Domain Controller Health Service Lockdown Issue with SCOM 2016

I came to this realization last year, but I don’t think I wrote about it.

When monitoring domain controllers, specifically domain controllers running on Windows Server 2016, and specifically with System Center Operations Manager 2016 (and later, I assume) have a bit of an issue when you deploy the SCOM Agent to the server.  It deploys, it installs… but when you look at the list, your domain controllers do not have that friendly GREEN check mark… you get the same icon, but it is grey.

SCOM Greyed

Reason? The Health Service is denying the NT AUTHORITY\SYSTEM.

HSLockdown

This is an easy fix.  If you are running Server with Desktop Experience (what we until recently called the GUI), then make sure you open the Command Prompt with elevated privileges.  Navigate to c:\Program Files\Microsoft Monitoring Agent\Agent, and then type the following:

  1. HSLockdown.exe /A “NT AUTHORITY\SYSTEM”
  2. net stop healthservice
  3. net start healthservice

Once you do that, it should only take a minute for SCOM to reflect the change.  If you are too impatient to wait, you can click REFRESH.

I hope this helps!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s