Reporting-AnalyticOps Insights

Recently I was deploying a new SCOM 2019 management group. I had Kevin’s SCOM 2019 deployment guide on the side for reference and to organize a general flow of the process. Everything was going great, until I came to the part of installing the reporting server. Now, I was following the guide closely and had all the best practices for permissions for all my SCOM accounts. But, still I was having a hard time installing reporting.

I installed SSRS, validated the URL, all was good. Then when I was running the reporting server setup, it was taking a long time and would finally fail. Now this was just for POC and I figured it was better to just start this piece again instead of spending time with the troubleshooting, looking into logs and stuff. So, that’s what I did. Cleaned up everything, uninstalled SSRS and ran the installer again. Well, this time again it took a lot of time, but was actually successful. But when I went into reporting tab and validate the installation, I saw this:

Hmm…not good. I see a bunch of reports missing here. So I started looking into the logs. And indeed, this is what I found:

Type: Error

Event ID: 26319 

User: N/A

Computer: Computername
Description: An exception was thrown while processing GetUserRolesForOperationAndUser for session id uuid:UUID. Exception Message: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) Full Exception: System.UnauthorizedAccessException: Access is denied. (Exception fro HRESULT: 0x80070005 (E_ACCESSDENIED))

Exception Message: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) Full Exception: System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) at Microsoft.Interop.Security.AzRoles.IAzApplication2.InitializeClientContextFr omStringSid(String SidString, Int32 lOptions, Object varReserved) at Microsoft.EnterpriseManagement.Mom.Sdk.Authorization.AzManHelper.GetScopedRo leAssignmentsForUser(IList`1 roleNames, String userName) at Microsoft.EnterpriseManagement.Mom.Sdk.Authorization.AuthManager.GetUserRole sForOperationAndUser(Guid operationId, String userName) at Microsoft.EnterpriseManagement.Mom.ServiceDataLayer.SdkDataAccess.GetUserRol esForOperationAndUser(Guid operationId, String userName) at Microsoft.EnterpriseManagement.Mom.ServiceDataLayer.SdkDataAccessTieringWrap per.GetUserRolesForOperationAndUser(Guid operationId, String userName) at Microsoft.EnterpriseManagement.Mom.ServiceDataLayer.SdkDataAccessExceptionTr acingWrapper.GetUserRolesForOperationAndUser(Guid operationId, String userName)

No worries though, a quick search brought me this:

When you try to install Microsoft System Center Operations Manager 2007 Reporting, the installation is unsuccessful

Now this link talks about issues with OS Windows 2000, but I was using Windows 2016, so I should not be technically facing this issue. However, since the accounts I was using were local accounts and not domain admins I still decided to try it out and add the SDK (DAS account in SCOM 2019) account in the Windows Authorization Access Group, which actually seemed to work. Slowly but steadily, all the reports started appearing. Problem solved! 😉

Hope this helps!

Cheers

This is a question that I often get asked by the customers I work with and apparently a lot of others as evident by the related questions on the forums.

One way of doing it is to author your own service monitor, but that involves considerable amount of knowledge and experience of management packs and the underlying coding. It usually takes a lot of time as well. Not everyone has the right knowledge or the time to spend on it so I thought I’d share a quick trick I do to measure uptime of a service and also be able to present it to the concerned parties in the form of a report.

It often happens that you have a service running on your servers and many organizations use it as a “proof” to show that the application was running, or maybe as analysis for troubleshooting, hence it becomes necessary to be able to measure the uptime of the service accurately and to be able to show it to the management and/or to pass it around.

The thing is, when you’re creating a monitor to measure availability of a service in SCOM, you usually choose a “Basic Service Monitor”. This monitor is not very “intelligent” and simply places an instance of itself on every server belonging to the class that you choose. However, you do have another option to monitor your service with, and it is the “Windows Service Template”. This type provides you much more features and finer control on your service monitoring. I wrote a blog earlier comparing these two options of service monitoring and when to use what.

SCOM basic service monitor Vs Windows Service Template

So the way the Windows Service template works is that it creates a discovery of it’s own and hence creates an actual class. This class can further be used to target other workflows that you may have to monitor this class of servers. Another advantage of that is you can now use this class to fetch a “Service Availability” report. For example:

Let’s say I’m monitoring the Spooler service on a bunch of servers, and I need to be able to see the uptime of this service on each of these servers. So I create a Windows Service Template monitor, call it “Test Spooler”.

Now once it’s done, go to “Discovered Inventory” tab under Monitoring. Click on “Change the target type” and you can see that now the “Test Spooler” is a class available for targeting.

This means you can also target your availability report to this target as well and measure the uptime of the service it is monitoring.

You can also fetch a report for a group of service monitors created this way. There’s a good discussion we had a while back regarding this exact requirement:

Service Availability Report

Hope that helps!

Cheers

AnalyticOps Insights

Tag: Reporting

SCOM Troubleshooting – Missing Reports

Service Uptime Report in SCOM

Free Insights from AnalyticOps experts.