AEM does not work when the management server action account is a low-permission account in System Center Operations Manager 2007

When the management server action account is a low-permission account in Microsoft System Center Operations Manager 2007, Agentless Exception Monitoring (AEM) does not work.

Note This problem does not affect client computers that are running the Windows Vista operating system.

This problem occurs because AEM does not collect crash data when the management server action account is a low-permission account.

To resolve this problem, follow these steps:

1. If AEM is enabled, disable it.
2. In the System Center Operations Manager 2007 Operations console, click Administration, and then click Run As Accounts.
   1. Create a new Windows Run As account that the AEM module will use.
   2. In the Operations Manager database, add the following membership roles to the account that you created in step 2a:
      • db_reader
      • db_writer
      • dbmodule_users
3. In the System Center Operations Manager 2007 Operations console, click Administration, and then click Run As Profiles.
   1. Associate the Run As account that you created in step 2a with the client monitoring action account for the management server.
   2. Add the client monitoring action account to the local Administrators group on the computer where the file share will be created.
4. Use the GetSid.exe tool to obtain the security identifier (SID) for the client monitoring action account.
   
   To run the GetSid.exe tool, use the following command:
   getsid.exe \\server1 Account \\server2 Account
   The output of this command contains the SID.
   
   Note The Account placeholder in this command represents the account that you created in step 2a.
   
   Note The Getsid.exe tool is part of the Windows Server 2003 support tools.
5. Run the Httpcfg.exe tool to configure the AEM module account to start listening at a specific port so that you can collect crashes from Windows Vista-based clients.
   
   To run the Httpcfg.exe tool, use the following command:
   httpcfg.exe set urlacl /u http://+:51906/ /a D:(A;;GX;;;[SID])
   Note The SID placeholder in this command represents the SID for the client monitoring action account that you obtained in step 4.
   
   Note The Httpcfg.exe tool is part of the Windows Server 2003 support tools. For more information about this tool, visit the following Microsoft Web site:
   http://msdn2.microsoft.com/en-us/library/aa364478.aspx (http://msdn2.microsoft.com/en-us/library/aa364478.aspx)
6. Enable AEM by running the task that uses Operations Manager administrator credentials.
7. Add the Everyone group to the file share permissions, and then grant the Everyone group full control to the file share that AEM creates.
8. In the System Center Operations Manager 2007 Operations console, click Monitoring, double-click Agentless Exception Monitoring, and then click Crash Listener View.
   1. Click the management server. In the Actions pane, click Task reserved under Crash Listener Tasks.
   2. Run the task by using administrator credentials.
9. Stop and then restart the OpsMgr Health Service.

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.