Subscriptions in SCOM 2007 automatically disabled
This post is all about an old and well known issue but I haven’t found any automated solution to it so I’d like to share mine. But first an introduction:
When editing a subscription in System Center Operations Manager 2007 the subscription is tagged with the SID of the administrators user account.
This is all good until the day that that account is removed from the SCOM administrators role. And maybe, if the administrator in question leaves the company, the account is even removed from Active Directory. Suddenly all subscriptions tagged with this particular users SID will be disabled and enabling them will only work for a while, 30 minutes later they will be disabled again with event id 11452.
The manual solution
A quick search reveals that this is a known issue and the way to fix it is to export the management pack, replace the SID with the SID from another still existing administrator before importing it again. The management pack containing subscriptions is “Microsoft.SystemCenter.Notifications.Internal”.
There is a great article about this on the OpsMgr 2007 blog over here:
http://blogs.technet.com/b/operationsmgr/archive/2009/11/12/opsmgr-2007-subscriptions-getting-automatically-disabled-event-id-11452-logged.aspx
Now all is good once again. At least until the next administrator leaves his position and we are back where we started.
The automated solution
First of all, I chose to replace the SID’s of any administrator with a SID of a service account with the Administrator Role since this account is less likely to be removed.
To find the account SID i used the following snippet of code:
$User = New-Object System.Security.Principal.NTAccount($Domain, $UserName) -ErrorAction Stop $NewSID = ($User.Translate([System.Security.Principal.SecurityIdentifier])).Value
Where $Domain is the domain name and $UserName the username of the Service Account.
Next up I export the managementpack to an XML in the folder specified in $Path and store the full filepath in the variable $Files:
$Files = Get-ManagementPack -ErrorAction Stop | Where {$_.Name -eq "Microsoft.SystemCenter.Notifications.Internal"} | Foreach { Join-Path -Path $Path -ChildPath "$($_.Name).xml" Export-ManagementPack -ManagementPack $_ -Path $Path -ErrorAction Stop }
For an option to roll back if something goes wrong i copy the exported file as a backup using Copy-Item and then load the original file by creating a new [XML] object and using its Load() method.
Copy-Item -Path $File -Destination "$File.$(Get-Date -f yyyyMMdd_HHmm)" -Force $xml = New-Object -TypeName XML $xml.Load($File)
Now we’re ready to replace the SIDs. To search the XML I use Select-XML and the following XPath query to select all the UserSID nodes that are to be replaced:
“/ManagementPack/Monitoring/Rules/Rule/DataSources/DataSource//UserSid[text() != ‘$NewSID’]”
This searches recursively for any UserSID-node in the path “ManagementPack/Monitoring/Rules/Rule/DataSources/DataSource” where the text is not the SID stored in $NewSID.
Replace the SID just found with the SID of the service account and save the XML.
Select-Xml -Xml $xml -XPath "/ManagementPack/Monitoring/Rules/Rule/DataSources/DataSource//UserSid[text() != '$NewSID']" | Foreach { $_.Node.'#text' = $NewSID } $xml.Save($File)
The $xml.Save method saves the file in UTF8 encoding on my system and just to be sure that everything goes smooth, I convert it back to unicode and then import the managementpack:
$Data = Get-Content -Path $File $Data | Set-Content -Path $File -Encoding Unicode @DefaultParam if ($PSCmdlet.ShouldProcess($File, 'Install ManagementPack')) { Install-Managementpack -Filepath $File }
The if-statement is for -Confirm or -WhatIf functionallity.
I posted the script in whole on TechNet Gallery and it can be downloaded from here:
http://gallery.technet.microsoft.com/Fix-Subscriptions-in-SCOM-50a5e06b