Hello,
We have eight SCOM 2012 SP1 management servers, all virtual, all located in the same data center. One of those is the RMSe. Recently one of the management servers, we'll call it "007", has started showing a flood of Event Id 2115. I stopped the health service, renamed the Health Service State folder, restarted the health service then watched as the OpsMgr event log eventually started showing Event Id 2115 again. I believe this event id is a direct result of the following: While the health service was restarting, I switched over to the OpsMgr DB server and watched the Application event log. It began showing Event Id 18456: " Log Name: Application Source: MSSQLSERVER Date: 9/3/2013 1:33:27 PM Event ID: 18456 Task Category: Logon Level: Information Keywords: Classic,Audit Failure User: Domain\<mgt svr>007$ Computer: <opsmgr db server>001.domain.com Description: Login failed for user 'Domain\<mgt svr>007$'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: some ip address] Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event <http://schemas.microsoft.com/win/2004/08/events/event> "> <System> <Provider Name="MSSQLSERVER" /> <EventID Qualifiers="49152">18456</EventID> <Level>0</Level> <Task>4</Task> <Keywords>0x90000000000000</Keywords> <TimeCreated SystemTime="2013-09-03T18:33:27.000000000Z" /> <EventRecordID>37127</EventRecordID> <Channel>Application</Channel> <Computer><opsmgr db server>001.domain.com</Computer> <Security UserID="S-1-5-21-2953958680-949419512-4227892181-137369" /> </System> <EventData> <Data>DOMAIN\<mgt svr>007$</Data> <Data> Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors.</Data> <Data> [CLIENT: 172.30.70.246]</Data> <Binary>184800000E000000100000005600410055005300530043004F004D004F005000 440042003000300031000000070000006D00610073007400650072000000</Binary> </EventData> </Event> I thought maybe an spn registration had deregistered, but those were still intact. Again, the other 7 management servers are running fine. Some of them are also members of the same Resource Pools as the problematic mgt. server. Any ideas on what I can do to resolve this? Thanks, Sven Sven Wells SYSTEMS ADMINISTRATION SPECIALIST TECHNOLOGY AND LABORATORY SVCS Wilmington NC HQ PPD Phone +1 910 558 6870 [email protected] <mailto:[email protected]> www.ppdi.com <http://www.ppdi.com/> This email transmission and any documents, files or previous email messages attached to it may contain information that is confidential or legally privileged. If you are not the intended recipient or a person responsible for delivering this transmission to the intended recipient, you are hereby notified that you must not read this transmission and that any disclosure, copying, printing, distribution or use of this transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone or return email and delete the original transmission and its attachments without reading or saving in any manner.
