Help and Support
 

powered byLive Search

When you try to install Microsoft System Center Operations Manager 2007 Reporting, the installation is unsuccessful

View products that this article applies to.
Article ID:938627
Last Review:October 31, 2007
Revision:1.1

SYMPTOMS

When you try to install the Microsoft System Center Operations Manager 2007 Reporting feature, the installation is unsuccessful. When this problem occurs, the Operations Manager event log may contain the following error message:
Date: date
Source: OpsMgr SDK Service
Time: time
Category: None
Type: Error
Event ID: 26319
User: N/A
Computer: Computername
Description: An exception was thrown while processing GetUserRolesForOperationAndUser for session id uuid:UUID. Exception Message: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) Full Exception: System.UnauthorizedAccessException: Access is denied. (Exception fro HRESULT: 0x80070005 (E_ACCESSDENIED))
Exception Message: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) Full Exception: System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) at Microsoft.Interop.Security.AzRoles.IAzApplication2.InitializeClientContextFr omStringSid(String SidString, Int32 lOptions, Object varReserved) at Microsoft.EnterpriseManagement.Mom.Sdk.Authorization.AzManHelper.GetScopedRo leAssignmentsForUser(IList`1 roleNames, String userName) at Microsoft.EnterpriseManagement.Mom.Sdk.Authorization.AuthManager.GetUserRole sForOperationAndUser(Guid operationId, String userName) at Microsoft.EnterpriseManagement.Mom.ServiceDataLayer.SdkDataAccess.GetUserRol esForOperationAndUser(Guid operationId, String userName) at Microsoft.EnterpriseManagement.Mom.ServiceDataLayer.SdkDataAccessTieringWrap per.GetUserRolesForOperationAndUser(Guid operationId, String userName) at Microsoft.EnterpriseManagement.Mom.ServiceDataLayer.SdkDataAccessExceptionTr acingWrapper.GetUserRolesForOperationAndUser(Guid operationId, String userName)

Back to the top

CAUSE

This problem occurs when the SDK service account does not have read access to the tokenGroupsGlobalAndUniversal attribute. The SDK service's authorization manager requires this access to determine the security groups to which a user belongs.

This problem occurs if one of the following conditions is true:
You install the Operations Manager 2007 Reporting feature in a Window Server 2003 domain environment, and the Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems option is enabled.
You install the Operations Manager 2007 Reporting feature in a Windows 2000 domain environment, and the Permissions compatible only with Windows 2000 servers option is enabled.

Back to the top

RESOLUTION

To resolve this problem, add the SDK service account to the Windows Authorization Access group. To do this, follow these steps:
1.Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
2.In Active Directory Users and Computers, click Builtin, and then double-click Windows Authorization Access Group.
3.Click the Members tab, and then add the SDK service account to the members list.

Back to the top

MORE INFORMATION

By default, if the Permissions compatible with pre-Windows 2000 servers option is enabled when the domain is created, every member of the domain is added to the Pre-Windows 2000 Compatible Access group. In this situation, the Pre-Windows 2000 Compatible Access group has read access to the tokenGroupsGlobalAndUniversal attribute. Therefore, no action is required unless the Pre-Windows 2000 Compatible Access group name is manually changed.

For more information about this problem, click the following article number to view the article in the Microsoft Knowledge Base:
331951 (http://support.microsoft.com/kb/331951/) Some applications and APIs require access to authorization information on account objects

Back to the top

APPLIES TO
Microsoft System Center Operations Manager 2007

Back to the top

Keywords: 
kbtshoot kbexpertiseinter kbprb KB938627

Back to the top

Article Translations

 

Other Support Options

  • Need More Help?
    Contact a Support professional by Email, Online or Phone.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.