SCOM 2016 Agent HSLOCKDOWN tool

sccm_128

In that last 3 months I face an issue with SCOM 2016 agents, when installed on a Domain Controller:  the agent installed successfully and does not communicate.

I found the following events:

Event 1:

Log Name:      Operations Manager
Source:        HealthService
Event ID:      7017
Task Category: Health Service
Level:         Error
Computer:      #################
Description:
The health service blocked access to the windows credential NT AUTHORITY\SYSTEM because it is not authorized on management group SCOM.  You can run the HSLockdown tool to change which credentials are authorized.

Event 2:

Log Name:      Operations Manager
Source:        HealthService
Event ID:      1102
Task Category: Health Service
Level:         Error
Computer:      #################
Description:
Rule/Monitor “Microsoft.SystemCenter.WMIService.ServiceMonitor” running for instance “######.########.###” with id:”{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}” cannot be initialized and will not be loaded. Management group “SCOM_MG”

The reason?  Local System is denied/not allowed by HSLOCKDOWN

What I Did to resolve the issue is to Run HSLOCKDOWN –A “NT AUTHORITY\SYSTEM”

To simplify resolving the this issue I develop simple tool to run the HSLOCKDOWN to allow/remove/deny with just 2 clicks.

The tool tested only for SCOM 2016 Agents.

Run Steps:

1.    Run the tool exe file with account has the needed rights to run the HSLOCKDOWN
2.    The default account is “NT AUTHORITY\SYSTEM” and it can be changed with any account or group with the same input context.
3.    Just click allow or deny or remove and click apply to restart the health service.
4.    Close the tool

HSLOCKDOWN documented here
The Tool found here

Advertisements

2 thoughts on “SCOM 2016 Agent HSLOCKDOWN tool

Leave a Reply Please

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s