A container for the management group MG2 either does not exist in domain demoxxx.net or the Run As Account associated with the AD based agent assignment rule does not have access to the container. Please run MomADAdmin for this Management Group before configuring assignment rules and make sure the associated Run As Account is the member of the Operations Manager Administrator role ---
Workflow name: _DEMOWMP_VCDEMON230_CAP_demowmp.net
Instance name: VCDEMON230-CAP.demowmp.net
Instance ID: {A5B7E322-E737-EA17-25C1-B52097AAD4AF}
Management group: MG2
The issue is that each node in the cluster doesn't not have permission to create a service connection point in Active Directory.
Here is the command to run to grant permissions to each node of an RMS cluster in Active Directory:
dsacls CN=MG2,CN=OperationsManager,DC=yourdomain,DC=com /G CLUSTERNODE1COMPUTERNAME$:CC;serviceConnectionPoint;
CLUSTERNODE1COMPUTERNAME$:CC;group; CLUSTERNODE1COMPUTERNAME$:RCLCRPDTLO;;
(all one line)
Run this command for each node of the cluster.
Next, open Active Directory Users and Computers. On the View menu, select "Advanced Features". Navigate to the OperationsManager -> Group Name> container. Right click on your Management Group's name (container), then point to All Tasks -> click Delegate Control. Click Next. Click Add. Click Object Types, and select Computers. Click OK. Enter the name of each RMS cluster node, and enter the RMS cluster service name as well. Click OK. Click Next. Check the box for "Modify the membership of a group", then click Next. Click Finish. Finally, use Cluster Management to restart the entire RMS cluster "service".
Thanks to Frank for basically figuring this out.
Just used this again today. It saved my butt! -Frank
ReplyDelete