On windows 2016 server start and search stopped working.
While researched and different issue with KMS not starting on the server, discovered that the computer DCOM object did not have SELF in it.
Added SELF in component services. Start and search started working.
Open mmc and add component services snapin.
Navigate to Component Services-Computers. Right click My Computer and go to COM Security tab.
Click Edit default in Access permissions. Click ADD and look for SELF in domain.
Install-Module -Name ReportingServicesTools
$sourceRsUri = 'http://reportginserver/Reportserver'
#Declare Proxy so we dont need to connect with every command
$proxy = New-RsWebServiceProxy -ReportServerUri $sourceRsUri
#Output ALL Catalog items to file system
Out-RsFolderContent -Proxy $proxy -RsFolder / -Destination 'c:\Backup_Reports' -Recurse
Get process core count.
SELECT DISTINCT(CPU.SystemName0) AS [System Name], CPU.Manufacturer0 AS Manufacturer, CPU.Name0 AS Name, COUNT(CPU.ResourceID) AS [Number of CPUs], CPU.NumberOfCores0 AS [Number of Cores per CPU], CPU.NumberOfLogicalProcessors0 AS [Logical CPU Count] FROM [dbo].[v_GS_PROCESSOR] CPU GROUP BY CPU.SystemName0, CPU.Manufacturer0, CPU.Name0, CPU.NumberOfCores0, CPU.NumberOfLogicalProcessors0
The Azure VM on startup may get a 169.254 IP and this causes the vm to lose any rdp connections it may have.
The VM's also do not respond to ping or get DNS addresses assigned.
Solution is to add this registry key.
Find this registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Click Edit > New, and click DWORD Value. Enter ArpRetryCount.
Right-click the ArpRetryCount registry entry and click Modify. In the Value box, type 0 and click OK.
Since you wont have access to the server you will have to use Bastion in Azure to login.
Or you can use the Azure serial console to connect and add the registry key via command prompt.
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v ArpRetryCount /t REG_DWORD /d 0
Error: Could not connect to SCOM zone in another domain using credentials of the same domain. even though bidirectional trust was present.
If the sdk service is running under local system account.
Error during powershell connection to scom zone.
PS C:\> New-SCOMManagementGroupConnection
-ComputerName SCOMMG2.consoso.com
New-SCOMManagementGroupConnection : The user does not have sufficient
permission to perform the operation.
At line:1 char:1
+ New-SCOMManagementGroupConnection -ComputerName SCOMMG2.ms-Contoso ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
CategoryInfo :
InvalidOperation:
(Microsoft.Syste...nnectionCommand:NewSCManagementGroupConnectionComma
nd) [New-SCManagementGroupConnection], UnauthorizedAccessEnterpriseManagementException
+ FullyQualifiedErrorId :
ExecutionError,Microsoft.SystemCenter.Core.Commands.NewSCManagementGroupConnectionComman
Event id 4 generated in System Log.
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server SCOMMG2$. The target name used was MSOMSdkSvc/SCOMMG2.consoso.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (CONSOSO.COM) is different from the client domain (CONTOSO.AL.GOV), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
Verified that the id had permissions to SCOM zone.
The Scom SDK service was running under local system account. The spn for sdk service was not registered in AD. Verified by setspn -L SCOMMG2.
Event id 26371 generated in Operations manager log.
|
|
Event Data:
< DataItem type =" System.XmlData " time =" 2023-07-15T01:15:28.0000000-05:00 " sourceHealthServiceId =" 2765519A-33B2-441C-F345-0FF0CEB2E109 " >
< EventData >
< Data > SCOMMG1 </ Data >
< Data > SCOMMG1.contoso.com </ Data >
< Data > CN=SCOMMG1,OU=Server Accounts,OU=Prod,OU=Contoso Servers,DC=-Contoso,DC=COM </ Data >
</ EventData >
</ DataItem >
Solution:
· Open ADSIDEDIT. Find the server object open properties and grant SELF read write access in security tab.
· Registered spn for the sdk and all management server computer accounts using.
Setspn.exe -S MSOMSdkSvc/SCOMMG1 SCOMMG1
Setspn.exe -S MSOMSdkSvc/SCOMMG2 SCOMMG2
Connection was successful in powershell.