Thursday, July 1, 2010

AD MP throws error: ‘Health Service Credentials Not Found Alert Message’

Had this issue at a customers site. The AD MP had been imported and configured. Also replication monitoring was configured. For this a Run As Profile within SCOM has to be configured (AD MP Account).

All was set as it should but still the DCs raised this Alert in the Console: ‘Health Service Credentials Not Found.’ And: ‘An account specified in the Run As profile "Microsoft.Windows.Server.AD.ActionAccountProfile" cannot be resolved.’.

So time to check everything. An AD account with sufficient permissions was in place and operational. Not blocked, what so ever. The account was neatly added in SCOM as a Windows Run As Account. This account was added to the related Run As Profile.

Of course, for the Run As Account the ‘More Secure’ distribution type was selected. Also the correct DCs for this Run As Accounts were selected.

Time to move on to the Run As Profile. Especially the third option Run As Accounts is important here.

Hmm. All seemed to be well. But when the Alert was closed and on the related DC the Health Service was restarted, the Alert reappeared. So somehow it did not work as it should.

Since the account itself and the Run As Account in SCOM are OK, the cause had to be found in the Run As Profile. Perhaps in this case more granular targeting was needed?

So I removed the earlier Run As Account from that Profile and added it. However, this time it was targeted directly at the DCs, like this:
At the ‘This Run As Account will be used to manage the following objects: hit the Select button > choose Object.

In the Look for: box select Windows Computer and in the Filter by: box, type the name of the DC and click OK > OK.

Repeat these steps for all DCs. When complete, the list looks a bit like this:

Hit the button Save and be fine.

Close all Alerts from these DCs about ‘Health Service Credentials Not Found.’.

Now when the Health Services of the related DCs are restarted, the Alerts won’t return.


Dissertation Writing Help said...

your post is nice . . let me tell u one thing that Blogs have become latest and important source of quality free information on net people enjoying for hours together. . .nice blog keep sharing;)
Dissertation Writing Services

Marnix Wolf said...

Hi there.

Thanks for visiting my blog and your nice comment.


Unknown said...

Could a group containing the DC's be used instead of adding each one separately? Thank you.

Marnix Wolf said...

Hi Matt,

It can be done. Have never tried it though. By adding the computers one by one gives me more granular control.


Jolivenom said...

"An AD account with sufficient permission"

What are the sufficient permissions needed for the AD MP account?

Marnix Wolf said...

Hi Jolivenom.

Sufficient permissions as stated in the AD MP Guide.