Wednesday, July 12, 2017

Increase VMware Vcenter server disk space using powershell

Increasing virtual disks in VMware is pretty easy and straightforward.
Mapping them to the right disk in your computer is hard. They have not direct correlation seen in the Vmware ui.
So its pretty much guesswork after checking the available diskspace in computer and matching it with the diskspace seen in VMWare.

This script matches the disks in VMware with the one in computer.
Increases the space
Extends all the partitions in your computer which have free diskspace.You shouldn't have diskpace lying around unused anyway ;)

Things you need.
Account which has rights on the VMware server. Account with rights on your computer.
VMware assemblies or powercli installed.

Download link here
https://my.vmware.com/group/vmware/details?downloadGroup=VSP510-PCLI-510&productId=285


 If your script fails with and exception for SoapInterceptor
find the dll VMware.VimAutomation.Logging.SoapInterceptor.dll in your powercli install directory.
and add this line to your script after placing it in the right location.

[System.Reflection.Assembly]::LoadFrom("c:\temp\VMware.VimAutomation.Logging.SoapInterceptor.dll")



############# Variable declaration and initialization##################################################
$ComputerName = "Put your VMware computername here"
$username = "domain\username"
$password = ConvertTo-SecureString -AsPlainText -Force "password"
$Credentials = New-Object System.Management.Automation.PSCredential ($username, $password)
$LocalDriveObjects =  @()
$capacityIncrease = 2
$Volume = "D:"

############################################Assemblies#############################################################
add-pssnapin VMware.VimAutomation.Core
add-pssnapin VMware.VimAutomation.Vds

##########################################################################################################


Function CreateEventLog()
{
$ApplicationEventLogSources = Get-ChildItem "HKLM:\SYSTEM\CurrentControlSet\Services\EventLog\Application"

if(!(($ApplicationEventLogSources | Select-Object "PSChildName") -match "DiskIncreaseScript"))
{
 New-EventLog -LogName Application -Source DiskIncreaseScript -ComputerName "localhost"

}

}


Function WriteEvent($message)
  {
      Write-EventLog -logname Application -computername "localhost" -Source DiskIncreaseScript -Eventid 65503 -Message $message
  }

Function Increase-Disk($HardDisk)
         {
            
            $CurrentCapacity = $HardDisk.CapacityGB
            $Capacity = $CurrentCapacity + $capacityIncrease
            WriteEvent "Current capacity on $Computername : $CurrentCapacity. This will be increased to $Capacity"
            Set-HardDisk -HardDisk $HardDisk -CapacityGB $Capacity -GuestCredential $Credentials -Confirm:$false
         }

Function Increase-volume($Computer)
         {
          
           WriteEvent "Increasing volumes on $Computer"
          
           Invoke-Command -ComputerName $Computer -scriptblock { 'list disk' | diskpart | ? {
  $_ -match 'disk (\d+)\s+online\s+\d+ .?b\s+\d+ [gm]b'
} | % {
  $disk = $matches[1]
  "select disk $disk", "list partition" | diskpart | ? {
    $_ -match 'partition (\d+)'
  } | % { $matches[1] } | % {
    "select disk $disk", "select partition $_", "extend" | diskpart | Out-Null
  }
}
}


          }


Function Get-LocalDisk($Computer)
{
$PDiskDrives = Get-WmiObject -Class Win32_DiskDrive -ComputerName $Computer

 foreach($PdiskDrive in $PDiskDrives)
  {

   $partitionquery = "ASSOCIATORS OF {Win32_DiskDrive.DeviceID='$($PdiskDrive.DeviceID)'} WHERE AssocClass = Win32_DiskDriveToDiskPartition"
   $Partitions = Get-WmiObject -Query $partitionquery -ComputerName $Computer
   #$Partitions
    foreach($Partition in $Partitions)
     {
     $Logicaldrivesquery = "ASSOCIATORS OF {Win32_DiskPartition.DeviceID='$($partition.DeviceID)'} WHERE AssocClass = Win32_LogicalDiskToPartition"
     $LogicalDrives =  Get-WmiObject -Query $Logicaldrivesquery -ComputerName $Computer
 
    
      foreach($LogicalDrive in $LogicalDrives)
        {
          
       
        $obj = New-Object -Type PSCustomObject -Property @{
        Disk        = $PdiskDrive.DeviceID
        DiskSize    = $PdiskDrive.Size
        DiskModel   = $PdiskDrive.Model
        Partition   = $partition.Name
        RawSize     = $partition.Size
        DriveLetter = $LogicalDrive.DeviceID
        VolumeName  = $LogicalDrive.VolumeName
        Size        = $LogicalDrive.Size
        FreeSpace   = $LogicalDrive.FreeSpace
        SerialNumber = $PdiskDrive.SerialNumber
                                                           }

