Domain Controllers greyed out in SCOM 2012

If you push the SCOM agent out to a domain controller and find that they show up greyed out in the SCOM 2012 console here is something you should do to try and fix:-

Logon to the DC that is experiencing the issue and launch an administrative command prompt, then run the HSlockdown tool and add the LOCAL SYSTEM account to the directory where the scom agent is installed:-

C:\Program Files\System Center Operations Manager\Agent

Run the command HSLockdown /L to show what accounts have been allowed or denied access to the directory








As can be seen from the above screenshot LOCAL SYSTEM isn’t even populated

Now run the HSLockdown tool again but this time add the switch to allow LOCAL SYSTEM









Restart the SCOM healthservice, give it 5mins then the Domain Controller health status icon should turn green


This entry was posted in SCOM Agents and tagged , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s