Domain Controllers greyed out in SCOM 2012

If you push the SCOM agent out to a domain controller and find that they show up greyed out in the SCOM 2012 console here is something you should do to try and fix:-

Logon to the DC that is experiencing the issue and launch an administrative command prompt, then run the HSlockdown tool and add the LOCAL SYSTEM account to the directory where the scom agent is installed:-

C:\Program Files\System Center Operations Manager\Agent

Run the command HSLockdown /L to show what accounts have been allowed or denied access to the directory

dc1

 

 

 

 

 

 

As can be seen from the above screenshot LOCAL SYSTEM isn’t even populated

Now run the HSLockdown tool again but this time add the switch to allow LOCAL SYSTEM

HSLockdown /A “NT AUTHORITY\SYSTEM”

dc2

 

 

 

 

 

 

Restart the SCOM healthservice, give it 5mins then the Domain Controller health status icon should turn green

 

Advertisements
This entry was posted in SCOM Agents and tagged , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s