        $LocalDriveObjects = $LocalDriveObjects + $obj
        }
     }
}
        
return $LocalDriveObjects
}

##################### Main Script######################################################
Connect-VIServer "VcenterServerName" -Credential $Credentials
$LocalDisks = Get-LocalDisk $Computername
$vmHardDisks = Get-VM -Name $ComputerName | Get-HardDisk 
$vmDatacenterView = Get-VM -Name $ComputerName | Get-Datacenter | Get-View 
$virtualDiskManager = Get-View -Id VirtualDiskManager-virtualDiskManager

CreateEventLog

foreach($DObject in $LocalDisks)
 {
  if($DObject.DriveLetter -eq $Volume)
     {
      WriteEvent  "Checking driveletter $($DObject.Driveletter) on $ComputerName"
      foreach($vmHardDisk in $vmHardDisks)
              {
              $vmHardDiskUuid = $virtualDiskManager.queryvirtualdiskuuid($vmHardDisk.Filename, $vmDatacenterView.MoRef) | foreach {$_.replace(' ','').replace('-','')}
             
              if($DObject.SerialNumber -eq $vmHardDiskUuid)
                {
                 WriteEvent "Found a match $vmHardDiskUuid $($DObject.SerialNumber) $($vmHardDisk.Name) on $Computername"
                 WriteEvent "Disk Object: $DObject"
                 Increase-Disk $vmHardDisk
                 Start-Sleep -Seconds 10
                
                
                }
              }
     }
 }

Start-Sleep -Seconds 120

Increase-volume $Computername



Friday, June 30, 2017

SQL server Reporting Services configuration manager does not open

This can happen due a corrupted wmi repository. If that is the case in your installation.

Find the file sqlmgmproviderxpsp2up.mof in your SQL installation directory on your server.

 In my case it was located in

C:\Program Files (x86)\Microsoft SQL Server\110\Shared

Then open command prompt as admin and navigate to the directory.

Then execute

mofcomp.exe sqlmgmproviderxpsp2up.mof

This will repair your repository  and you should be able to open the console.



Friday, June 23, 2017

Extract contents from msp file

Use the msix utility to extract the contents of your msp file.

https://onedrive.live.com/?id=9415F61CBB1A8030%211613&cid=9415F61CBB1A8030


C:\Parag\Tools\Temp>MsiX.exe SCSM2012R2_CU_KB3129780_AMD64_7.5.3079.607.msp
Target_MSIToFixed_MSI
#Target_MSIToFixed_MSI
PCW_CAB_SMHotfix

Rename the cab file by adding the extension .cab to it.

Now you can browse the file in Windows Explorer and extract the file you need.

Find the directory for your installation and search for this file.

Microsoft.EnterpriseManagement.Packaging.dll

Copy the location of that file in my case its

C:\Program Files\Microsoft System Center 2012 R2\Operations Manager\Setup

Thursday, June 22, 2017

VMWare monitoring using SCOM

The management pack for monitoring VMware is here.

https://github.com/Mitch-Luedy/Community.VMware

It's a very good management pack.and also has clear instructions for installation.


But after installation you may find that the required objects are not being discovered.
This is largely due to the fact that the powershell scripts which are running the discoveries have this

Try {
    Add-PSSnapin VMware.VimAutomation.Core
} Catch {
    Start-Sleep -Seconds 10
    Try {
        Add-PSSnapin VMware.VimAutomation.Core
    } Catch {
        DefaultErrorLogging
        Exit
    }
}

If the mp was unsealed then maybe I could have updated the code and added import-module instead of this one. But to fix it  try this.

1. Install the VMware powercli version from this link.

https://my.vmware.com/web/vmware/details?downloadGroup=PCLI550&productId=352

VMware-PowerCLI-5.1.0-793510.exe

After installation run the commands in powershell and if you do not get any errors then you are good to go.

