureString

                   newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer

                   timeout, Boolean withFailover)

                      at System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFail

                   over(ServerInfo serverInfo, String newPassword, SecureString

                   newSecurePassword, Boolean redirectedUserInstance,

                   SqlConnectionString connectionOptions, SqlCredential

                   credential, TimeoutTimer timeout)

                      at System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEn

                   list(TimeoutTimer timeout, SqlConnectionString

                   connectionOptions, SqlCredential credential, String

                   newPassword, SecureString newSecurePassword, Boolean

                   redirectedUserInstance)

                      at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbCon

                   nectionPoolIdentity identity, SqlConnectionString

                   connectionOptions, SqlCredential credential, Object

                   providerInfo, String newPassword, SecureString

                   newSecurePassword, Boolean redirectedUserInstance,

                   SqlConnectionString userConnectionOptions)

                      at System.Data.SqlClient.SqlConnectionFactory.CreateConnectio

                   n(DbConnectionOptions options, DbConnectionPoolKey poolKey,

                   Object poolGroupProviderInfo, DbConnectionPool pool,

                   DbConnection owningConnection, DbConnectionOptions userOptions)

                      at System.Data.ProviderBase.DbConnectionFactory.CreatePooledC

                   onnection(DbConnectionPool pool, DbConnectionOptions options,

                   DbConnectionPoolKey poolKey, DbConnectionOptions userOptions)

                      at System.Data.ProviderBase.DbConnectionPool.CreateObject(DbC

                   onnectionOptions userOptions)

                      at System.Data.ProviderBase.DbConnectionPool.UserCreateReques

                   t(DbConnectionOptions userOptions)

                      at System.Data.ProviderBase.DbConnectionPool.TryGetConnection

                   (DbConnection owningObject, UInt32

                   waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean

                   onlyOneCheckConnection, DbConnectionOptions userOptions,

                   DbConnectionInternal& connection)

                      at System.Data.ProviderBase.DbConnectionPool.TryGetConnection

                   (DbConnection owningObject, TaskCompletionSource`1 retry,

                   DbConnectionOptions userOptions, DbConnectionInternal&

                   connection)

                      at System.Data.ProviderBase.DbConnectionFactory.TryGetConnect

                   ion(DbConnection owningConnection, TaskCompletionSource`1

                   retry, DbConnectionOptions userOptions, DbConnectionInternal&

                   connection)

                      at System.Data.ProviderBase.DbConnectionClosed.TryOpenConnect

                   ion(DbConnection outerConnection, DbConnectionFactory

                   connectionFactory, TaskCompletionSource`1 retry,

                   DbConnectionOptions userOptions)

                      at System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletion

                   Source`1 retry)

                      at System.Data.SqlClient.SqlConnection.Open()

                      at Microsoft.Rtc.Common.Data.DBCore.PerformSprocContextExecut

                   ion(SprocContext sprocContext)

                   ClientConnectionId:5c11e7a5-9244-4b81-b2e6-51bc6e78b236].

                   ----------------------------------------------------------------

                   ----------------

    To further confuse the issue, I have a lab here with what I believe is an identical deployment (including a gateway), and am not seeing this error here. I do see event 223 in this lab deployment, but only on the SE front end, not on the SQL server, and the 223 event on my SE is at an Informational level and indicates successful discovery.

    Been pulling my hair out over this one, and have finally hit the wall. Anyone have any suggestions?

    Also, if this is the wrong forum for this question, can somebody please point me in the right direction?

    Thanks!

     

    Saturday, May 11, 2013 1:46 AM

Answers

  • Hi Gerry,

    Try adding the NETWORK SERVICE account to the following local groups on the Edge server:

    RTC Component Local

    RTC Local Administrators

    Then restart the System Center Management service.

    This fixed it for me. If you look at the membership of the equivalent local groups on a Lync Server 2013 Front End you'll see that these groups contain the NETWORK SERVICE account. Looks to be an oversight by MSFT.

    Cheers,

    Garry

    Thursday, June 20, 2013 8:44 AM
  • Cannot open database "xds" requested by the login. The login failed. - seems you need to grant permissions on the Lync CMS Database. Make sure the account that is being used has permissions on the database.

    Theoretically, you could specify a different Windows Account that already has access in the xds database, and assign that account to the "Microsoft Lync Server 2013 Remote Watcher Profile for Discovery" profile on the Scom server.


    http://mariusene.wordpress.com/

    Tuesday, June 04, 2013 11:10 AM

All replies

  • Cannot open database "xds" requested by the login. The login failed. - seems you need to grant permissions on the Lync CMS Database. Make sure the account that is being used has permissions on the database.

    Theoretically, you could specify a different Windows Account that already has access in the xds database, and assign that account to the "Microsoft Lync Server 2013 Remote Watcher Profile for Discovery" profile on the Scom server.


    http://mariusene.wordpress.com/

    Tuesday, June 04, 2013 11:10 AM
  • Hi Gerry,

    Try adding the NETWORK SERVICE account to the following local groups on the Edge server:

    RTC Component Local

    RTC Local Administrators

    Then restart the System Center Management service.

    This fixed it for me. If you look at the membership of the equivalent local groups on a Lync Server 2013 Front End you'll see that these groups contain the NETWORK SERVICE account. Looks to be an oversight by MSFT.

    Cheers,

    Garry

    Thursday, June 20, 2013 8:44 AM
  • Hi Garry,

    Sorry for the slow reply on this. Yes, that solved the problem. This is actually a multi-tenant SCOM deployment in which I have only command-line access to the monitored servers. So for future reference, and for anyone else with a similar issue, here are the commands:

    net localgroup “RTC Component Local Group” “NT AUTHORITY\Network Service” /add

    net localgroup “RTC Local Administrators” “NT AUTHORITY\Network Service” /add

    Probably only one of these is actually needed, but I went ahead and did both to maintain parity between the configurations on the edge and on the front end.

    Thanks,

    Gerry

    Friday, August 23, 2013 5:19 PM
  • It's indeed only required to add NETWORK SERVICE to the RTC Component Local Group.
    Sunday, October 06, 2013 12:17 PM
  • Hi Gerry

    Help to for Skype for Business Edge Server.

    Thanks for your Help


    Roendi

    Friday, June 12, 2015 8:59 AM
  • Hi all,

    with your advices I'm now able to discover Lync Edge Server in DMZ.

    Unfortunately, I'm not able to monitor Front End Server located in untrusted domain (I also have gateway server deployed at the partner site). LS Discovery Script worked and I'm able to see partner FE servers in Agent managed, but SCOM does not recognize them as Lync Servers!! In a few words, everything seems ok, no errors on SCOM side, but I see no data sent from Front End Servers. Still permission issue?

    Wednesday, March 02, 2016 11:00 AM