How to change the credentials for the SDK Service and for the Config Service in Microsoft System Center Operations Manager

Article translations Article translations
Article ID: 936220 - View products that this article applies to.
Expand all | Collapse all

On This Page

INTRODUCTION

This article describes how to change the credentials for the SDK Service and for the Config Service in Microsoft System Center Operations Manager. Additionally, this article describes how to change the Management Server Action Account.

MORE INFORMATION

How to change the SDK Service and the Config Service to use a domain account

Before you follow these steps make sure that you have already created the necessary domain account in the Active Directory directory service. Also, we recommend that you back up the Microsoft SQL Server database before you follow these steps.
  1. Click Start, click Run, type services.msc, and then click OK.
  2. In the details pane, if you are running System Center Operations Manager 2007 right-click OpsMgr SDK Service, if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 right-click System Center Data Access Service, and then click Stop.
  3. In the details pane,  if you are running System Center Operations Manager 2007 right-click OpsMgr Health Service, if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 right-click System Center Management, and then click Stop.
  4. In the details pane, if you are running System Center Operations Manager 2007 right-click OpsMgr Config Service, if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 right-click System Center Management Configuration, and then click Stop.
  5. f you are running System Center Operations Manager 2007 right-click OpsMgr SDKService, if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 right-click System Center Data Access Service, and then click Properties.
  6. On the Log On tab, click This account.
  7. Type a domain account in the This account box, type the corresponding password in the Password box, and then re-type the password in the Confirm password box.
  8. Click OK.
  9. f you are running System Center Operations Manager 2007 right-click OpsMgr Config Service, if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 right-click System Center Management Configuration, and then click Properties.
  10. On the Log On tab, click This account.
  11. Type a domain account in the This account box, type the corresponding password in the Password box, and then re-type the password in the Confirm password box.

    Important To start the SDK Service and the Config Service, you must use the same account. Therefore, the account that you specify in step 10 must be same as the account that you specified in step 6.
  12. Click OK.
  13. Close the Services snap-in window.
  14. Click Start, point to Programs, point to Microsoft SQL Server 200x (where x is version of SQL), and then click SQL Server Management Studio.
  15. In the Connect to Server dialog box, specify the server name and the instance on which the Operations Manager Database is installed.
  16. In the console tree, expand the Database node, right-click Operations Manager Database, and then click New Query.
  17. Type the following SQL statement, and then execute it.
    EXEC p_SetupCreateLogin '<Domain>\<User>', 'sdk_users'
    Note The <Domain> placeholder represents the domain name, and the <User> placeholder represents the user account on which you want to run the SDK Service. If the Operations Manager Database is configured to use a case-sensitive collation, you must type the account name exactly as it appears in the Active Directory Users and Computers snap-in.
  18. Type the following SQL statement, and then execute it.
    EXEC p_SetupCreateLogin '<Domain>\<User>', 'configsvc_users'
    Note The <Domain> placeholder represents the domain name, and the <User> placeholder represents the user account on which you want to run the Config Service. If the Operations Manager Database is configured to use a case-sensitive collation, you must type the account name exactly as it appears in the Active Directory Users and Computers snap-in.
  19. Type and execute the following SQL statement:
    EXECUTE p_SetupCreateLogin '<Domain>\<User>', 'dbmodule_users'
    Note: The <Domain> placeholder represents the domain name, and the <User> placeholder represents the Action Account the Management Server is configured to use.

    The account being used by the Management Server can be confirmed by examining the Default Action Account Run As Profile in the Operations console.
  20. Click Start, click Run, type services.msc, and then click OK.
  21. In the details pane,if you are running System Center Operations Manager 2007 right-click OpsMgr SDK Service, if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 right-click System Center Data Access Service, and then click Start.
  22. In the details pane, if you are running System Center Operations Manager 2007 right-click OpsMgr Health Service, if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 right-click System Center Management, and then click Start.
  23. In the details pane, if you are running System Center Operations Manager 2007 right-click OpsMgr Config Service, if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 right-click System Center Management Configuration, and then click Start.
  24. Close the Services snap-in window.
  25. Click Start, click Run, type eventvwr.msc, and then click OK.
  26. In the console tree, select the Operations Manager event log, and then examine the event log entries for the OpsMgr SDK Service and for the OpsMgr Config Service if you are running System Center Operations Manager 2007, or OpsMgr SDK Service and for the OpsMgr Management Configuration if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 to verify that these two services are running correctly.
  27. You will also need to update the Service Principal Names (SPN) associated with Operations Manager