Wednesday, June 7, 2017

How to make a parameter mandatory in powershell.

How to make a parameter mandatory in powershell.

Enter this at the start of your script.

param(
            [Parameter(Mandatory=$true)]
            [string]$Server
           )

A very good explanation and additional ways to do it is here.

https://blogs.technet.microsoft.com/heyscriptingguy/2011/05/22/use-powershell-to-make-mandatory-parameters/

powershell powergui download link

Powergui is a very good powershell editor. I particularly like the speed of execution compared to windows powershell ise.



Please refer to this link for powergui and additinal downloads.

https://dmitrysotnikov.wordpress.com/2015/01/30/download-links-for-powergui-and-qad-cmdlets/

In case the page does not open the direct download link is posted below.

http://community-downloads.quest.com/powergui/Release/3.8/PowerGUI.3.8.0.129.msi

Friday, May 5, 2017

Event 4502 Log analytics customs logs not present. Unable to get blob container for CustomLog

If you get this event in your opsmgr logs.

A module of type "Microsoft.EnterpriseManagement.Mom.Modules.CloudFileUpload.CloudFileUploadWriteAction" reported an exception Microsoft.EnterpriseManagement.Mom.Modules.CloudFileUpload.FileUploadException: Unable to get blob container for CustomLog from https://omsworkspaceid.ods.opinsights.azure.com/ContainerService.svc. Will keep trying according to the specified policy. ---> System.Net.WebException: The remote name could not be resolved: 'omsworkspaceid.ods.opinsights.azure.com'
   at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
   at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult)
   at Microsoft.EnterpriseManagement.Mom.Modules.CloudFileUpload.CloudFileUploadWriteAction.GetRequestStreamCallback(IAsyncResult asynchronousResult)
   --- End of inner exception stack trace --- which was running as part of rule "Microsoft.IntelligencePacks.CustomLogUpload.UploadCustomLog" running for instance

Just make sure that you are able to infact connect to that url from your servers.
If you rule out any firewall issues and the url infact does not exist which was in my case.
Since I am running this in the Azure government cloud the url for me was different.
This url can be found out by opening the overrides pane in your scom console.
Scope it to "Health Service" and look in Management pack object rule- Target Object.
The parameter Endpoint url is an overridedable parameter. Get the right one from the overrides in the others
the values for these endpoints vary according to the services that they provide. Just pick the right one which shows up in your event.
OperationalData.svc/PostDataItems
/ContainerService.svc/PostDataItems
/EtwEventCollectionDataService.svc/PostDataItems

 Then open rules and again scope them to health service.Find your rule from the event. Check the highlighted last line  from above event.
Override this rule and add the EndpointUrl that pertains to your environment.


Log analytics log collection. Change proxy settings for some servers.

If you are trying to connect your SCOM agents to Log Analytics. The link for that is here.

https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-oms-gateway

There are two ways in which you can do that
1. Install the SCOM agent and connect your SCOM zone to Log analytics.
2. Install the OMS agent and either let it send data directly over the internet or through you SCOM zones.

What we did not know that if you have servers which are in different subnets and do not have a direct internet connection, you will not see some of your data in OMS.
This is because the SCOM agents will send some of the data to your SCOM zones but the other performance collection data is sent directly over the internet.
The solution for this is to provide a proxy. Which you can do if you have the OMS agent installed.
But if you only have the SCOM agent installed and you try set up a proxy server to send data to OMS it does not allow you to configure individual settings.
The setting in Administration--OMS-Connection--Proxy server will apply the same setting to all your agents.

If some of the servers which have internet connection send data directly over the internet and some of the servers still send data to the OMS gateway you have to do this

Open your SCOM console and create a group of servers. Add the objects of the class health service that you want to be sending data over the gateway.





 Then navigate to rules. Select scope "Health Service" and override the rule "Advisor Proxy Setting Rule" for this group. Enter your proxy server in parameter "Web proxy address" and apply. Save this in a new unsealed management pack.

 

Wednesday, May 3, 2017

Service manager Exchange connector parsing keywords

Here are the keywords that can be used when you are working on incidents or service requests in Service manager.
If you add this keyword to your email the desired actions will take place.
The id of the incident or service request should be in the subject of the email.
and then include these keywords exactly as they are shown to have the desired action

e.g
Subject: [SR1245] This is a service request to create and account

Body:

Please close the ticket. The account is created.

