Yeni enryption Key oluşturulmasına rağmen konfigurasyon update olmuyor

  • Article

Operations Manager 2007 R2 de encryption key ‘in bozulması ardından key’in bir daha yüklenmesi nadir durumlarda işe yaramıyor yada key kaybedilmiş veya şifresi unutulmuş olabilir. Böyle durumlarda https://support.microsoft.com/kb/946421 artikel deki aksiyonu uygulayıp yeni bir encryption key oluşturulabilir. Bu aksiyona rağmen konfigurasyonun güncellenmediğini bir çok durumda gözleyebiliriz.Konfigurasyonun güncellenmemesini health servisinin çalıştırılması ardından 21025 eventlerinin gelmemesi,29106 eventlerin düşmesi, MP lerin agentlara dağıtılmaması ve agent eklemedeki oluşan sıkıntıdan çok rahat anlayabiliriz. Ecryption Key temel olarak run as accountların bilgilerini bünyesinde barındırmaktır. Yeni oluşturulan bir encryption bu bilgilerden yoksun olduğundan run as accountlarda herhangi bir değişiklik yapmamamıza rağmen şifrelerin kullanılmasında sıkıntı oluşturmaktadır. Aşağıda klasik olarak bu durumda karşılaşabileceğiniz bir event görmektesiniz.

Source:        OpsMgr Config Service
Date:          6/14/2010 2:48:09 PM
Event ID:      29106
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      XXXXX
Description:
The request to synchronize state for OpsMgr Health Service identified by "9a3d0e3d-c6da-8dfd-0a75-0fe24a5e664f" failed due to the following exception "System.Security.Cryptography.CryptographicException: Error occurred during a cryptographic operation.