More Info:

For System Center Operations Manager 2007 and 2007 R2 to clarify the list of SPN’s below:

Root Management Server (non-clustered)

servicePrincipalName: MSOMSdkSvc/<RMS fqdn>
servicePrincipalName: MSOMSdkSvc/<RMS netbios name>
servicePrincipalName: MSOMHSvc/<RMS fqdn>
servicePrincipalName: MSOMHSvc/<RMS netbios name>

Root Management Server (clustered)

servicePrincipalName: MSOMSdkSvc/<RMS virtual fqdn>
servicePrincipalName: MSOMSdkSvc/<RMS virtual netbios name>
servicePrincipalName: MSOMHSvc/<RMS virtual fqdn>
servicePrincipalName: MSOMHSvc/<RMS virtual netbios name>

The SDK SPN is registered on the SDK service account in Active Directory. It references the RMS. 
The Health Service SPN is registered on the management server computer objects in Active Directory. It references its own computer object


Management Server(s)


servicePrincipalName: MSOMHSvc/<MS fqdn>
servicePrincipalName: MSOMHSvc/<MS netbios name>

Management Server with ACS

servicePrincipalName: AdtServer/<MS fqdn>
servicePrincipalName: AdtServer/<MS netbios name>
servicePrincipalName: MSOMHSvc/<MS fqdn>
servicePrincipalName: MSOMHSvc/<MS netbios name>

Database Servers (including ACS DB)

servicePrincipalName: MSSQLSvc/<database netbios name>:1433
servicePrincipalName: MSSQLSvc/<database fqdn>:1433


Note: You will need the SETSPN utility found in the support tools of the OS install media if not installed- for more information on SPNs see http://social.technet.microsoft.com/wiki/contents/articles/717.aspx

To change the SPN for 2007 and 2007 R2:
Non-Clustered RMS (SDK only)
Remove the old SPN
1. At a cmd prompt run SetSPN –D MSOMSdkSvc/Computername.domain.com
2. At a cmd prompt runSetSPN –D MSOMSdkSvc/Computername

Add the new SPN:
1. At a cmd prompt run SETSPN –A MSOMSdkSvc/<RMS netbios name> <your domain>\<sdk domain account>
2. At a cmd prompt run SETSPN –A MSOMSdkSvc/<RMS fqdn> <your domain>\<sdk domain account>

Clustered RMS (SDK only)
Remove the old SPN:
1. At a cmd prompt run SetSPN –D MSOMSdkSvc/Computername.domain.com
2. At a cmd prompt run SetSPN –D MSOMSdkSvc/Computername

Add the new SPN:
1. At a cmd prompt run SETSPN –A MSOMSdkSvc/<RMS virtual netbios name> <your domain>\<sdk domain account>
2. At a cmd prompt run SETSPN –A MSOMSdkSvc/<RMS virtual fqdn> <your domain>\<sdk domain account>

Verifying SPN's with SETSPN

SDK: At a cmd prompt run SETSPN -L <your domain>\<sdk domain account>




How to change the SDK Service and the Config Service to use the Local System account if the Management Server and the Database Server roles reside on the same computer