[Completed]




Tuesday, May 2, 2017

Putting SCOM agents in maintenance mode during Configmgr SCCM patching using a management pack.

A while ago I was tasked to suppress the alerts from SCOM for servers which were being patched and rebooted. There is a checkbox in SCCM which allows you to suppress the SCOM alerts but it did not work in my case and we got bombarded with alerts during a patching window.

This management pack in your environment should help in catching those alerts and suppressing your servers when there is a reboot for patching. Copy the code below and create your own xml file.
Name it Contoso.Patching.Maintenance.xml before you import it or you can rename it to the company or organization you work for.
But make sure that you replace Contoso everywhere.

This management pack will monitor the agents for an event 1074. Which is the Configmgr initiated reboot.
Then run a power shell script which will put those agents in maintenance mode.


<?xml version="1.0" encoding="utf-8"?><ManagementPack ContentReadable="true" SchemaVersion="2.0" OriginalSchemaVersion="1.1" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
  <Manifest>
    <Identity>
      <ID>Contoso.Patching.Maintenance</ID>
      <Version>1.0.0.0</Version>
    </Identity>
    <Name>Contoso Patching Maintenance</Name>
    <References>
      <Reference Alias="MicrosoftWindowsLibrary7585010">
        <ID>Microsoft.Windows.Library</ID>
        <Version>7.5.8501.0</Version>
        <PublicKeyToken>31bf3856ad364e35</PublicKeyToken>
      </Reference>
      <Reference Alias="SystemLibrary7585010">
        <ID>System.Library</ID>
        <Version>7.5.8501.0</Version>
        <PublicKeyToken>31bf3856ad364e35</PublicKeyToken>
      </Reference>
      <Reference Alias="SystemCenter">
        <ID>Microsoft.SystemCenter.Library</ID>
        <Version>7.0.8433.0</Version>
        <PublicKeyToken>31bf3856ad364e35</PublicKeyToken>
      </Reference>
      <Reference Alias="Health">
        <ID>System.Health.Library</ID>
        <Version>7.0.8433.0</Version>
        <PublicKeyToken>31bf3856ad364e35</PublicKeyToken>
      </Reference>
    </References>
  </Manifest>
  <Monitoring>
    <Rules>
      <Rule ID="Contoso.ConfigmgrInitiated.Reboot.Alert.Rule" Enabled="true" Target="MicrosoftWindowsLibrary7585010!Microsoft.Windows.Server.Computer" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
        <Category>Alert</Category>
        <DataSources>
          <DataSource ID="DS" TypeID="MicrosoftWindowsLibrary7585010!Microsoft.Windows.EventProvider">
            <ComputerName>$Target/Property[Type="MicrosoftWindowsLibrary7585010!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
            <LogName>System</LogName>
            <Expression>
              <And>
                <Expression>
                  <SimpleExpression>
                    <ValueExpression>
                      <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
                    </ValueExpression>
                    <Operator>Equal</Operator>
                    <ValueExpression>
                      <Value Type="UnsignedInteger">1074</Value>
                    </ValueExpression>
                  </SimpleExpression>
                </Expression>
                <Expression>
                  <SimpleExpression>
                    <ValueExpression>
                      <XPathQuery Type="String">PublisherName</XPathQuery>
                    </ValueExpression>
                    <Operator>Equal</Operator>
                    <ValueExpression>
                      <Value Type="String">User32</Value>
                    </ValueExpression>
                  </SimpleExpression>
                </Expression>
                <Expression>
                  <RegExExpression>
                    <ValueExpression>
                      <XPathQuery Type="String">EventDescription</XPathQuery>
                    </ValueExpression>
                    <Operator>ContainsSubstring</Operator>
                    <Pattern>The process C:\Windows\CCM\Ccmexec.exe</Pattern>
                  </RegExExpression>
                </Expression>
                <Expression>
                  <RegExExpression>
                    <ValueExpression>
                      <XPathQuery Type="String">EventDescription</XPathQuery>
                    </ValueExpression>
                    <Operator>ContainsSubstring</Operator>
                    <Pattern>has initiated the restart of computer</Pattern>
                  </RegExExpression>
                </Expression>
              </And>
            </Expression>
          </DataSource>
        </DataSources>
        <WriteActions>
          <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">
            <Priority>1</Priority>
            <Severity>0</Severity>
            <AlertName />
            <AlertDescription />
            <AlertOwner />
            <AlertMessageId>$MPElement[Name="Contoso.ConfigmgrInitiated.Reboot.Alert.Rule.AlertMessage"]$</AlertMessageId>
            <AlertParameters>
              <AlertParameter1>$Data/LoggingComputer$</AlertParameter1>
              <AlertParameter2>$Data/EventSourceName$</AlertParameter2>
              <AlertParameter3>$Data/EventNumber$</AlertParameter3>
              <AlertParameter4>$Data[Default='']/EventDescription$</AlertParameter4>
            </AlertParameters>
            <Suppression />
            <Custom1 />
            <Custom2 />
            <Custom3 />
            <Custom4 />
            <Custom5 />
            <Custom6 />
            <Custom7 />
            <Custom8 />
            <Custom9 />
            <Custom10 />
          </WriteAction>
        </WriteActions>
      </Rule>
      <Rule ID="Contoso.ConfigMgrInitiated.Reboot.Script.Rule" Enabled="true" Target="SystemCenter!Microsoft.SystemCenter.AllManagementServersPool" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">
        <Category>Custom</Category>
        <DataSources>
          <DataSource ID="Scheduler" TypeID="SystemLibrary7585010!System.Scheduler">
            <Scheduler>
              <SimpleReccuringSchedule>
                <Interval Unit="Minutes">2</Interval>
              </SimpleReccuringSchedule>
              <ExcludeDates />
            </Scheduler>
          </DataSource>
        </DataSources>
        <WriteActions>
          <WriteAction ID="ExecuteScript" TypeID="MicrosoftWindowsLibrary7585010!Microsoft.Windows.PowerShellWriteAction">
            <ScriptName>SuppressPatchedServers.ps1</ScriptName>
            <ScriptBody>
            ## This script will suppress the patched servers
 Add-PSSnapin "Microsoft.EnterpriseManagement.OperationsManager.Client" -ErrorVariable errSnapin;
 Function WriteEvent ($Messages,$ID) {
 $Messages = $Messages + "`t" + $(get-date).ToString()
 Write-EventLog -LogName Application -Source PatchingSuppress -EventId $ID -Message $Messages
 }


