Unix/Linux RunAs Accounts Have Disappeared from the Console (SCOM 2012 R2)

So today I was working with a colleague of mine and we experienced an error in the SCOM Console as follows:

 

Date: 13/05/2015 3:39:00 PM
 Application: Operations Manager
 Application Version: 7.1.10226.0
 Severity: Error
 Message:
System.Xml.XmlException: Data at the root level is invalid. Line 1, position 1.
 at System.Xml.XmlTextReaderImpl.Throw(String res, String arg)
 at System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace()
 at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
 at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
 at System.Xml.XmlDocument.Load(XmlReader reader)
 at System.Xml.XmlDocument.LoadXml(String xml)
 at Microsoft.SystemCenter.CrossPlatform.ClientLibrary.CredentialManagement.Core.ScxRunAsAccountHelper.DeserializeToScxRunAsAccount(ScxCredentialRef credentialRef)
 at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()
 at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)
 at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)
 at Microsoft.SystemCenter.CrossPlatform.ClientLibrary.CredentialManagement.Core.ScxRunAsAccountHelper.EnumerateScxRunAsAccount(IManagementGroupConnection managementGroupConnection)
 at Microsoft.SystemCenter.CrossPlatform.UI.OM.Integration.Administration.ScxRunAsAccountHelper.<GetScxRunAsAccountInstances>b__6(Object sender, ConsoleJobEventArgs e)
 at Microsoft.EnterpriseManagement.Mom.Internal.UI.Console.ConsoleJobExceptionHandler.ExecuteJob(IComponent component, EventHandler`1 job, Object sender, ConsoleJobEventArgs args)

 

Coincidentally we were also noticed that there were no Unix/Linux RunAs Accounts in our console…everything had disappeared! The other accounts were all there, just the Unix/Linux ones had disappeared…as it turns out, the Console expects to see our Unix/Linux RunAs accounts enclosed in XML Tags and since they’re not there we get this wonderful error. But the problem is, our console is empty…we can’t edit what we can’t see!

 

Unix Accounts - None

 

 

 

 

But if we query the OperationsManager Database from SQL Management Studio, we can still see all of the accounts there.

select * from CredentialManagerSecureStorage

 

So the SCOM Console is expecting to see our accounts which are called “scomunixaction” and “scomprivunix” to be listed as:

<SCXUser><UserId>scomunixaction</UserId><Elev></Elev></SCXUser>
<SCXUser><UserId>scomprivunix</UserId><Elev>sudo</Elev></SCXUser>

 

Well since the GUI was no help to us as it couldn’t even display our accounts to edit and editing the database directly is unsupported unless Microsoft tell you to do so, off to the PowerShell prompt we went. Let’s take a look at our RunAs Accounts using the Get-SCOMRunAsAccount cmdlet.

Get-SCOMRunAsAccount | Select Name | Sort Name

 

Unix Accounts Cmdlet

 

 

 

 

 

 

 

 

 

And there were all of our accounts, including our Unix/Linux Accounts…we can see them in PowerShell! But still none in the console 🙁

 

Let’s take a look at the options we have using our Get-SCOMRunAsAccount cmdlet.

Get-SCOMRunAsAccount | Get-Member

Get-Member

 

 

 

 

 

 

 

 

 

 

 

And yes, there’s a method called “Update”… so we should be able to use that!

 

# Grab our RunAs Account
$runas = Get-SCOMRunAsAccount | ? {$_.Name -eq “Unix Monitoring Account”}
# Set the Unix Action Account to have the XML Tags
$runas.Username = “<SCXUser><UserId>scomunixaction</UserId><Elev></Elev></SCXUser>”
# Apply the Update Method
$runas.Update()

 

And let’s do that again for our Privileged Account. Note the XML has “sudo” elevation added!

$runas = Get-SCOMRunAsAccount | ? {$_.Name -eq “Unix Priv Monitoring Account”}
$runas.Username = “<SCXUser><UserId>scomprivunix</UserId><Elev>sudo</Elev></SCXUser>”
$runas.Update()

 

Now we went back to the console and refreshed it…and our accounts are back in business!

Unix Accounts

 

 

 

 

 

 

And if we go back to the SQL Management Studio and take a look…

XML

 

 

 

We can see our Accounts now have the XML Tags as expected.

Hope that helps someone!

 

 
Comments

Thanks. I used this info to solve this exact problem om my scom 2012 r2 setup.

Thanks Jeremy…I really appreciate the time you took to leave a comment. Glad I could help 🙂

Hi,
thanks for sharing this valuable info. I am facing the same issue. I am getting exactly same error message in my scom console. I tried this solution. The SQL query output is with xml tags. Still the account does not appear in console. Any Idea what should I do next?

Hi Mohamed, you’re welcome and thanks for stopping by (sorry for the late reply)…. if this didn’t work for you…perhaps you should delete the original account and recreate it (or do you have more than one account that has the same issue? You might have to remove all that fall under this category first. You will probably have to do this from PowerShell or even do it directly in the database (sorry Microsoft, I didn’t say that 🙂 ). Send me a message if you’d like me to help…happy to assist mate 🙂

Thank you, excellent post, solved my problem instantly 🙂

First of all, thanks a TON for a fantastic post! Loved it!!!

Just like Mohamed, we too add multiple Run As Accounts got created while we were trying to create the account through the wizard. it looks more of the accounts corruption issue. The account creation wizard is NOT creating the Run As Account at all. The wizard closes successfully but doesn’t create account which is very weird.

Then performed the steps above and issue resolved.

Please keep in mind, when you see multiple profiles ensure to identify the corrupted one with Account type “SCOMBasicCredentialSecureData” and delete it using PS command

regards
Guru

Thanks for this post! This made my life easy to bring back the things!

One thing I want to mention for the users about the tags which were missing. In my case, the username field from SQL query resulted “scomprivunixsudo” where I couldn’t see the XML tags at the starting like “”. But all other accounts had complete XML tags. Still I have updated everything just to make sure I didn’t miss any.

Excellent, saved my day 🙂

Leave a Reply