  1. Click Start, click Run, type services.msc, and then click OK.
  2. In the details pane, if you are running System Center Operations Manager 2007 right-click OpsMgr SDK Service, if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 right-click System Center Data Access Service, and then click Stop.
  3. In the details pane, if you are running System Center Operations Manager 2007 right-click OpsMgr Health Service, if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 right-click System Center Management, and then click Stop.
  4. In the details pane, if you are running System Center Operations Manager 2007 right-click OpsMgr Config Service, if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 right-click System Center Management Configuration, and then click Stop.
  5. If you are running System Center Operations Manager 2007 right-click OpsMgr SDKService, if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 right-click System Center Data Access Service, and then click Properties.
  6. On the Log On tab, click Local System account.
  7. Click OK.
  8. If you are running System Center Operations Manager 2007 right-click OpsMgr Config Service, if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 right-click System Center Management Configuration, and then click Properties.
  9. On the Log On tab, click Local System account.
  10. Click OK.
  11. Close the Services snap-in window.
  12. Click Start, point to Programs, point to Microsoft SQL Server 200x (where x is the version of SQL), and then click SQL Server Management Studio.
  13. In the Connect to Server dialog box, specify the server name and instance on which the Operations Manager Database is installed.
  14. In the console tree, expand the Database node, right-click Operations Manager Database, and then click New Query.
  15. Type the following SQL statement, and then execute it.
    EXEC p_SetupCreateLogin 'NT AUTHORITY\SYSTEM', 'sdk_users'
    Note If the Operations Manager Database is configured to use a case-sensitive collation, you must type the account name exactly as it appears in this SQL statement.
  16. Type the following SQL statement, and then execute it.
    EXEC p_SetupCreateLogin 'NT AUTHORITY\SYSTEM', 'configsvc_users'
    Note If the Operations Manager Database is configured to use a case-sensitive collation, you must type the account name exactly as it appears in this SQL statement.
  17. Type the following SQL statement, and then execute it.
    EXECUTE p_SetupCreateLogin '<domain>\<managementservercomputer$>', 'dbmodule_users'
    Note The <domain> placeholder represents the domain name, and the <managementservercomputer$> placeholder represents the Action Account the Management Server is configured to use. You can examine the Default Action Account Run As Profile entry in the Operation console to confirm the account that the Management Server uses. 
  18. Click Start, click Run, type services.msc, and then click OK.
  19. If you are running System Center Operations Manager 2007 right-click OpsMgr SDK Service, if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 right-click System Center Data Access Service, and then click Start.
  20. In the details pane, if you are running System Center Operations Manager 2007 right-click OpsMgr Health Service, if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 right-click System Center Management, and then click Start.
  21. In the details pane, if you are running System Center Operations Manager 2007 right-click OpsMgr Config Service, if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 right-click System Center Management Configuration, and then click Start.
  22. Close the Services snap-in window.
  23. Click Start, click Run, type eventvwr.msc, and then click OK.
  24. In the console tree, select the Operations Manager event log, and then examine the event log entries for the OpsMgr SDK Service and for the OpsMgr Config Service if you are running System Center Operations Manager 2007, or OpsMgr SDK Service and for the OpsMgr Management Configuration if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 to verify that these two services are running correctly.
  25. You will also need to change the Service Principal Names (SPN)
More Info:

For System Center Operations Manager 2007 and 2007 R2 to clarify the list of SPN’s below:

Root Management Server (non-clustered)

servicePrincipalName: MSOMSdkSvc/<RMS fqdn>
servicePrincipalName: MSOMSdkSvc/<RMS netbios name>
servicePrincipalName: MSOMHSvc/<RMS fqdn>
servicePrincipalName: MSOMHSvc/<RMS netbios name>

Root Management Server (clustered)

servicePrincipalName: MSOMSdkSvc/<RMS virtual fqdn>
servicePrincipalName: MSOMSdkSvc/<RMS virtual netbios name>
servicePrincipalName: MSOMHSvc/<RMS virtual fqdn>
servicePrincipalName: MSOMHSvc/<RMS virtual netbios name>

The SDK SPN is registered on the SDK service account in Active Directory. It references the RMS.
The Health Service SPN is registered on the management server computer objects in Active Directory. It references its own computer object


The SDK SPN is registered on the SDK service account in Active Directory. It references the RMS.
The Health Service SPN is registered on the management server computer objects in Active Directory. It references its own computer object


Management Server(s)


servicePrincipalName: MSOMHSvc/<MS fqdn>
servicePrincipalName: MSOMHSvc/<MS netbios name>

Management Server with ACS

servicePrincipalName: AdtServer/<MS fqdn>
servicePrincipalName: AdtServer/<MS netbios name>
servicePrincipalName: MSOMHSvc/<MS fqdn>
servicePrincipalName: MSOMHSvc/<MS netbios name>

Database Servers (including ACS DB)

servicePrincipalName: MSSQLSvc/<database netbios name>:1433
servicePrincipalName: MSSQLSvc/<database fqdn>:1433


Note: you will need the SETSPN utility found in the support tools of the OS install media - for more information on SPNs see http://social.technet.microsoft.com/wiki/contents/articles/717.aspx

