HSLockdown breaks agent on domain controllers
This applies to SCOM 2016 but likely affects any later versions too.
When you install the agent on a DC it breaks communication to the management group. Kev explains it here but you need to do this on the affected agent.
To show current permissions:
cd C:\Program Files\Microsoft Monitoring Agent\Agent
HSLockdown.exe /L
To grant permission:
HSLockdown.exe /A "NT AUTHORITY\SYSTEM"
net stop healthservice & net start healthservice
Comments
Post a Comment