Brad's Tech Blog » The OpsMgr Connector could not connect to http://bradstechblog.com Microsoft technologies like: System Center Operations Manager, and whatever else comes up at the office. Wed, 09 Nov 2011 16:36:12 +0000 en hourly 1 http://wordpress.org/?v=3.2.1 SCOM: I screwed up the OpsMgr Health Service http://bradstechblog.com/scom/scom-i-screwed-up-the-opsmgr-health-service http://bradstechblog.com/scom/scom-i-screwed-up-the-opsmgr-health-service#comments Wed, 23 Jul 2008 14:00:00 +0000 Brad Hearn http://bradstechblog.com/?p=3 Have you ever seen this in Microsfts System Center Operations Manager (SCOM)?

The OpsMgr Connector could not connect to MSOMHSvc\rms01.local

haha, I have.

Using a domain account is not supported and will not allow you to start the service. But it will register a second servicePrincipalName to the domain account. If this happens the agents will no longer be able to communicate with the server. Or at least until the duplicate servicePrincipalName is removed.

I found this out during the test phase when I changed the service login account during trouble shooting the health service. (The original problem with the health service was that it would keep failing and stopping. The resolution was never found, and that was with an open Microsoft call. We reinstalled the server and that resolved it. However the servicePrincipalName was still messed up in active directory.)

The following is what I have documented and used to fix this.

Here is a clipping from another post (http://www2.wolzak.com/index.php?option=com_frontpage&Itemid=1) on this that I found.

To generate a list of accounts that the SPNs are registered to, run the following command at the command prompt.

1. From the domain controller, open a command prompt and then type the following string: ldifde -f domain.txt
2. Open the text file in Notepad and then search for the SPN that is reported in the event log. ServiceClass/host.domain.com (in this case look for MSOMHSvc/rms01.local)
3. Note the user accounts under which the SPN is located and the organizational unit the accounts reside in….the userPrincipalName should be located directly above the servicePrincipalName registration as in the example below.
userPrincipalName: useraccount@domain.com
servicePrincipalName: ServiceClass/host.domain.com

Use one of the following options to delete the account SPN registrations from the accounts that should not contain registrations to ServiceClass/host.domain.com. (i.e. Typically any accounts containing an SPN registration for SeriviceClass/host.domain.com that services are not explicitly starting with). Make sure you know which credentials you want to keep (in this case the system account or the domain administrator) and see to it that the service is running with the credentials you want to use. Delete the other one.

Using ADSIEdit

1. Add ADSIEdit to the MMC and bind to the domain using the Domain well known naming context.
2. Navigate to each user account you previously documented as having a duplicate SPN registration and right click the account and select properties.
3. Scroll through the list of attributes until you see servicePrincipalName, double click servicePrincipalName and remove the duplicate SPN registration and click on OK and exit ADSIEdit.

Using SetSPN

1. From the command prompt type the following command and hit enter.setspn -D ServiceClass/host.domain.com:Port AccountName

Make sure to test before performing this operation in a production environment.

Brad Hearn

Enterprise Server Analyst

http://bradstechblog.com/

]]> http://bradstechblog.com/scom/scom-i-screwed-up-the-opsmgr-health-service/feed 0