Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Hello all,
I`m sure a lot of enterprise customers have hit this, where basically you are unable to access SCOM Reporting from across a forest trust. So for example you have User A in a forest in ___domain A and User B in a separate forest in ___domain B. Between the domains is a one way trust. Now if the SCOM servers and reporting servers are part of ___domain B you will be unable to authentication with users from ___domain A in order to access SCOM reporting services.
This is currently by design, so if you have this issue please cast an upvote for this in connect: https://connect.microsoft.com/WindowsServer/Feedback/Details/1266165
The issue is when using an account from a trusted ___domain that uses a one way trust, the DAS is unable to access the accounts group info and receives an ACCESS DENIED.
This is by design because this is a restriction from AzMan - details here: https://msdn.microsoft.com/en-us/library/aa377364(VS.85).aspx
More details to be found also here:
As a further and easier workaround I would suggest to configure an account (from the ___domain where SCOM and the SQL server is part of) for the sql server where reporting is installed in credential manager on all the management servers that hold a console where you want to access reporting from.
This way you will authenticate with a user from the same ___domain as the SQL server.
Another workaround are the ones below:
Comments
- Anonymous
April 05, 2016
Aside from a broken link to vote for this to be fixed, this has been a problem for several major versions of SCOM now. It would be great if MS would fix this - if it is a restriction of the authentication method currently used then please consider updating the method!