To change the SPN for 2007 and 2007 R2:
Non-Clustered RMS (SDK only)
Remove the old SPN
1. At a cmd prompt run SetSPN –D MSOMSdkSvc/<RMS netbios name> <your domain>\<old sdk domain account>
2. At a cmd prompt runSetSPN –D MSOMSdkSvc/<RMS fqdn> <your domain>\<old sdk domain account>


Add the new SPN:
1. At a cmd prompt run SETSPN –A MSOMSdkSvc/<RMS netbios name> Computername.domain.com
2. At a cmd prompt run SETSPN –A MSOMSdkSvc/<RMS fqdn> Computername

Verifying SPN's with SETSPN

SDK: At a cmd prompt run SETSPN -L <your domain>\<sdk domain account>


How to change the OpsMgr SDK Service and the OpsMgr Config Service to use the Local System account if the Management Server and the Database Server roles reside on different computers

  1. On the computer that is running the Management Server role, click Start, click Run, type services.msc, and then click OK.
  2. In the details pane, if you are running System Center Operations Manager 2007 right-click OpsMgr SDK Service, if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 right-click System Center Data Access Service, and then click Stop.
  3. In the details pane, if you are running System Center Operations Manager 2007 right-click OpsMgr Health Service, if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 right-click System Center Management, and then click Stop.
  4. In the details pane, if you are running System Center Operations Manager 2007 right-click OpsMgr Config Service, if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 right-click System Center Management Configuration, and then click Stop.
  5. If you are running System Center Operations Manager 2007 right-click OpsMgr SDKService, if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 right-click System Center Data Access Service, and then click Properties.
  6. On the Log On tab, click Local System account.
  7. Click OK.
  8. If you are running System Center Operations Manager 2007 right-click OpsMgr Config Service, if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 right-click System Center Management Configuration, and then click Properties.
  9. On the Log On tab, click Local System account.
  10. Click OK.
  11. Close the Services snap-in window.
  12. On the computer that is running the database server role, click Start, point to Programs, point to Microsoft SQL Server 200x (where x is the version of SQL installed), and then click SQL Server Management Studio.
  13. In the Connect to Server dialog box, specify the server name and the instance on which the Operations Manager Database is installed.
  14. In the console tree, expand the Database node, right-click Operations Manager Database, and then click New Query.
  15. Type the following SQL statement, and then execute it: 
    EXEC p_SetupCreateLogin '<managementserverdomain\managementservercomputer$>', 'sdk_users' 
    Replace <managementserverdomain\managementservercomputer$> with the domain and with the computer account. For example, replace <managementserverdomain\managementservercomputer$> with Contoso\Opsmgr01$.

    Note If the Operations Manager Database is configured to use a case-sensitive collation, you must type the account name exactly as it appears in this SQL statement.
  16. Type the following SQL statement, and then execute it:
    EXEC p_SetupCreateLogin '<managementserverdomain\managementservercomputer$>', 
    'configsvc_users'
    Replace <domain\managementservercomputer$> with the domain and with the computer account. For example, replace <domain\managementservercomputer$> with Contoso\Opsmgr01$.

    Note If the Operations Manager Database is configured to use a case-sensitive collation, you must type the account name exactly as it appears in this SQL statement.
  17. Type the following SQL statement, and then execute it:
    EXECUTE p_SetupCreateLogin '<domain\managementservercomputer$>', 'dbmodule_users'
    Note The <domain> placeholder represents the domain name, and the <managementservercomputer$> placeholder represents the Action Account that the Management Server is configured to use. You can examine the Default Action Account Run As Profile entry in the MOM Operator console to confirm the account that the Management Server uses.
  18. On the computer that is running the Management Server role, click Start, click Run, type services.msc, and then click OK.
  19. If you are running System Center Operations Manager 2007 right-click OpsMgr SDK Service, if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 right-click System Center Data Access Service, and then click Start.
  20. In the details pane, if you are running System Center Operations Manager 2007 right-click OpsMgr Health Service, if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 right-click System Center Management, and then click Start.
  21. In the details pane, if you are running System Center Operations Manager 2007 right-click OpsMgr Config Service, if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 right-click System Center Management Configuration, and then click Start.
  22. Close the Services snap-in window.
  23. Click Start, click Run, type eventvwr.msc, and then click OK.
  24. In the console tree, select the Operations Manager event log, and then examine the event log entries for the OpsMgr SDK Service and for the OpsMgr Config Service if you are running System Center Operations Manager 2007, or OpsMgr SDK Service and for the OpsMgr Management Configuration if you are running System Center Operations Manager 2007 R2 or System Center Operations Manager 2012 to verify that these two services are running correctly.
  25. You will also need to change the Service Principal Names (SPN)
  26. More Info:

