Hi,
I have a SCOM 2012 SP1 UR2 installation with 2 management servers. My Operations Manager eventlog still keeps registering events with ID 7016:
The Health Service cannot verify the future validity of the RunAs account SUB-DOM\SCOMAccount for management group SCOMManagementGroup due to an error retrieving information from Active Directory (for Domain Accounts) or the local security authority (for Local Accounts). The error is Access is denied.(0x80070005).
I get one event for each service account I have configured in SCOM - Action, DataReader, DataWriter, ADAgentBasedAssignmentAccount.
Which account is doing the verification? I think it is the Health Service account. In the RunAsProfiles I searched for "Default Action Account" and I can see that the Default Action Account on both management servers is domain account (SUB-DOM\SCOMAction). So I looked into the Active Directory and I am sure that SCOMAction account has the READ permissions on all SCOM service accounts. I'm always sure the management server computer account has the READ permissions as well.
All service accounts have the flag PASSWORD NEVER EXPIRES checked.
Management Servers and Agents are located in the child domain: sub.domain.local. This subdomain has the NetBIOS name different from domain name: SUB-DOM. I have RunAsAccounts configured in SCOM in format SUB-DOM\SCOMAccount. I tried to change it toSCOMAccount@sub.domain.local, but errors keeps generating.
Thanks for replies...
Jan Marek MCT | MCITP | MCTS