Unable to perform the operation because of authorization store errors

So today I needed to add a server to a dynamic group. As soon as I clicked OK, I was presented with this wonderful error.

Authorization Store Errors

 

 

 

 

 

 

 

The full text of this error is shown below:

Date: 9/9/2014 4:01:33 AM
Application: Operations Manager
Application Version: 7.1.10226.0
Severity: Error
Message:

Microsoft.EnterpriseManagement.Common.UnknownAuthorizationStoreException: Unable to perform the operation because of authorization store errors. —> System.Runtime.InteropServices.COMException: The security ID structure is invalid. (Exception from HRESULT: 0x80070539)
at Microsoft.Interop.Security.AzRoles.AzAuthorizationStoreClass.Initialize(Int32 lFlags, String bstrPolicyURL, Object varReserved)
at Microsoft.EnterpriseManagement.Mom.Sdk.Authorization.AzManHelper.Initialize(String pathToStore, String appName, AzManHelperModes helperMode, String storeDesc, String appDesc)
— End of inner exception stack trace —
at Microsoft.EnterpriseManagement.Common.Internal.ServiceProxy.HandleFault(String methodName, Message message)
at Microsoft.EnterpriseManagement.Common.Internal.EntityObjectsServiceProxy.PerformGroupMembershipDiscoverySnapshot(String managementPackXml)
at Microsoft.EnterpriseManagement.Mom.Internal.UI.Console.ConsoleJobExceptionHandler.ExecuteJob(IComponent component, EventHandler`1 job, Object sender, ConsoleJobEventArgs args)
System.Runtime.InteropServices.COMException (0x80070539): The security ID structure is invalid. (Exception from HRESULT: 0x80070539)
at Microsoft.Interop.Security.AzRoles.AzAuthorizationStoreClass.Initialize(Int32 lFlags, String bstrPolicyURL, Object varReserved)
at Microsoft.EnterpriseManagement.Mom.Sdk.Authorization.AzManHelper.Initialize(String pathToStore, String appName, AzManHelperModes helperMode, String storeDesc, String appDesc)

 

 

Checking the event log on the local management server yielded these 2 new events:

 

Authorization Store Errors (Event ID 26325)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Event ID: 26325: An authorization store exception was thrown in the System Center Data Access service. Exception message: Unable to perform the operation because of authorization store errors.

 

And this one…

 

Authorization Store Errors (Event ID 26319)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Event ID: 26319: An exception was thrown while processing PerformGroupMembershipDiscoverySnapshot for session ID uuid:f35ce503-da44-4d37-b914-6b49872159c3;id=16.

Exception message: The creator of this fault did not specify a Reason.

Full Exception: System.ServiceModel.FaultException`1[Microsoft.EnterpriseManagement.Common.UnknownAuthorizationStoreException]: The creator of this fault did not specify a Reason. (Fault Detail is equal to Microsoft.EnterpriseManagement.Common.UnknownAuthorizationStoreException: Unable to perform the operation because of authorization store errors. —> System.Runtime.InteropServices.COMException: The security ID structure is invalid. (Exception from HRESULT: 0x80070539)

at Microsoft.Interop.Security.AzRoles.AzAuthorizationStoreClass.Initialize(Int32 lFlags, String bstrPolicyURL, Object varReserved)

at Microsoft.EnterpriseManagement.Mom.Sdk.Authorization.AzManHelper.Initialize(String pathToStore, String appName, AzManHelperModes helperMode, String storeDesc, String appDesc)

— End of inner exception stack trace —).

 

 

So, what’s changed?

Well due to the way that our environment works, we directly run some stored procedures and scripts against specific tables in our OperationsManagerDB and I know that a couple of days ago, someone just happened to be mucking around with permissions of the account that is used to perform these tasks. So naturally I chose to start there. Looking closer into this, I recalled an article that talked about having multiple logins with db_owner permissions. For the record I did a bit of Googling and you can find that post here:

So to fix this all I needed to do was remove the additional login from having db_owner permissions on the database. Restart the SDK Service and everything is back to normal.

 

 
Comments

You’re most welcome 🙂

Leave a Reply