Recently I was deploying a new SCOM 2019 management group. I had Kevin’s SCOM 2019 deployment guide on the side for reference and to organize a general flow of the process. Everything was going great, until I came to the part of installing the reporting server. Now, I was following the guide closely and had all the best practices for permissions for all my SCOM accounts. But, still I was having a hard time installing reporting.
I installed SSRS, validated the URL, all was good. Then when I was running the reporting server setup, it was taking a long time and would finally fail. Now this was just for POC and I figured it was better to just start this piece again instead of spending time with the troubleshooting, looking into logs and stuff. So, that’s what I did. Cleaned up everything, uninstalled SSRS and ran the installer again. Well, this time again it took a lot of time, but was actually successful. But when I went into reporting tab and validate the installation, I saw this:
Hmm…not good. I see a bunch of reports missing here. So I started looking into the logs. And indeed, this is what I found:
Type: Error Event ID: 26319 User: N/A Computer: Computername Description: An exception was thrown while processing GetUserRolesForOperationAndUser for session id uuid:UUID. Exception Message: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) Full Exception: System.UnauthorizedAccessException: Access is denied. (Exception fro HRESULT: 0x80070005 (E_ACCESSDENIED)) Exception Message: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) Full Exception: System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) at Microsoft.Interop.Security.AzRoles.IAzApplication2.InitializeClientContextFr omStringSid(String SidString, Int32 lOptions, Object varReserved) at Microsoft.EnterpriseManagement.Mom.Sdk.Authorization.AzManHelper.GetScopedRo leAssignmentsForUser(IList`1 roleNames, String userName) at Microsoft.EnterpriseManagement.Mom.Sdk.Authorization.AuthManager.GetUserRole sForOperationAndUser(Guid operationId, String userName) at Microsoft.EnterpriseManagement.Mom.ServiceDataLayer.SdkDataAccess.GetUserRol esForOperationAndUser(Guid operationId, String userName) at Microsoft.EnterpriseManagement.Mom.ServiceDataLayer.SdkDataAccessTieringWrap per.GetUserRolesForOperationAndUser(Guid operationId, String userName) at Microsoft.EnterpriseManagement.Mom.ServiceDataLayer.SdkDataAccessExceptionTr acingWrapper.GetUserRolesForOperationAndUser(Guid operationId, String userName)
No worries though, a quick search brought me this:
Now this link talks about issues with OS Windows 2000, but I was using Windows 2016, so I should not be technically facing this issue. However, since the accounts I was using were local accounts and not domain admins I still decided to try it out and add the SDK (DAS account in SCOM 2019) account in the Windows Authorization Access Group, which actually seemed to work. Slowly but steadily, all the reports started appearing. Problem solved! 😉
Hope this helps!