• Management Pack:  SCOM 2016
  • MP Version:  1.0
  • Released:  10/19/2018
  • Publisher:  Microsoft

Run As Account Authorization Monitor

  • ID:  Microsoft.SystemCenter.HealthServiceRunAsAccounts.AuthorizationCheck.Unit
  • Description:  This monitor checks that a set of Run As accounts are authorized. Authorization can be restricted when an administrator runs the HSLockdown tool.
  • Target:  Health Service
  • Enabled:  Yes

Operational States

Name State Description
Run As accounts are not authorized Warning  
Run As accounts are authorized Success  

Alert Details

Monitor State Message Priority Severity Auto Resolution
Run As accounts are not authorized (Warning) Run As Account Authorization Failed Medium Critical Yes

Run As Profiles

Name
Default

Monitor Knowledgebase

Summary

One or more Windows credentials being used in a Run As account have been blocked on this computer.

Below is a summary of the default configuration of this monitor:

  • Warning state: Transition to warning state if the System Center Management Health Service blocked access to the specified Windows credential (event 7017)

  • Healthy state: Transition to healthy state if the System Center Management Health Service has authorized all configured Run As accounts to execute (event 7025)

Causes

By default, all credentials are permitted to run on a computer. This failure will occur if one or more credentials have been denied access on the computer with the HSLockdown tool.

Resolutions

The monitor will not return to a healthy state until all credential authorization issues are resolved on this computer. A 7025 event will be generated when all issues have been resolved.

You can perform the following steps to resolve the problem:

  • Identify the credentials that are trying to load but have been denied access to the computer. Look for 7017 events on the computer in question.

  • If the credentials should be permitted, run HSLockdown.exe with the "/A" parameter to add the credentials.

  • If the credentials should not be permitted, determine which Run As profiles are using these credentials and remove these credentials from those profiles. Update the profiles with permitted credentials.

  • If the workflows should not be running on this computer, use overrides to disable the workflows.

External References
This monitor does not contain any external references.

See Also for SCOM 2016 Management Pack


Downloads for SCOM 2016 Management Pack

AZURE OPTIMIZATION ASSESSMENT GET STARTED
MIGRATION TO AZURE GET STARTED
SYSTEM CENTER MIGRATION TO AZURE GET STARTED
MIGRATION TO AZURE FOR SQL AND WINDOWS 2008 GET STARTED