locked
Accidentally deleted APM Run As Account RRS feed

  • Question

  • Hey

    While deleting some test Run As accounts, I accidentally deleted the APM Run As Account that gets automatically created. Is there a way to restore this account? I was going to try and re-create it, but I never entered any credentials for it.

    In my test environment, I installed APM and noticed that the account gets created once you start monitoring an application. The credentials for the account are a Binary Account File type with encrypted binary data.

    Any suggestions with how I should proceed?

    Thanks!

    jeudi 9 octobre 2014 17:48

Réponses

  • Fixed the issue. Here's what I had to do:

    1. Delete the Run As PROFILE (entitled 'APM CSM Encryption Profile') that was looking for the deleted Run As "APM Account" (pictured above). Once I deleted it that action propagated to all the clients to stop looking for that account to authenticate as. I believe this is due to the nature of the account (See: Distribution tab: Less Secure - distributes to ALL managed computers).

    2. Once that profile was deleted, all the alerts entitled: "System Center Management Health Service Credentials Not Found Alert Message" were closed. 

    3. To get the account & profile back, all I had to do was the following: I noticed in my test lab that the APM account and APM CSM Encryption profile get created NOT when you import the APM management back, but once you SETUP your first .NET Application to monitor. After the setup of an application to monitor, those accounts get created and linked together. Since I already had a production APM monitor set up, all I had to do was open the properties of the .NET application from the Management Pack Templates view, and click Apply again. It sat there for a few moments processing the completion (one of the tasks obviously is creating those accounts if they do not exist), and then the wizard closed. Once closed, I verified the account and profile were created and watched the OpsMgr Event log populate as it propagated this account to all managed computers.

    Hope this helps someone if they encounter this in the future!

    vendredi 10 octobre 2014 12:58

Toutes les réponses

  • After some more digging, I found that the APM CSM Encryption Profile is the profile that references this Account. When you open that profile, you can see the [Deleted Account] referring to the APM account that I deleted. It looks like it's managing the Client-Side Monitoring Agent (which is on every agent, correct)?

    Does anyone have any recommendations for what to do next? Do I create a new Run As account and then associate it this profile? It needs to be a Binary account though right?

    jeudi 9 octobre 2014 19:46
  • Fixed the issue. Here's what I had to do:

    1. Delete the Run As PROFILE (entitled 'APM CSM Encryption Profile') that was looking for the deleted Run As "APM Account" (pictured above). Once I deleted it that action propagated to all the clients to stop looking for that account to authenticate as. I believe this is due to the nature of the account (See: Distribution tab: Less Secure - distributes to ALL managed computers).

    2. Once that profile was deleted, all the alerts entitled: "System Center Management Health Service Credentials Not Found Alert Message" were closed. 

    3. To get the account & profile back, all I had to do was the following: I noticed in my test lab that the APM account and APM CSM Encryption profile get created NOT when you import the APM management back, but once you SETUP your first .NET Application to monitor. After the setup of an application to monitor, those accounts get created and linked together. Since I already had a production APM monitor set up, all I had to do was open the properties of the .NET application from the Management Pack Templates view, and click Apply again. It sat there for a few moments processing the completion (one of the tasks obviously is creating those accounts if they do not exist), and then the wizard closed. Once closed, I verified the account and profile were created and watched the OpsMgr Event log populate as it propagated this account to all managed computers.

    Hope this helps someone if they encounter this in the future!

    vendredi 10 octobre 2014 12:58
  • Hi,

    "It looks like it's managing the Client-Side Monitoring Agent (which is on every agent, correct)?"

    That account is used for APM Client-side monitoring. I believe it will get populated back, after you remove [Deleted Account] from APM CSM Encryption Profile and reapply configuration.

    CSM monitoring is applied only on those managed servers, which host the ASP.NET Web Applications checked on "Client-Side Monitoring" tab of .NET Application Performance  Monitoring template.


    Igor Savchenko, VIAcode Consulting LLC (http://www.viacode.com/)

    lundi 13 octobre 2014 09:53
  • Hi Leroy,

    Thanks for posting.  Saved me a world of pain during a SCOM upgrade.

    Regards Rob.

    vendredi 1 juillet 2016 09:48