    For System Center Operations Manager 2007 and 2007 R2 to clarify the list of SPN’s below:

    Root Management Server (non-clustered)

    servicePrincipalName: MSOMSdkSvc/<RMS fqdn>
    servicePrincipalName: MSOMSdkSvc/<RMS netbios name>
    servicePrincipalName: MSOMHSvc/<RMS fqdn>
    servicePrincipalName: MSOMHSvc/<RMS netbios name>


    The SDK SPN is registered on the SDK service account in Active Directory. It references the RMS.
    The Health Service SPN is registered on the management server computer objects in Active Directory. It references its own computer object


    Management Server(s)


    servicePrincipalName: MSOMHSvc/<MS fqdn>
    servicePrincipalName: MSOMHSvc/<MS netbios name>

    Management Server with ACS

    servicePrincipalName: AdtServer/<MS fqdn>
    servicePrincipalName: AdtServer/<MS netbios name>
    servicePrincipalName: MSOMHSvc/<MS fqdn>
    servicePrincipalName: MSOMHSvc/<MS netbios name>

    Database Servers (including ACS DB)

    servicePrincipalName: MSSQLSvc/<database netbios name>:1433
    servicePrincipalName: MSSQLSvc/<database fqdn>:1433


    Note: you will need the SETSPN utility found in the support tools of the OS install media - for more information on SPNs see http://social.technet.microsoft.com/wiki/contents/articles/717.aspx

    To change the SPN for 2007 and 2007 R2:
    Non-Clustered RMS (SDK only)
    Remove the old SPN
    1. At a cmd prompt run SetSPN –D MSOMSdkSvc/<RMS netbios name> <your domain>\<old sdk domain account>
    2. At a cmd prompt runSetSPN –D MSOMSdkSvc/<RMS fqdn> <your domain>\<old sdk domain account>


    Add the new SPN:
    1. At a cmd prompt run SETSPN –A MSOMSdkSvc/<RMS netbios name> Computername.domain.com
    2. At a cmd prompt run SETSPN –A MSOMSdkSvc/<RMS fqdn> Computername

    Verifying SPN's with SETSPN

    SDK: At a cmd prompt run SETSPN -L <your domain>\<sdk domain account>

How to change the Management Server Action Account

Before you follow the steps that are described in this section, we recommend that you do the following:
  • Make sure that you have already created the necessary account in Active Directory or on the local computer.
  • Make sure that you have created all necessary new Run As Accounts of the Action Account type by using the Create Run As Account Wizard.

    Note For more information about an issue that may occur when you create Run As Accounts, click the following article number to view the article in the Microsoft Knowledge Base:
    936221 The Run As Account that you create in System Center Operations Manager 2007 or in System Center Essentials 2007 does not run a task successfully
  1. Click Start, point to Programs, point to System Center Operations Manager, and then click Operations Console.
  2. Select the Administration view, expand Administration, expand Security, click Run As Profiles, right-click Default Action Account in the Run As Profiles pane, and then click Properties.
  3. Click the Run As Accounts tab.
  4. In the Run As Accounts list, select the computer on which you want to change the action account, and then click Edit.
  5. In the Run As Accounts list, select a domain account or Local System Action Account, and then click OK.
  6. Click OK to close the Run As Profiles Properties dialog box.
Note These steps change the Management Server Action Account. If you change the Management Server Action Account from a domain account to the Local System account, this operation may affect some actions that are performed by the Management Server. Such actions include the following:
  • discovery
  • agent installation

Properties

Article ID: 936220 - Last Review: July 9, 2012 - Revision: 6.0
APPLIES TO
  • Microsoft System Center Operations Manager 2007
  • Microsoft System Center 2012 Operations Manager
  • Microsoft System Center Operations Manager 2007 R2
  • Microsoft System Center Operations Manager 2007 Service Pack 1
Keywords: 
kbtshoot kbhowto kbexpertiseinter kbinfo KB936220

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com