This monitor checks that a set of Run As Accounts are valid and can be authorized.
The health service blocked access to the specified Windows credential (which is being used in a RunAs Account) because it is not authorized on this health service for this management group.
Below is a summary of the default configuration of this monitor:
Red state: Transition to red state if the health service blocked access to the specified windows credential (event 7017)
Green state: Transition to green state if the health service has authorized all configured RunAs accounts to execute (event 7025) or if the connector manager is successfully started for the management group (event 2002)
The red state can indicate the following may be happening on the agent:
The local administrator of the managed computer on which the health service is running may have run the HSLockdown tool to deny access to this windows credential (or only allow access to certain Windows credential).
You can perform the following steps to resolve the problem or to gather data prior to seeking assistance from Microsoft product support:
You can run the HSLockdown tool to change which credentials are authorized on the managed computer
Capture all 7### events, save the Operations Manager event log on the agent computer and call Microsoft product support. During the support call, mention the most recent 7### events and any error codes (e.g. event 7022) inside the event and ask if the Operations Manager event log is needed.
Target | Microsoft.SystemCenter.HealthService | ||
Parent Monitor | Microsoft.SystemCenter.HealthServiceRunAsAccounts.Rollup | ||
Category | StateCollection | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | Error | ||
Alert Priority | Normal | ||
Alert Auto Resolve | True | ||
Monitor Type | Microsoft.Windows.2SingleEventLog2StateMonitorType | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Default |
<UnitMonitor ID="Microsoft.SystemCenter.HealthServiceRunAsAccounts.AuthorizationCheck.Unit" Accessibility="Public" Enabled="true" Target="SCLibrary!Microsoft.SystemCenter.HealthService" ParentMonitorID="Microsoft.SystemCenter.HealthServiceRunAsAccounts.Rollup" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.2SingleEventLog2StateMonitorType" ConfirmDelivery="true">
<Category>StateCollection</Category>
<AlertSettings AlertMessage="Microsoft.SystemCenter.HealthServiceRunAsAccounts.AuthorizationCheck.Unit.AlertMessage">
<AlertOnState>Error</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Error</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Data/Context/EventDescription$</AlertParameter1>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="AccountsAreNotAuthorized" MonitorTypeStateID="FirstEventRaised" HealthState="Error"/>
<OperationalState ID="AccountsAuthorized" MonitorTypeStateID="SecondEventRaised" HealthState="Success"/>
</OperationalStates>
<Configuration>
<FirstComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</FirstComputerName>
<FirstLogName>Operations Manager</FirstLogName>
<FirstExpression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">7017</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">HealthService</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<Value Type="String">$Target/ManagementGroup/Name$</Value>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<XPathQuery Type="String">Params/Param[3]</XPathQuery>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</FirstExpression>
<SecondComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</SecondComputerName>
<SecondLogName>Operations Manager</SecondLogName>
<SecondExpression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">HealthService</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<Value Type="String">$Target/ManagementGroup/Name$</Value>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<XPathQuery Type="String">Params/Param[1]</XPathQuery>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">7025</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</SecondExpression>
</Configuration>
</UnitMonitor>