This aspect contains the Active Directory Connectivity objects that you can monitor in the Enrollment System Service. These health monitors include the following detectors.
When you enroll a device, you may receive the following General Access Denied error message:
This error message indicates that MDM Enrollment Server could not create a device account because of insufficient permissions to the organizational unit (OU) of the device.
To resolve this issue, run the following cmdlet in MDM Shell:
Set-EnrollmentPermissions -container <device container>
For the command to succeed, you must be an Active Directory Domain Administrator or someone with sufficient privileges to modify OU permissions.
| Target | Microsoft.SystemCenter.MobileDeviceManager.2008.1_0.EnrollmentSystemService.ClassType | ||
| Parent Monitor | System.Health.AvailabilityState | ||
| Category | StateCollection | ||
| Enabled | True | ||
| Alert Generate | True | ||
| Alert Severity | MatchMonitorHealth | ||
| Alert Priority | Normal | ||
| Alert Auto Resolve | True | ||
| Monitor Type | Microsoft.Windows.SingleEventLogManualReset2StateMonitorType | ||
| Remotable | True | ||
| Accessibility | Public | ||
| Alert Message |
| ||
| RunAs | Default |
Home<UnitMonitor ID="Microsoft.SystemCenter.MobileDeviceManager.2008.1_0.EnrollmentSystemService.ActiveDirectoryConnectivity.MobileDeviceManager.FixOUpermissionsinActiveDirectory.EventBased.UnitMonitor" Accessibility="Public" Enabled="onEssentialMonitoring" Target="Microsoft.SystemCenter.MobileDeviceManager.2008.1_0.EnrollmentSystemService.ClassType" ParentMonitorID="SystemHealth!System.Health.AvailabilityState" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.SingleEventLogManualReset2StateMonitorType" ConfirmDelivery="true">
<Category>StateCollection</Category>
<AlertSettings AlertMessage="Microsoft.SystemCenter.MobileDeviceManager.2008.1_0.EnrollmentSystemService.ActiveDirectoryConnectivity.MobileDeviceManager.FixOUpermissionsinActiveDirectory.EventBased.UnitMonitor.AlertMessage">
<AlertOnState>Error</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>MatchMonitorHealth</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Data/Context/EventDescription$</AlertParameter1>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="ManualReset" MonitorTypeStateID="ManualResetEventRaised" HealthState="Success"/>
<OperationalState ID="NegativeHealthState" MonitorTypeStateID="EventRaised" HealthState="Error"/>
</OperationalStates>
<Configuration>
<ComputerName>$Target/Host/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Mobile Device Manager</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>Enrollment</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>2011</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</Configuration>
</UnitMonitor>