Once every other day I get an alert in OpsMgr with the title "MOM AD Admin Not Run." This is in the System Center Core Monitoring management pack and it's monitoring the event log for certain entries that indicate that AD Integration may
not be healthy. The rule alerts when it sees Event ID 11463 from the Health Service Modules source in the Operations Manager log. The event occurs when, presumably, OpsMgr can't update the OperationsManager container in AD.
Looking at the logs, I can see that this occurs once every other day or so (seems random, sometimes twice in one day), but then an hour later it is followed up with event ID 11468 which says that the management server has recovered from the previous ADI error.
I have, indeed, run momadadmin on the target domain and tested ADI and it appears to be working. When I check the OperationsManager container I can see it is updating the groups and all the agents are seeing their AD assigned management servers when
I look at it in Control Panel module on the hosts.
Is this is a false positive or a bug or do I have some sporadic AD issue? There are no AD alerts at all in OpsMgr and otherwise AD seems to be working correctly as nobody has every had issues logging on or querying AD.
Detailed event log messages are below with server names and such sanitized from the output.
Log Name: Operations Manager
Source: Health Service Modules
Date: 9/9/2014 4:38:20 AM
Event ID: 11463
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: SCOM1A.domain.com
Description:
OperationsManager container doesnt exist in domain domain.com or the Run As Account associated with the AD based agent assignment rule does not have access to the container. Please run MomADAdmin before configuring agent assignment rules and make sure the associated Run As Account is the member of the Operations Manager Administrator role.
Workflow name: _DOMAIN_SCOM1A_domain.com
Instance name: AD Assignment Resource Pool
Instance ID: {529CF61E-A357-5AED-73CC-81D48E4327CA}
Management group: OpsMgr-Main
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Health Service Modules" /><EventID Qualifiers="49152">11463</EventID><Level>2</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime="2014-09-09T08:38:20.000000000Z" /><EventRecordID>352999</EventRecordID><Channel>Operations Manager</Channel><Computer>SCOM1A.domain.com</Computer><Security /></System><EventData><Data>OpsMgr-Main</Data><Data>_DOMAIN_SCOM1A_domain.com</Data><Data>AD Assignment Resource Pool</Data><Data>{529CF61E-A357-5AED-73CC-81D48E4327CA}</Data><Data>domain.com</Data></EventData></Event>Log Name: Operations Manager
Source: Health Service Modules
Date: 9/9/2014 5:38:14 AM
Event ID: 11468
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: SCOM1A.domain.com
Description:
The agent assignment rule for domain domain.com and ManagementServer SCOM1A.domain.com has recovered from previous error condition. The SCPs and security groups were successfully created.
Workflow name: _DOMAIN_SCOM1A_domain.com
Instance name: AD Assignment Resource Pool
Instance ID: {529CF61E-A357-5AED-73CC-81D48E4327CA}
Management group: OpsMgr-Main
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Health Service Modules" /><EventID Qualifiers="16384">11468</EventID><Level>4</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime="2014-09-09T09:38:14.000000000Z" /><EventRecordID>356241</EventRecordID><Channel>Operations Manager</Channel><Computer>SCOM1A.domain.com</Computer><Security /></System><EventData><Data>OpsMgr-Main</Data><Data>_DOMAIN_SCOM1A_domain.com</Data><Data>AD Assignment Resource Pool</Data><Data>{529CF61E-A357-5AED-73CC-81D48E4327CA}</Data><Data>domain.com</Data><Data>SCOM1A.domain.com</Data></EventData></Event>