The following error began to appear (in various forms) on a domain controller (under the Operations Manager heading within event viewer) once the Microsoft System Centre Essentials agent had been deployed (healthservice.exe).
AD Replication Monitoring : encountered a permissions error.
The script failed to create the OpsMgrLatencyMonitors container in the naming context ‘DC=***,DC=***,DC=***’ because access was denied. Alter the permissions for this naming context so that the script can add this container, or change the parameters for this script to stop monitoring this naming context.
The error returned was: ‘General access denied error
It’s quite obvious from the error that I was dealing with a permissions issue of sort, just unclear where/how this could be resolved. After a few web searches I came across a Microsoft article on how to properly configure the SCE runas accounts.
It soon became apparent that the AD MP Account (run as profile) didn’t have an account with sufficient privileges assigned.
To create and assign an account to this profile follow the steps below:
1) Create a run as account (type = Windows).
2) Assign this account to the AD MP Account run as profile.
3) Select the distribution security option best suited to your operation. If More Secure is selected (recommended) you’ll need to manually select the systems the credentials will be distributed too (i.e. the DC in question).
4) Click OK to complete the wizard.
5) Check the Operations Manager log on the Domain Controller in question and you should notice some informational successful entries; ID’s including 21024, 21025, 7028.
No more errors…