DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 883347 - Last Review: February 25, 2008 - Revision: 4.1

SYMPTOMS

In Microsoft Operations Manager (MOM) 2005, the MOM agent or the MOM server does not start, and the following event is logged in the Application event log:

Event Type: Error
Event Source: Microsoft Operations Manager
Event Category: MOM Server
Event ID: 9029
Description: The Microsoft Operations Manager service (MOMService.exe) was unable to run under the supplied credentials. Please use the SetActionAccount utility to set an action account which meets the guidelines documented in the Microsoft Operations Manager documentation.

CAUSE

This problem may occur if any one or more of the following conditions are true:
  • A domain controller is not available to perform the logon.
  • The action account is disabled or deleted.
  • The action account's password has expired.
  • The action account that the MOM service uses does not have permissions to log on locally. By default, only administrator accounts automatically receive Allow Logon Locally permissions on domain controllers. The account that is used by the MOM service must be able to log on locally to the computer.

RESOLUTION

To resolve this problem, make sure that a domain controller is available on the network, that the action account is active, that the action account's password has not expired, and that the action account that MOM uses has Allow Logon Locally permissions either in the Local Group Policy or in the Default Domain Policy if it is defined for the Allow Logon Locally setting and affects the MOM server in question.

To edit the local group policy object setting, follow these steps:
  1. Click Start, click Run, type GPEDIT.MSC, and then press ENTER.
  2. Expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click User Rights Assignment.
  3. Double-click Allow log on locally, and then click Add User or Group.
  4. Type the user account, click OK, and then click OK.
  5. Close Group Policy Object Editor.

To edit the default domain policy setting, follow these steps:

Note It is highly recommended that you assess the impact of the change that you make to the default domain policy, especially if it is currently set to Not Defined.
  1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. Right-click the domain object, and then click Properties.
  3. On the Group Policy tab, click the domain policy, and then click Edit.
  4. Expand Computer Configuration\Windows Settings\Security Settings\Local Policies, and then click User Rights Assignment.
  5. Double-click Allow log on locally, and then click Add User or Group.
  6. Type the user account, click OK, and then click OK.
  7. Quit Group Policy Object Editor.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

You can use the SetActionAccount.exe tool to examine the action account. This tool is located in the Program Files\Microsoft Operations Manager 2005 folder. To do this, follow these steps:
  1. Click Start, click Run, type cmd, and then click OK.
  2. At the command prompt, locate the Program Files\Microsoft Operations Manager 2005 folder.
  3. Type the following:
    SetActionAccount.exe Management_Group_Name -query
    Note You must specify your management group name. You can use the -set command instead of the -query command to change the MOM action account, reset or change the action account password.

APPLIES TO
  • Microsoft Operations Manager (MOM) 2005
Keywords: 
kbtshoot kbservice kberrmsg kbevent kbuser kbsecurity KB883347
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support