Tag: System Center Service Manager

The Case of Run As Accounts Not Deleted from SCSM 2010 SP1 Database After Being Deleted from SCSM Console

The case began when a advanced user accidently entered his account in SCSM 2010 SP1 console in Run As accounts. Later on he deleted his account from Run As accounts. At the time this happened SCSM 2010 SP1 was still not in production so it was not an issue. When the System Center Service Manager environment went in production alerts from SCOM 2007 R2 monitoring started to appear like this one:

The Health Service could not log on the RunAs account <ACCOUNT NAME> for management group <MANGEMENT GROUP NAME>. The error is Logon failure: unknown user name or bad password.(1326L). This will prevent the health service from monitoring or performing actions using this RunAs account.

From the alert we can see which actual account is causing these alerts. So I thought that I will open the SCSM console go to Administration pane and Run As accounts and delete the account from there. But for my surprise when I did that no user account was present there only service accounts that were working normally. The next step was to verify in SCSM event logs that this alert was actually there:

Log Name: Operations Manager
Source: HealthService
Event ID: 7000
Task Category: Health Service
Level: Error
Description:

The Health Service could not log on the RunAs account <ACCOUNT NAME> for management group <MANGEMENT GROUP NAME>. The error is Logon failure: unknown user name or bad password.(1326L). This will prevent the health service from monitoring or performing actions using this RunAs account.

When I looked at the logs I’ve found that this alert was logged almost every hour. I’ve checked the account in question in Active Directory and it was locked. This led me to the idea that the account was located somewhere with old password and was used by Service Manager. As the architecture of SCSM is similar to the SCOM architecture I’ve figured out that accounts were saved in ServiceManager DB and may be this user account was still stuck in the database because it was somehow not deleted properly.

I’ve made some digging over Internet and I’ve found this article: Best Practices: Service Manager 2010 Management Pack for Operations Manager 2007 R2. In point 6 you can see the same issue with a workaround proposed:

I Have Previously Deleted Run As accounts from the UI: If you have deleted Run As accounts from the UI, the symptom will be that you get an alert which tells you that a Run As account is invalid, and when you look at the credentials of the Run As account, you notice that it is not shown in the Run As account view in the Service Manager console.

You can either ignore the alert (if you close it, it will right back), or you can disable the monitor. We are currently looking into how we can help you get out of this state and will hopefully have a solution for SP1. I will make sure to update this post once we have a definitive plan.

Best Practice to Avoid this Issue: The best way to avoid this issue is to never delete Run As accounts from the UI. You can reuse existing Run As accounts by changing their name and/or credentials. If you would like to stop using a run as account, you can change its credentials to Local System and change the name to something easy to remember such as “Inactive.”

This way, you will not end up with stale Run As accounts which cause events to be placed in the Operations Manager event log.

As you see the issue exists in SCSM 2010 and SCSM 2010 SP1 CU3. After seeing this workaround I’ve contacted the user to verify that he entered his account in SCSM and later deleted it. User confirmed this was the case. I’ve decided to implement the workaround. I’ve entered the user credentials in Run As accounts again and later changed the account to System. The issue continued to exist as now I was receiving errors from health service that the user account could not logon locally on the SCSM server. I’ve decided to user my account as dummy account and replace the user’s account with mine in SCSM console. The result was that the health service as continuing to use the user’s account and after changing the password for my account I’ve noticed that logon failure alerts were logged for my account also. That was not smart move to use my account as dummy account Smile. It may be called dummy move Winking smile.

So we now had two user accounts entered in SCSM database that were generating alerts. Clearly the workaround was not working in our case and clearly this was bug in SCSM 2010 SP1. I could try to delete the accounts from the database directly with some SQL query but as SQL is not my strong side and this was production service I’ve decided that Microsoft Support should be contacted to provide resolution. So case was logged to Microsoft. After several e-mails of communication and providing information to Premier Field Engineer and it the issue was identified as bug the FPE contacted the support group of SCSM. The support group of SCSM confirmed it was a bug. They also said that no hotfix is planned for release for this issue but they will provide us with workaround. The good part is that this issue is fixed in SCSM 2012 and deleting accounts from SCSOM 2012 console are deleted also from the database. I’ve verified it in my home test lab also. After several days we received the workaround in a form of SQL query that will delete the unneeded accounts. While waiting for the solution I’ve entered both user accounts with their current passwords in SCSM console in order not be locked by the health service using them.

Here is the SQL query that was provided (you should execute the queries again ServiceManager DB):

   1:  DECLARE @SecureStorageElementId uniqueidentifier; 
   2:  -- change "GUID" to the SecureStorageElementID
   3:  -- of the invalid runas account
   4:  SET @SecureStorageElementId = 'GUID'; 
   5:  BEGIN TRANSACTION
   6:  EXEC dbo.p_CredentialManagerStorageDelete @SecureStorageElementId;
   7:  COMMIT TRANSACTION

The GUIDs for the problematic accounts you can find by listing all accounts and their SecureStorageElementID:

   1:  select * from CredentialManagerSecureStorage

In our case we have found that every time we have deleted account and entered it again an new account was entered in ServiceManager  DB with different SecureStorageElementID.

