none
RUNAS account - Specified Cast is invalid.

    Question

  • When I attempt to look at the properties of a RUNAS account for SQL Server alerting / monitoring which I recently updated to add a new sql server in the distributionl, I get the following error.

    Eventually it will come up but the distribution list of servers is no longer populated.

    Any ideas?  

    Specified Cast is not valid.

    Note:  The following information was gathered when the operation was attempted.  The information may appear cryptic but provides context for the error.  The application will continue to run.

    System.InvalidCastException: Specified cast is not valid.
       at Microsoft.EnterpriseManagement.Monitoring.Internal.MonitoringObjectGenerated.get_Id()
       at Microsoft.EnterpriseManagement.Common.EnterpriseManagementObject.GetObjectWrappersPostProcessing[T](ReadOnlyCollection`1 resultSet, IEnterpriseManagementObjectCreatable`1 constructorHelper)
       at Microsoft.EnterpriseManagement.Common.EnterpriseManagementObject.CreateMultiple[T](IList`1 dataAccessResultSet, EnterpriseManagementGroup managementGroup, Dictionary`2& instanceById, ObjectQueryOptions queryOptions)
       at Microsoft.EnterpriseManagement.Common.EnterpriseManagementObject.CreateMultiple[T](IList`1 dataAccessResultSet, EnterpriseManagementGroup managementGroup, ObjectQueryOptions queryOptions)
       at Microsoft.EnterpriseManagement.SecurityConfigurationManagement.GetApprovedHealthServicesForDistribution[T](ISecuredData securedData)
       at Microsoft.EnterpriseManagement.Mom.Internal.UI.Common.SDKHelper.<>c__DisplayClass2b.<GetApprovedHealthServicesForDistribution>b__2a(Object sender, ConsoleJobEventArgs e)
       at Microsoft.EnterpriseManagement.Mom.Internal.UI.Console.ConsoleJobExceptionHandler.ExecuteJob(IComponent component, EventHandler`1 job, Object sender, ConsoleJobEventArgs args)


    Thanks Lance

    Tuesday, August 6, 2013 11:59 PM

Answers

  • This will happen if an agent that was in the distribution list for that account was removed from the management group.  For some reason deleting the agent doesn't recurse back to the account distribution and the SCOM query fails.  Best practice is to remove the distribution before removing the agent.

    B. Wright

    Friday, August 9, 2013 3:12 PM

All replies

  • I see you have posted some other odd behavior coming from your SCOM environment recently. I would suspect there is some underlying problem, like corruption, or an incorrect core configuration somewhere.

    I know this doesn't help solve your problem - just making an observation.

    Was there any configuration or database update performed recently that might be causing these problems?


    Jonathan Almquist | SCOMskills, LLC (http://scomskills.com)

    Friday, August 9, 2013 7:00 AM
    Moderator
  • For some reason, this happened because the distribution list was empty or had perhaps something else saved.  When I finally got it up and added another machine and saved, it worked fine.

    Thanks Lance

    Friday, August 9, 2013 2:30 PM
  • This will happen if an agent that was in the distribution list for that account was removed from the management group.  For some reason deleting the agent doesn't recurse back to the account distribution and the SCOM query fails.  Best practice is to remove the distribution before removing the agent.

    B. Wright

    Friday, August 9, 2013 3:12 PM
  • This will happen if an agent that was in the distribution list for that account was removed from the management group.  For some reason deleting the agent doesn't recurse back to the account distribution and the SCOM query fails.  Best practice is to remove the distribution before removing the agent.

    B. Wright

    Really? Can anyone repro this? (I don't have an environment in front of me) Sounds like a pretty easy bug for MSFT to handle, and would be a common problem.

    Jonathan Almquist | SCOMskills, LLC (http://scomskills.com)

    Friday, August 9, 2013 10:27 PM
    Moderator
  • Yup. This is a pretty crummy bug IMO. 

    Steps to reproduce: 

    Create an account (Windows account in my situation).
    Distribute this account to any number of computers. 
    Uninstall agent from any one of the computers to which you had distributed the account. 
    Attempt to open the account properties.

    = Code Brown.  "Specified cast is not valid."

    Not cool. 

    Now if only there was someone crafty enough on the Scomskills team who could throw together a fancy POSH script that would check for account->object  dependencies in order to avoid this problem.  (poke, poke)

    Friday, September 27, 2013 7:30 AM
  • Well, that is a pretty 'brown' situation. I wrote something a while back that helped with automating secure distribution to groups of objects. This will add objects to the distribution list based on group membership, and could be incorporated into a MP (that's initially why I created it for a client).

    I had written into the code removal of objects as well, based on same group membership. However, I do not believe I added this to the code I put up on that blog and I would be hard pressed to dig this up from the x files today.

    Maybe someone real 'nifty' could grab that source and integrate with this to round out the solution? Best solution is for the SDK to handle this elegantly, so the community do not need to workaround a gub.


    Jonathan Almquist | SCOMskills, LLC (http://scomskills.com)

    Friday, September 27, 2013 8:01 AM
    Moderator
  • Indeed. 
    Friday, September 27, 2013 6:02 PM
  • We encountered this problem today.  I've written a script that will remove a specified computer from all RunAs Account distribution lists, and thought it might help avoid the problem next time we decommission an agent that has accounts distributed to it.

    The script also flags any accounts where the distribution list could not be accessed.

    param (
        [parameter(mandatory=$true)]$TargetName,
        [switch]$WhatIf
        )
    Import-Module -Name OperationsManager
    Write-Host
    $Accounts=0
    Get-SCOMRunAsAccount | 
    %{ 
        $Acct=$_
        try {
            $Dist = Get-SCOMRunAsDistribution -RunAsAccount $Acct
        }
        catch {
            Write-Host -f yellow $('WARNING: RunAsAccount "{0}" has a corrupt RunAs Distribution!' -f $Acct.Name)
        }
        if ($Dist.Security -eq 'MoreSecure')
        {
            $FoundTarget = $false 
            $Dist.SecureDistribution = @($Dist.SecureDistribution | %{ if ($_.DisplayName -eq $TargetName) { $foundTarget = $true } else { $_ } } )
            if ($foundTarget)
            {
                $Accounts++
                $Dist | Set-SCOMRunAsDistribution -RunAsAccount $Acct -WhatIf:$WhatIf -Verbose
            }
        } 
    }
    Write-Host
    if ($Accounts -gt 0)
    {
        if ($WhatIf)
        {
            Write-Host -ForegroundColor green $("$TargetName would be removed from {0} RunAsAccount secure distribution lists" -f $Accounts)
        } else {
            Write-Host -ForegroundColor green $("$TargetName removed from {0} RunAsAccount secure distribution lists" -f $Accounts)
        }
    } else {
        Write-Host -ForegroundColor cyan "$TargetName was not found in any RunAsAccount secure distribution lists"
    }

    Cheers,

    Paul.


    • Edited by TallPaulF Friday, January 17, 2014 4:08 AM
    Friday, January 17, 2014 4:07 AM
  • Thanks . This is it. I had to add the agents back and removed from Distribution list first.
    Thursday, October 30, 2014 12:30 PM