RunAs Authorization Check Monitor

  • ID:  Microsoft.SystemCenter.HealthServiceRunAsAccounts.AuthorizationCheck.Unit
  • Description:  This monitor checks that a set of Run As Accounts are valid and can be authorized.
  • Target:  Health Service
  • Enabled:  Yes

Operational States

Name State Description
RunAs accounts are not authorized Error  
RunAs accounts are authorized Success  

Alert Details

Monitor State Message Priority Severity Auto Resolution
RunAs accounts are not authorized (Error) RunAs Authorization Check Failed Medium Critical Yes

Run As Profiles

Name
Default

Monitor Knowledgebase

Summary

The health service blocked access to the specified Windows credential (which is being used in a RunAs Account) because it is not authorized on this health service for this management group.

Below is a summary of the default configuration of this monitor:

  • Red state: Transition to red state if the health service blocked access to the specified windows credential (event 7017)

  • Green state: Transition to green state if the health service has authorized all configured RunAs accounts to execute (event 7025) or if the connector manager is successfully started for the management group (event 2002)

Causes

The red state can indicate the following may be happening on the agent:

The local administrator of the managed computer on which the health service is running may have run the HSLockdown tool to deny access to this windows credential (or only allow access to certain Windows credential).

Resolutions

You can perform the following steps to resolve the problem or to gather data prior to seeking assistance from Microsoft product support:

  • You can run the HSLockdown tool to change which credentials are authorized on the managed computer

  • Capture all 7### events, save the Operations Manager event log on the agent computer and call Microsoft product support. During the support call, mention the most recent 7### events and any error codes (e.g. event 7022) inside the event and ask if the Operations Manager event log is needed.

External References
This monitor does not contain any external references.

See Also for System Center Library Management Pack


Downloads for System Center Library Management Pack

AZURE OPTIMIZATION ASSESSMENT GET STARTED
MIGRATION TO AZURE GET STARTED
SYSTEM CENTER MIGRATION TO AZURE GET STARTED
MIGRATION TO AZURE FOR SQL AND WINDOWS 2008 GET STARTED