Events 20012 and 2000 when you use AD integration for agent assignment in Operations Manager

Applies to: System Center Operations Manager, version 1807System Center Operations Manager, version 1801System Center 2016 Operations Manager More

Symptoms


You use Active Directory integration to make agent assignments in Microsoft System Center Operations Manager. However, Operations Manager agents can’t find the primary management server through the Active Directory policy.

When this issue occurs, The following events are logged in the Operations Manager event log:


When diagnostic tracing is enabled, the following error messages are logged in the TracingGuidsNative.log file:

Cause


Operations Manager agents cannot parse more than 10 service connection points (SCPs). This issue occurs if your management group has more than 10 management servers and the Automatically manage failover option is selected in the agent assignment rule.

Resolution


To fix the issue, follow these steps to limit the number of SCPs:

  1. Log on to the computer by using an account that's a member of the Operations Manager Administrators role.
  2. In the Operations console, click Administration.
  3. In the Administration workspace, click Management Servers.
  4. Right-click the primary management server, and then click Properties.
  5. In the Management Server Properties dialog box, click the Auto Agent Assignment tab, select the existing agent assignment setting, and then click Edit to open the Agent Assignment and Failover Wizard.
  6. On the Inclusion Criteria page, copy the LDAP query, and paste it to a Notepad file.
  7. Click Cancel to close the Agent Assignment and Failover Wizard.
  8. Click Delete to delete the agent assignment setting.
  9. Click Add to open the Agent Assignment and Failover Wizard.
  10. On the Domain page, select the domain of the computers, and then click Next.
  11. On the Inclusion Criteria page, enter the LDAP query that you copied in step 6, and then click Next.
  12. On the Exclusion Criteria page, type the FQDN of computers that you explicitly want to prevent from being managed by this management server, and then click Next.
  13. On the Agent Failover page, select Manually configure failover, select no more than nine (9) management servers, and then click Create.
  14. In the Management Server Properties dialog box, click OK.
  15. Wait for one hour for the agent assignment setting to propagate in AD DS, and then check whether the issue is fixed.