Another interesting case I ran into at a customer site. In this site they use a Default Action Account for their SCOM agents. We rolled out two new SCOM agents and did not specify the agent action account during deployment. So went into SCOM administration -> Run As Configuration -> Profiles and found the Default Action Account profile. The two machines were using the Local System as their default action account as expected, while all others were using a specific account for that. Easy enough, click Edit and use the dropdown list to specify the same account as what all other agents are using. When trying to confirm this I got the following error. I will first pate the text version and followed by a screenshot followed by stack trace .
Cannot Associate a credential with a blank password to a health service. Accounts with blank passwords are inserted by a health service and cannot be used by users until they are updated to include a password explicitly.
Here is the stack trace belonging to this error:
Application: System Center Operations Manager 2007 R2
Application Version: 6.1.7221.61
Microsoft.EnterpriseManagement.Common.UnauthorizedAccessMonitoringException: Cannot associate a credential with a blank password to a health service. Accounts with blank passwords are inserted by a health service and cannot be used by users until they are updated to include a password explicitly. ---> -- Cannot associated a health service with a credential that has no password. This happens when the secure data object was inserted by a health service.
--- End of inner exception stack trace ---
at Microsoft.EnterpriseManagement.DataAbstractionLayer.SdkDataAbstractionLayer.HandleIndigoExceptions(Exception ex)
at Microsoft.EnterpriseManagement.DataAbstractionLayer.SecuritySpaceOperations.UpdateSecureSecureStorageSecureReference(Guid secureStorageReferenceId, Guid secureDataId)
at Microsoft.EnterpriseManagement.Mom.Internal.UI.Common.SDKHelper.<>c__DisplayClass19.<UpdateMonitoringSecureDataHealthServiceReference>b__18(Object , ConsoleJobEventArgs )
at Microsoft.EnterpriseManagement.Mom.Internal.UI.Console.ConsoleJobExceptionHandler.ExecuteJob(IComponent component, EventHandler`1 job, Object sender, ConsoleJobEventArgs args)
-- Cannot associated a health service with a credential that has no password. This happens when the secure data object was inserted by a health service.
This would suggest that the account I am trying to assign to this machine has a blank password. Funny because all others are using it already.
But anyway, I went into the SCOM console – administration pane – Run As Configuration -> Accounts and found the Action Account we were assigning. Opened the properties and typed the password again.
Right after this we could change the Default Action Account Run As Profile.
If it happens to anybody… hope it helps. Make sure you check that that password you are typing in the box is the right one first! Dont want to get errors from all agents….