Jaa


MOM Agent Install Fails from the Admin UI - fails immediately

In MOM 2005 SP1, if the Management Server action account is set to the local system account, any attempt to install, uninstall, upgrade, or update agent settings will fail if you specify another account to install the agent with (in a scenario where the Management Server action account does not have local administrator rights on the target agent) will immediately fail - no details provided.

If you enable logging (tracelevel = 6), the momservice(b).log (on the management server) will contain the error:

Wrn:Failed to disconnect remote connection\\xx.xx.xx.xxx , error text = 2250:This network connection does not exist.

This looks a lot like the issue described in 912998 (https://support.microsoft.com/kb/912998/en-us) where the Network access: Do not allow storage of credentials or .NET Passports for network authentication group policy is enabled. Make sure this is not enabled on the Management Server. If it's not enabled, most likely your Management Server action account is set to Local System.

When you installed MOM initially, you had to specify an account for the Management server action account. You can set the Management Server action account to Local System by setting:

HKEY_LOCAL_MACHINE\SOFTWARE\Mission Critical Software\OnePoint\Configurations\ <configuration_group_name>\AA\ActionIdentityMode to 0

This is documented in 891602 (https://support.microsoft.com/kb/891602/en-us).

Restart the MOM Service for this change to take effect.

You can confirm what the Management Server action account is currenly set to using the setactionaccount.exe utility that is installed in the MOM folder (Program Files\Microsoft Operations Manager 2005 by default).

This command will give you the account:

setactionaccount <configuration_group_name> -query

If the Management Server action account is Local System, the response will be:

"Providers and responses run under the services process identity"

To change the Management Server action account back to a domain account, you need to do the following:

1. Set HKEY_LOCAL_MACHINE\SOFTWARE\Mission Critical Software\OnePoint\Configurations\ <configuration_group_name>\AA\ActionIdentityMode to 1

2. Run the setactionaccount.exe:

setactionaccount.exe <configuration_group_name> -set <domain> <password>

The utility will prompt you for the password twice. Once the action account is set back to a domain account, you will be able to upgrade, install, uninstall, and update agent settings specifying an account (other than the action account) with local administrator rights on the target agent.