I have been noticing these two Event Ids (1220 and/or 7022) on my domain controllers on Operations Manager event log. Turn out to be it is an easy one to fix. I following Method B on this MSKB: The Health Service does not process configuration files, and events 7022 and 1220 are logged every 30 minutes on a domain controller on which you installed the Operations Manager 2007 agent
Even though we specify action account is a domain admin, SCOM agent uses local system account for collecting privileged information. I preferred to run HSLockdown tool to enable local system account on domain controllers.
Only negative thing is you have to run this on all domain controllers on your enterprise.
Method 2: Run HSLockdown.exe to configure permissions
Run HSLockdown.exe on the affected domain controllers to remove NT Authority\SYSTEM from the Denied list. To do this, follow these steps:
- On the domain controller, open a command prompt, and then open the folder where the agent software is installed. By default, the agent is installed in the following folder:
C:\Program Files\System Center Operations Manager 2007
- Type the following command, and then press ENTER:
hslockdown “Management_Group _Name” /R “NT AUTHORITY\SYSTEM”
In this command, Management_Group _Name is the name of the Operations Manager 2007 management group of which the agent is a member. Use quotation marks if the name contains spaces.
- Restart the OpsMgr Health Service.
- Repeat step 1 through step 3 on each domain controller that is affected.