#WriteEvent "Starting patching script in Contoso.Patching.Maintenance.xml mp" "1234"

$Date = Get-Date
$path = $date.Month.ToString() + $date.Day.ToString() + $date.Year.ToString() + ".log"
$minutes= 15
$comment= "Rebooted by Configuration Manager"
$reason="PlannedOther"
$startTime = [System.DateTime]::Now
$endTime = $startTime.AddMinutes($minutes)
$Agents = Get-SCOMAgent
$Alerts = Get-ScomAlert -Criteria {Name like 'Contoso Reboot Initiated Alert' and ResolutionState = 0}


foreach($Alert in $Alerts)
{
$agent = $Agents | Where-Object {$_.DisplayName -eq $alert.MonitoringObjectName}
if(($clusters = $agent.GetRemotelyManagedComputers()))
   {
      $clusterNodeClass = Get-MonitoringClass -Name Microsoft.Windows.Cluster.Node
       foreach($cluster in $clusters)
         {
           $clusterObj = Get-MonitoringClass -Name Microsoft.Windows.Cluster | Get-MonitoringObject -Criteria "Name='$($cluster.ComputerName)'"
            if($clusterObj)
             {
               $clusterObj.ScheduleMaintenanceMode($startTime,$endTime,$reason,$Comment,"Recursive")
               $nodes = $clusterObj.GetRelatedMonitoringObjects($clusterNodeClass)
                if($nodes)
                   {
                   foreach($node in $nodes)
                     {
                       $message = $node.ToString()
                       WriteEvent "Putting node $message into maintenance mode by patching script in Contoso.Patching.Maintenance.xml mp." "1235"
                       }
                   }
              }
              $message = $($cluster.Computer).ToString()
              WriteEvent "Putting cluster computer $message into maintenance mode by patching script in Contoso.Patching.Maintenance.xml mp." "1236"
              New-MaintenanceWindow -StartTime $startTime -EndTime $endTime -MonitoringObject $cluster.Computer -Reason $reason -Comment $comment
          }
    }
   
    else
   {
     $message = $($agent.HostComputer.DisplayName).ToString()
     WriteEvent "Putting server $message into maintenance mode by patching script in Contoso.Patching.Maintenance.xml mp." "1237"
     New-MaintenanceWindow -StartTime $startTime -EndTime $endTime -MonitoringObject $agent.HostComputer -Reason $reason -Comment $comment
   }

