How to fix ENTSSO “Access is Denied” warnings on Biztalk Server


<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

NOTE: This article is migrated from Blog AsiaTech

Date: 2009-5-14 9:31 AM

Orignal URL: http://blogs.msdn.com/b/asiatech/archive/2009/05/14/how-to-fix-entsso-access-is-denied-warnings-on-biztalk-server.aspx

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

Problem Description

=================

 

In this situation, there are two ENTSSO warnings as below, which are always occurring at the same time (as a pattern) in the application log.

 

 

Event Type:   Warning

Event Source: ENTSSO

Event Category:       Enterprise Single Sign-On

Event ID:       10536

Date:            16/04/2009

Time:            1:04:00 p.m.

User:            N/A

Computer:     AAAA183

Description:

SSO AUDIT

 Function: GetConfigInfo ({9494BA4B-CB0A-4C8C-8A29-E6AA848BD665})

 Tracking ID: d0e06038-cce5-401d-95c6-ce63a14148a6

 Client Computer: aaaa183.bbbbb.cccc.dd (wmiprvse.exe:2504)

 Client User: AAAA\AAAA183$

 Application Name: {06E0DD2B-3550-465A-AD77-DF903144289C}

 Error Code: 0x80070005, Access is denied.

 

Event Type:   Warning

Event Source: ENTSSO

Event Category:       Enterprise Single Sign-On

Event ID:       11042

Date:            16/04/2009

Time:            1:04:00 p.m.

User:            N/A

Computer:     AAAA183

Description:

Access denied. The client user must be a member of one of the following accounts to perform this function.

 SSO Administrators: AAAA\AaaaGrSSOAdministrators

 SSO Affiliate Administrators: AAAA\AaaaGrSSOAffiliateAdministrators

 Application Administrators: AAAA\AaaaGrBizTalkServerAdministrators

 Application Users: -

 Additional Data: AAAA\AAAA183$ {06E0DD2B-3550-465A-AD77-DF903144289C} FILE_TL_BizTalkNbrsMoh

 

 

Problem Analysis

===============

 

The error means there is an application using ‘local system’ account to try to access the ENTSSO. In our case, the application is the SCOM agent.

 

The trouble shooting steps are:

 

1.       Stop the OpsMgr health Service on this BizTalk computer, to check whether the error will disappear. If it does, that means the SCOM is the application with problem. We can go to the next step.

 

2.       Check the "BizTalk Server Monitoring Account" & "BizTalk Server Discovery Account" under "Run As Profiles" in SCOM console, if it is empty, not configured., So SCOM agent which is on BizTalk side will use default action account “local system” as the account to monitor BizTalk Server.

 

Problem Solution

===============

 

1.    Stop the OpsMgr health Service on this BizTalk computer

2.    Create a new action account which has access to BizTalk Server, this account should be the member of some BizTalk Group then it will has the permission to access the ENTSSO or other BizTalk resource.

Also, use one existing account, e.g. Domain\BTSADM.

3.    In the SCOM console, give this account to "BizTalk Server Monitoring Account" & "BizTalk Server Discovery Account" under "Run As Profiles" for the client computer (AAAA183).

4.    Go back to the BizTalk machine, using the account which is added to "BizTalk Server Monitoring Account" & "BizTalk Server Discovery Account" to run OpsMgr health Service.

5.    Start the OpsMgr health Service.

 

Regards,

 

Jarrod Huang

Comments (1)

Comments are closed.

Skip to main content