"Error 3000: Unable to register to Advisor Service" error in System Center 2012 R2 Operations Manager

Symptoms
When you try to configure System Center Operations Manager for Microsoft Operations Management Suite (formerly known as Operations Insight), you receive the following error message in the Operations Manager Console:

Error 3000: Unable to register to Advisor Service. Please contact the system administrator.
Cause
This issue occurs for one of the following reasons:
  • The management server's clock is out of sync with the current time by more than five minutes.
  • Your internal proxy server or firewall is blocking communication with the Advisor Service endpoints.  
Resolution

If the clock is out of sync

To resolve this issue, change the clock time on your server to match the current time. To do this, open a command prompt as an administrator, run w32tm /tz to check the time zone, and then run w32tm /resync to synchronize the time.

If the proxy or the firewall is involved

Depending on the proxy configuration, you may be unable to register to the Advisor Service. Or, some communications from System Center Operations Manager to Advisor Service behind Operations Management Suite will later fail, and certain scenarios may not light up in the portal even when you do manage to register. In this section, we describe the kinds of communications and endpoints that you must permit for your management servers, the console, and direct agents so that Operations Management Suite will work correctly.

Step 1: Request exception for the service endpoints

The following domains and URLs must be accessible through the firewall or proxy for the management server to access the Azure Operational Insights Web Services.
Management server
URLPorts
service.systemcenteradvisor.com

scadvisor.accesscontrol.windows.net

scadvisorservice.accesscontrol.windows.net*

.blob.core.windows.net/

*data.systemcenteradvisor.com

ods.systemcenteradvisor.com

*.ods.opinsights.azure.com

*.systemcenteradvisor.com
Port 443

Port 443

Port 443

Port 443

Port 443

Port 443

Port 443

Port 443
Large volume scenarios / intelligence packs and OpsMgr agents
Note Some forthcoming intelligence packs, such as Security and Audit, report data directly (without queuing through the management server) to the cloud. This is true even if they report to OpsMgr and are configured by the OpsMgr Management group. The following is the required destination for this kind of communication:
URLPorts
*.ods.opinsights.azure.comPort 443
Note The proxy setting that's specified in step 2 in this section will be automatically propagated to OpsMgr agents.
Operations Manager Console
The following domains and URLs must be accessible through the firewall in order to view the Advisor Web portal and OpsMgr Console (to perform registration to Azure Operational Insights).
ResourcePorts
*.systemcenteradvisor.com

*.live.com

*.microsoft.com

*.microsoftonline.com

login.windows.net
Ports 80 and 443

Ports 80 and 443

Ports 80 and 443

Ports 80 and 443

Ports 80 and 443
Also, make sure that the Internet Explorer proxy is set correctly on the computer that you try to sign in with. It's particularly valuable to test whether you can connect to an SSL-enabled website, such as https://www.bing.com. If the HTTPS connection doesn’t work from a browser, it probably won’t work in the Operations Manager Console and in the server modules that talk to the web services in the cloud.

Step 2: Configure the proxy server in the OpsMgr Console

  1. Open the OpsMgr Console.
  2. In Administration view, select Advisor Connection under the System Center Advisor node.
  3. Click Configure Proxy Server.
  4. Select the check box to use a proxy server to access the Advisor Web Service. Specify the proxy address in the <http://proxyserver:port> format.

Step 3: Specify credentials for OpsMgr if the proxy server requires authentication

If the proxy server requires authentication, follow these steps:

  1. In the OpsMgr Console, open Administration view.
  2. Select Profiles under the RunAs Configuration node.
  3. Double-click System Center Advisor Run As Profile Proxy.
  4. Click Add to add a RunAs account. You can either create an account or use an existing one. This account must have sufficient permissions to pass through the proxy.
  5. Set the account to be targeted at the Operations Manager Management Servers group.
  6. Complete the steps in the wizard, and then save the changes.
Configure the proxy server on each OpsMgr management server for managed code
There's another setting in Operations Manager, and this is intended for general error reporting. However, because the same modules are used in multiple workflows, this proxy setting also ends up affecting Advisor Connector functionality when it's set. Therefore, assuming that you use a proxy, we recommend that you also set it to the same proxy server that you set in the other locations for each management server:
  1. In the OpsMgr Console, open Administration view.
  2. Select Device Management, and then select the Management Servers node.
  3. Right-click the management server, select Properties, and then set the proxy on the Proxy Settings tab. Do this for each management server.

More Information

You can troubleshoot time sync issues by enabling verbose tracing on the management server or Operations Manager Console computer. For more information, see How to use diagnostic tracing in System Center Operations Manager 2007 and in System Center Essentials. In a command prompt window, run the following command:

StartTracing.cmd VER

Reproduce the issue, and then run the following commands:
StopTracing.cmd
FormatTracing.cmd

After you're able to collect formatted traces, open the trace log file that's named TracingGuidsAdvisor.log, and then look for errors that resemble the following:

[Microsoft.SystemCenter.Advisor.Common] [] [Error] :WebServiceCallHelper.CallWebService<T>{webservicecallhelper_cs66}Message security was invalid for the connection with web service when performing Register Gateway [Exception] System.ServiceModel.Security.MessageSecurityException: The security timestamp is stale because its expiration time ('2015-08-28T17:56:34.018Z') is in the past. Current time is '2015-08-28T18:03:27.962Z' and allowed clock skew is '00:05:00'.
Properties

Article ID: 3094195 - Last Review: 10/13/2015 22:18:00 - Revision: 1.0

CDM MSCOM, Microsoft System Center 2012 R2 Operations Manager

  • kbexpertiseadvanced kbsurveynew kbtshoot KB3094195
Feedback