   $Alert | Set-SCOMAlert -ResolutionState 255 -CustomField8 "Patching maintenance completed"
 }
 #WriteEvent "Ending patching script in Contoso.Patching.Maintenance.xml mp" "1238"

            </ScriptBody>
            <TimeoutSeconds>60</TimeoutSeconds>
          </WriteAction>
        </WriteActions>
      </Rule>
    </Rules>
  </Monitoring>
  <Presentation>
    <Folders>
      <Folder ID="Folder_5e3e9391b6394ab288bd1c95f83e90cd" Accessibility="Public" ParentFolder="SystemCenter!Microsoft.SystemCenter.Monitoring.ViewFolder.Root" />
    </Folders>
    <StringResources>
      <StringResource ID="Contoso.ConfigmgrInitiated.Reboot.Alert.Rule.AlertMessage" />
    </StringResources>
  </Presentation>
  <LanguagePacks>
    <LanguagePack ID="ENU" IsDefault="false">
      <DisplayStrings>
        <DisplayString ElementID="Contoso.Patching.Maintenance">
          <Name>Contoso Patching Maintenance</Name>
          <Description>Author: Parag Waghmare
Reason: Created to suppress the servers during reboots initiated by patching</Description>
        </DisplayString>
        <DisplayString ElementID="Folder_5e3e9391b6394ab288bd1c95f83e90cd">
          <Name>Contoso Patching Maintenance</Name>
        </DisplayString>
        <DisplayString ElementID="Contoso.ConfigmgrInitiated.Reboot.Alert.Rule">
          <Name>Contoso Reboot Initiated Alert</Name>
          <Description />
        </DisplayString>
        <DisplayString ElementID="Contoso.ConfigmgrInitiated.Reboot.Alert.Rule.AlertMessage">
          <Name>Contoso Reboot Initiated Alert</Name>
          <Description>Computer:{0}
EventSource:{1}
EventID:{2}
Event Description: {3}
</Description>
        </DisplayString>
        <DisplayString ElementID="Contoso.ConfigmgrInitiated.Reboot.Alert.Rule" SubElementID="DS">
          <Name>DS</Name>
        </DisplayString>
        <DisplayString ElementID="Contoso.ConfigmgrInitiated.Reboot.Alert.Rule" SubElementID="Alert">
          <Name>Alert</Name>
        </DisplayString>
        <DisplayString ElementID="Contoso.ConfigMgrInitiated.Reboot.Script.Rule">
          <Name>Contoso suppress patching server script</Name>
        </DisplayString>
      </DisplayStrings>
    </LanguagePack>
  </LanguagePacks>
</ManagementPack>

Friday, April 28, 2017

System Center management health service credentials not found Alert


The SCOM run as profiles is a collection of run as accounts and objects that they are targeted to.

You select to add a run as account and distribute it to either a Class, Group or Object.

This all works fine and well until you choose to make the distribution for the account more secure and do not select the computers where you want this account to be distributed.

I have seen customers choosing to distribute the account to all targeted objects and then not adding those in the distribution to the run as account.

This the runas profile configuration which you see when you click on the runas profiles.


This is the runas account distribution you see when you click on the run as accounts.


This particular alert will give you the account ssid which is causing the alerts.

If you do not want this account do be distributed you can close the alert and it wont appear until there is  restart for the health service on the agent.

But if you don't want this, use the following script to find the account and then add the computer to it for distribution.



$SSID = "Enter the ssid from the alert here"





Get-RunAsAccount | Sort Name | % {$string = $null;$_.SecureStorageId | % {   $string = $string + "{0:X2}" -f $_}



 $RunAsAccountName = $_.Name

 [string]$RunAsAccountSSID = $string

 if ($SSID -match $RunAsAccountSSID) {write-host "The Run As Account is .. $RunAsAccountName"}

 }