SCOM Health Service Events when troubleshooting certificate authentication

These Events are common when troubleshooting problems related to Health Service certificates i System Center Operations Manager 2007:

 

21021 – Could not load Certificate
Check if certificate exists and the Health Service has permissions to read it.

 

20052 – Certificate not loaded (name does not match)
Make sure Issued To match the actual computername.

 

20053 – Certificate loaded
The certificate is loaded – and everything should be working.

 

 

Write Event to Windows Event Log using PowerShell

 

Creating an EventLog entry using PowerShell is shown below:

 

Note: The Event Source needs to be created before writing entries to the Event Log. (See this post for further info: Create Event Source with PowerShell)

 

 

Create Event Source with PowerShell

To create a Event Source in PowerShell use this:

Get more info on CreateEventSource method here : http://msdn.microsoft.com/en-us/library/2awhba7a.aspx

 

In PowerShell 2.0 this is even simpler:

 

EventLog: Determine Windows startup (Event Log Service)

To determine when Windows was started search for Event ID 6005 in the System Event Log. The entry should look like this:

SCOM 2007 R2 Agent could not connect to Management Server (Event 21006)

After installing agent event 21006 is shown in EventLog:

This is because the agent is unable to connect to Management Server. When connection fails no data will be sent to the Management Server, and typically no errors indicating connection failed will show up at the Management Server event log.

Verify agent can resolve Management Server adress and no extra characters(space) are present in the name specified during Agent installation.

In the picture above the agent is trying to connect to a Management Server which has a space before and after the FQDN. The extra spaces are easily overlooked in Event Properties.