Jump to content
Sign in to follow this  
t-zwck

Secure Reference Override Alert

Recommended Posts

Subject of this post is an advanced authoring combining usage of the security features of OpsMgr 2007 with workflows while trying to explain how to troubleshoot alerts which may be raised at the end of such process. On the simple example, I display tool I developed to help resolving ambiguous or unclear obstacles which may surface with this scenario.

 

I have a need to create my own Run As profile. This profile is then be populated with custom Run As account I created as well. These steps need to be done manually.

 

· Open OpsMgr console

 

· Navigate to “Administration”, then “Run As Configuration”

 

· Please create “Windows Credentials” account (do not distribute to any computer)

 

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

· Please create new profile and associate with previously created account.

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

Just to note that this post doesn’t aim to explain the internals of association between profile and account nor account distribution details, there are (or will be) official guides available for that exact reason.

 

Let’s also assume simple rule which generates alert when event 123 is raised in Application log by EventCreate. When created profile is used with this rule while run as account was not distributed to computer where target instance is monitored, event 1108 is raised during configuration load and workflow for this profile is not loaded until issue is corrected.

 

· Open OpsMgr authoring console

 

· Create NT event based rule and use this profile with Event data source module.

 

Because we are using unsealed MP, this rule must be created in same file as initially created profile.

 

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

This event 1108 is picked by OpsMgr MP and alert is raised to notify that distribution was not set when Run As account was associated with Run As profile

 

Dialogs and wizards were re-designed in this milestone to notify about the need to distribute during the creation!

 

Unfortunately, this new alert may at cases contain somewhat cryptic information increasing TCO of its investigation. If alert is closed without investigating the root cause, it will appear again either after 24 hours from its original creation or when health service restarted.

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

To simplify investigation of affected Run As profile (where querying a DB would be a necessity), I created SDK tool and associated with the product as “console task”. Upon its execution, tool retrieves all alerts related to Run As Profile and provides user friendly information about affected Run As profile (as long as it was present in the DB).

 

 

 

Another alert that such tool is able to help investigate is based on event 1107 and can be simulated by importing attached MP.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...