I finally got involved in my first SCOM project and realized that client’s IT environment might not be as ideally as how we want it to be, in terms of their IT security policy / GPO. However, below is a some checklist which i think it is handy before we proceed with SCOM installation without much hiccups.
- SCOM action account is created and granted with relevant permissions. Make sure that the SCOM action account is granted “log on as a service” and “log on as a batch job”. “Log on as a batch job” is required, especially if you are using SCOM action account to run the Service Level Dashboard. If not, the application pool for SLD in the IIS will be immediately stopped, once the SLD website is loaded.
- Check if “System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing” is enabled and can be disabled if it is. If not, then you might need to apply kb911722 for the SCOM web console, if it is displaying "the implementation was not part of the windows platform FIPS validated cryptographic algorithms" at your browser.
- The rest will the same as my previous SCOM 101 post.