Server stack trace:
   at Microsoft.EnterpriseManagement.Mom.Internal.AesNativeTransform.DepadBlock(Byte[] block, Int32 offset, Int32 count)
   at Microsoft.EnterpriseManagement.Mom.Internal.AesNativeTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)
   at Microsoft.EnterpriseManagement.Security.SecureStorageManager.Decrypt(Byte[] value)
   at Microsoft.EnterpriseManagement.Mom.ServiceDataLayer.CredentialDocumentHelper.CreateCredentialSectionsForGivenCredentialType(XmlWriter& writer, Result dbRow)
   at Microsoft.EnterpriseManagement.Mom.ServiceDataLayer.CredentialDocumentHelper.InsertCredentialInfo(XmlWriter& writer, ReadOnlyCollection`1 requestedGuids, List`1 dbList, TypeOfCredentialDocumentElement elementType)
   at Microsoft.EnterpriseManagement.Mom.ServiceDataLayer.CredentialDocumentHelper.GenerateCredentialAndCredentialReferenceDocument()
   at Microsoft.EnterpriseManagement.Mom.ServiceDataLayer.RootConnectorMethods.OnRetrieveSecureData(Guid healthServiceId, ReadOnlyCollection`1 addedSecureStorageReferences, ReadOnlyCollection`1 removedSecureStorageReferences, ReadOnlyCollection`1 modifiedSecureStorageReferences, ReadOnlyCollection`1 addedSecureStorageElements, ReadOnlyCollection`1 removedSecureStorageElements, ReadOnlyCollection`1 modifiedSecureStorageElements)
   at Microsoft.EnterpriseManagement.Mom.Sdk.Service.SDKReceiver.OnRetrieveSecureData(Guid healthServiceId, ReadOnlyCollection`1 addedSecureStorageReferences, ReadOnlyCollection`1 removedSecureStorageReferences, ReadOnlyCollection`1 modifiedSecureStorageReferences, ReadOnlyCollection`1 addedSecureStorageElements, ReadOnlyCollection`1 removedSecureStorageElements, ReadOnlyCollection`1 modifiedSecureStorageElements)
   at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
   at System.Runtime.Remoting.Messaging.StackBuilderSink.PrivateProcessMessage(RuntimeMethodHandle md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
   at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Microsoft.EnterpriseManagement.Mom.Internal.ISdkService.OnRetrieveSecureData(Guid healthServiceId, ReadOnlyCollection`1 addedSecureStorageReferences, ReadOnlyCollection`1 removedSecureStorageReferences, ReadOnlyCollection`1 modifiedSecureStorageReferences, ReadOnlyCollection`1 addedSecureStorageElements, ReadOnlyCollection`1 removedSecureStorageElements, ReadOnlyCollection`1 modifiedSecureStorageElements)
   at Microsoft.Mom.ConfigService.Networking.ConnectionFactory.Connection.Sender.OnRetrieveSecureData(Guid healthServiceId, ReadOnlyCollection`1 addedSecureStorageReferences, ReadOnlyCollection`1 removedSecureStorageReferences, ReadOnlyCollection`1 modifiedSecureStorageReferences, ReadOnlyCollection`1 addedSecureStorageElements, ReadOnlyCollection`1 removedSecureStorageElements, ReadOnlyCollection`1 modifiedSecureStorageElements)
   at Microsoft.Mom.ConfigService.Networking.ConnectionFactory.Connection.OnRetrieveSecureData(Guid healthServiceId, ReadOnlyCollection`1 addedSecureStorageReferences, ReadOnlyCollection`1 removedSecureStorageReferences, ReadOnlyCollection`1 modifiedSecureStorageReferences, ReadOnlyCollection`1 addedSecureStorageElements, ReadOnlyCollection`1 removedSecureStorageElements, ReadOnlyCollection`1 modifiedSecureStorageElements)
   at Microsoft.Mom.ConfigService.Engine.ConfigurationEngine.CommunicationHelper.StateSyncRequestTask.ResponseWriter.SecureDataWriter.Write(StateSyncResponseMessage response)
   at Microsoft.Mom.ConfigService.Engine.ConfigurationEngine.CommunicationHelper.StateSyncRequestTask.ResponseWriter.WriteState(StateSyncResponseMessage response)
   at Microsoft.Mom.ConfigService.Engine.ConfigurationEngine.CommunicationHelper.StateSyncRequestTask.ResponseWriter.Write(StateSyncResponseMessage response)
   at Microsoft.Mom.ConfigService.Engine.ConfigurationEngine.CommunicationHelper.StateSyncRequestTask.ResponseWriter.Write(StateContext stateContext, ConfigurationItems configurationItems, StateSyncResponseMessage response, IConnection connection)
   at Microsoft.Mom.ConfigService.Engine.ConfigurationEngine.CommunicationHelper.StateSyncRequestTask.CreateResponse(Managers managers)
   at Microsoft.Mom.ConfigService.Engine.ConfigurationEngine.Managers.Synchronize(OnDoSynchronizedWork onDoSynchronizedWork)
   at Microsoft.Mom.ConfigService.Engine.ConfigurationEngine.CommunicationHelper.StateSyncRequestTask.Execute(Managers managers)
   at Microsoft.Mom.ConfigService.Engine.ConfigurationEngine.CommunicationHelper.StateSyncRequestTask.Run(Guid source, String cookie, Managers managers, IConfigurationDataAccessor dataAccessor, Stream stream, IConnection connection)".

Sorunun çözümü yaşattığı sıkıntıyı karşın oldukça basit.

  1. Operations Manager 2007 R2 konsolunu Administrator olarak açın. Administration alanına gelin. Run As Configuration kısmından Accounts’a tıklayın. Sırayla tüm Run As Accountlarda bulunan kullanıcı şifrelerini girin. Yapılan işlemin ardın sıra ile System Center Management, System Center Configuration, ve System Center Data Access servislerini kapatın. Servisleri stop ettikten sonra önce System Center Data Access, System Center Configuration ve en son System Center Management servislerini start edin. Servisleri start ettikten sonra bir kaç dakika (mevcut ortam büyüklüğüne göre değişebilir) konfigurasyonun update edildiğini göreceksiniz ve 21025 eventleri gelmeye başlayacaktır.