We tested the query first in Test environment. Than implemented the solution in our production environment. All went smooth and both user accounts were deleted from the SCSM database. Error were not logged in SCSM event log and in SCOM also. Before executing the queries against the ServiceManager DB make sure you have deleted the accounts in question first in SCSM console also.

Before actually implementing this solution in your environment I strongly recommend these actions:

1. Test the query in a Test environment.

2. Backup your production database before executing the queries.

This solution is provided “AS IS” with no warranties from Microsoft or me. Neither Microsoft nor me are responsible if you mess up your SCSM Database/SCSM Environment if you execute the procedure incorrectly.

Many thanks to Microsoft Support for providing us a workaround for fixing this issue. Another case solved.

SCSM Update Rollup 3 (UR3) Update Re-released

After apologizing that UR3 for SCSM actually contained some old binaries Microsoft promised to release UR3 this time with the right binaries. And now this update is available. This time this update really fixes those issues:

  • Memory leak in the Service Manager 2012 Console when opening/closing Incidents
  • Service Manager 2012 Console crashes with an OutOfMemoryException because of form control objects rooted in the GC heap
  • Portal: In portal if user changes sharepoint site language to Turkish, language invariant (English) language pack display strings are returned
  • Poor Service Manager 2012 Console Performance when opening Incident Forms when the Console is open through Citrix

The latest and real UR3 for SCSM is available for download here.

The update can be applied on top of the previous version of UR3 if you have applied it.

These are the installation instructions:

1. Exit all Service Manager-related applications before you apply this cumulative update. For example, exit the Service Manager Console, the Self-Service Portal links, and the authoring tool.

2. Download the cumulative update to a target folder. Note: This cumulative update contains both the x86 version and the x64 version. Download the appropriate version for your system.

3. Open the target folder

4. Right-click the SCSM2012_CU_KB2750615_AMD64_7.5.1561.116.exe file or the SCSM2012_CU_KB2750615_i386_7.5.1561.116.exe file, and then click Run as administrator

5. Accept the Microsoft Software License Terms, and then follow the steps in the installation wizard.

6. Once installation is complete, import Console.mpb from the installation folder on the management server and restart the consoles after import.

System Center 2012 Integration Guides

With System Center 2012 the different products of the family became components. This was not just changing of words. This change has the goal to tip that all components come in one license and that their integration is way better compared to the previous versions. To help us leverage that integration community project created Integration guides for System Center 2012 components:

The purpose of the Integration Guide is to provide an overview of each System Center component in its role as a programmable platform to be leveraged for the Microsoft Private Cloud.  It is intended to provide an abstraction layer that guides partners and customers on their decision process for methods to build automated solutions across System Center components and between System Center and other systems.

Microsoft System Center 2012 Service Manager Cookbook – Book Review

Recently I had the opportunity to read the book Microsoft System Center 2012 Service Manager Cookbook. The authors of the books are Samuel Erskine, Steven Beaumont, Anders Asp, Dieter Gasser and Andreas Baumgarten and two of them are even MVPs which infers for the quality of the book.

The book is divided in 11 chapters. The chapters are structured in a way that when you read the book you will start from more beginners to more advanced information. In the book you will find description and practices examples for all the features of System Center Service Manager 2012. In fact the bigger part of the book contains mini guides on how to do certain tasks in order to administer and manage the product. These mini guides are so detailed and explained well that you can build your own test environment and implement the steps in the book while reading it. This is useful because the easiest way to learn a product is to interact with it, to find out how all its features works by testing them.

The audience of this book is mostly people who currently start using or plan implementation of System Center 2012 Service Manager. The book will be also suitable for people who know different parts of SCSM 2012 but do not know the full power of the product. Before actually reading the book I would suggest to prepare yourself with a little Technet material about SCSM 2012. The authors didn’t include any information that already exists over Internet, instead they’ve included links to it. This gives uniqueness to the book.

Because Service Manager is a big product almost all of the chapters describes the basics of every feature but the book manages to show what are the capabilities of these features if more advanced techniques are implemented. This is good because you when you want to achieve something more advanced you will know if it is achievable and where to look for additional information in order to achieve it.

I definitely recommend this book to engineers who just start with System Center 2012 Service Manager or to more advanced users of this component part of System Center 2012 family.

You can find the book in the following online stores:

 

Microsoft apologizes for making mistake in packaging System Center 2012 UR3

In System Center 2012 Update Rollup 3 Microsoft reported fixing these 3 issues in Service Manager:

  • Memory leak in Service Manager 2012 console when opening/closing incidents
  • Service Manager 2012 console crashes with an OutOfMemoryException because of form control objects rooted in the GC heap
  • Poor Service Manager 2012 console performance when opening incident forms with the console is open through Citrix

Apparently that was not true as instead of packaging the binaries that are fixing these issues some old binaries were packaged for UR3. Microsoft apologizes for this mistake and it is promising to re-release UR3 for System Center 2012 with the right binaries as soon as possible. The full statement you can see here.