SCOM 2007 R2: Event ID 1220 on Domain controllers

I have been noticing these two Event Ids (1220 and/or 7022) on my domain controllers on Operations Manager event log. Turn out to be it is an easy one to fix.  I following Method B on this MSKB: The Health Service does not process configuration files, and events 7022 and 1220 are logged every 30 minutes on a domain controller on which you installed the Operations Manager 2007 agent 

Even though we specify action account is a domain admin, SCOM agent uses local system account for collecting privileged information. I preferred to run HSLockdown tool to enable local system account on domain controllers.

Only negative thing is you have to run this on all domain controllers on your enterprise.

Method 2: Run HSLockdown.exe to configure permissions

Run HSLockdown.exe on the affected domain controllers to remove NT Authority\SYSTEM from the Denied list. To do this, follow these steps:

  1. On the domain controller, open a command prompt, and then open the folder where the agent software is installed. By default, the agent is installed in the following folder:

    C:\Program Files\System Center Operations Manager 2007

  2. Type the following command, and then press ENTER:

    hslockdown “Management_Group _Name” /R “NT AUTHORITY\SYSTEM”

    In this command, Management_Group _Name is the name of the Operations Manager 2007 management group of which the agent is a member. Use quotation marks if the name contains spaces.

  3. Restart the OpsMgr Health Service.
  4. Repeat step 1 through step 3 on each domain controller that is affected.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s