Well known configuration that needs applying to domain controler after the SCOM agent is installed.
Clue that this has not been done is that the relevent domain controller will show in the SCOM console as not monitored.
- Open an elevated command prompt.
- Navigate to the agent install folder on the domain controller, typically C:\Program Files\Microsoft Monitoring Agent\Agent.
- Run – HSLockdown.exe /A “NT AUTHORITY\SYSTEM”
- Restart the SCOM agent service – run net stop healthservice & net start healthservice
Thanks yet agin to Kevin Holman.
https://blogs.technet.microsoft.com/kevinholman/2016/11/04/deploying-scom-2016-agents-to-domain-controllers-some-assembly-required/
Problem
Attempting to automate some maintenance schedules using the new SCOM 2016 functionality and received the following error:
The Execute Permission Was Denied For Object ‘sp_help_jobactivity’.
Fix
Assign the following rights for the SCOM Data Access Service account (SDK service) against the msdb database:
- SQLAgentOperatorRole
- SQLAgentReaderRole
- SQLAgentUserRole
As always many thanks to Kevin Holman – more info about this issue here: https://blogs.technet.microsoft.com/kevinholman/2016/10/22/enabling-scheduled-maintenance-in-scom-2016-ur1/
Real world sys admin – getting the job done without the need to stroke your own ego