0
Answered

Event Broker Create FIM Agent access denied

Bob Bradley 3 years ago • updated by anonymous 3 years ago 3

A vanilla install of Event Broker 3.2.1 RTM throws an Access Denied exception when attempting to connect to the local SQL Server 2012 (Enterprise x64) FIMSynchronizationService database. This is despite the service account having the correct db_datareader role membership on this database, and a UDL file running under the service account identity successfully connecting to the database.


Log file entry as follows:



20160401,03:05:29,UNIFY FIM Event Broker,Agent Engine,Error,"An error occured when attempting to execute a function against the agent with the id 78271e3f-e5af-4f4e-a4ea-9e076acc3904:

System.UnauthorizedAccessException: Access denied ---> System.Management.ManagementException: Access denied
at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
at Unify.Product.EventBroker.FIMAgent.QueryFIMForManagementAgents()
--- End of inner exception stack trace ---
at Unify.Product.EventBroker.FIMAgent.UnauthorizedAccessExceptionHandler(ManagementException managementException)
at Unify.Product.EventBroker.FIMAgent.ExceptionHandler[T](T exception, IEnumerable`1 exceptionHandlers)
at Unify.Product.EventBroker.FIMAgent.QueryFIMForManagementAgents()
at Unify.Product.EventBroker.FIMAgent.RefreshAgent()
at Unify.Product.EventBroker.AgentRequestResponseEngine.FIMAgentRefreshRequestAction(IAgent agent, XElement details, Guid agentId)
at Unify.Product.EventBroker.AgentRequestResponseEngine.<.ctor>b__1(IAgent agent, XElement details, Guid agentId)
at Unify.Product.EventBroker.AgentRequestResponseEngine.ExecuteRequest(IAgent agent, XElement details, Guid agentId)
at Unify.Product.EventBroker.AgentEngineRepository.ExecuteAgainstAgent(Guid agentId, XElement details)
at Unify.Product.EventBroker.AgentEngine.ExecuteAgainstAgent(Guid agentId, XElement details)
at Unify.Product.EventBroker.AgentEngineLoggingDecorator.ExecuteAgainstAgent(Guid agentId, XElement details)",Normal
20160401,03:07:13,UNIFY FIM Event Broker,Agent Engine,Warning,"The test of Agent FIM Agent (78271e3f-e5af-4f4e-a4ea-9e076acc3904) failed with message:
System.Management.ManagementException: Access denied
at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
at System.Management.ManagementObjectCollection.get_Count()
at Unify.Product.EventBroker.FIMAgent.TestConnection()
at Unify.Product.EventBroker.AgentEngine.Notify(ITestAgentConnectionMessage message)",Normal
+1
Searching answer

That's a WMI error, not for the database. Is FIM remote? From here it states that you need to check the WMI permissions.

Doh - yes that was it (added FIMSync Admins membership and restarted service - all good), but I wasn't thinking of WMI when I saw "access denied" obviously, and I didn't see WMI come up on the Troubleshooting page for some reason. Is it possible to be more specific with the "access denied" error perhaps? I know this is a prerequisite that I missed, but if you can determine the problem from the exception then it would make it obvious. Thanks.