Discussion:
An error occurred on line 53 while executing script
(too old to reply)
unarcher
2006-12-29 09:49:00 UTC
Permalink
Hi
I installed MOM Agent on a Windows 2000 DC manually
I installed Replprov.msi, OOMADS.msi, and the dnsprov

But I got theses error every few minutes and this is flooding my event log.


An error occurred on line 53 while executing script 'AD Op Master Domain
Naming Response'
Source: %3
Description: %4

An error occurred on line 53 while executing script 'AD Op Master
Infrastructure Response'
Source: %3
Description: %4


How can I correct this?
Anders Bengtsson
2006-12-29 10:32:58 UTC
Permalink
Hi

Are you running local system as action account?

Also, please post the hole alert.
--
Regards
Anders Bengtsson [MCSE, MCSA, MCP] | anders AT contoso.se |
http://www.contoso.se
Post by unarcher
Hi
I installed MOM Agent on a Windows 2000 DC manually
I installed Replprov.msi, OOMADS.msi, and the dnsprov
But I got theses error every few minutes and this is flooding my event log.
An error occurred on line 53 while executing script 'AD Op Master Domain
Naming Response'
Source: %3
Description: %4
An error occurred on line 53 while executing script 'AD Op Master
Infrastructure Response'
Source: %3
Description: %4
How can I correct this?
Stuart [MVP]
2007-02-06 22:32:00 UTC
Permalink
I don't believe that's an appropriate agent action account for use with the
AD MP.

Stuart.
-------
MOM Agent is running as Local System
Here is the whole alert
Type de l'événement : Erreur
Source de l'événement : Microsoft Operations Manager
Catégorie de l'événement : Aucun
ID de l'événement : 9100
Date : 29/12/2006
Heure : 17:38:42
Utilisateur : AUTORITE NT\SYSTEM
Ordinateur : MYSERVER
An error occurred on line 53 while executing script 'AD Op Master Schema
Response'
Source: %3
Description: %4
Anders Bengtsson
2007-02-07 05:37:53 UTC
Permalink
Best practices dictate that action account should never be domain admin.
Using 'localsystem' as agent action account on a domain controller provides
as good as domain admin for scripts that run on those servers, without the
risk of creating another domain account with admin rights.
--
Regards
Anders Bengtsson [MCSE, MCSA] | anders AT contoso.se | http://www.contoso.se
Post by Stuart [MVP]
I don't believe that's an appropriate agent action account for use with the
AD MP.
Stuart.
-------
MOM Agent is running as Local System
Here is the whole alert
Type de l'événement : Erreur
Source de l'événement : Microsoft Operations Manager
Catégorie de l'événement : Aucun
ID de l'événement : 9100
Date : 29/12/2006
Heure : 17:38:42
Utilisateur : AUTORITE NT\SYSTEM
Ordinateur : MYSERVER
An error occurred on line 53 while executing script 'AD Op Master Schema
Response'
Source: %3
Description: %4
Bob
2007-04-04 13:02:02 UTC
Permalink
If the Action Account is not supposed to be a Domain Admins member, why does
the MADM Guide say "The Action Account must be a member of either the Domain
Admins group or the Administrators group in the domain in which trusts are
monitored using the AD Monitor Trusts script. If the Action Account is not a
member of either of these groups, you will continue to receive a failure
message unless you disable the following rule:
Microsoft Windows Active Directory\Active Directory Monitor Trusts\Script-AD
Monitor Trusts."

Confusion rules here. None of the AD reports are running, and it appears to
be a rights issue. THese are the errors I'm getting (Should I begin a new
thread?)

Failed to get the Infrastructure Master for the domain 'ForestDnsZones.domain.
This will cause an incomplete topology to be displayed
The error returned was: 'There is no such object on the server.'
(0x80072030)' (0x80072030) Name: Topology Discovery did not fully discover
topology - the Site Link diagram may be incomplete

I've run the fix in KB 901051, we're on a 2003 domain-2000 forest and the
version of the ADMP is 05.0.2642.0063, error still remains. In addition, I'm
getting errors • An error has occurred during report processing. '(changes on
report run)'
o Query execution failed for data set '(changes on report run)'.
(rsErrorExecutingCommand)
 Invalid object name '(changes on report run)'.

Any thoughts on where to start are GREATLY appreciated!

Bob
Post by Anders Bengtsson
Best practices dictate that action account should never be domain admin.
Using 'localsystem' as agent action account on a domain controller provides
as good as domain admin for scripts that run on those servers, without the
risk of creating another domain account with admin rights.
--
Regards
Anders Bengtsson [MCSE, MCSA] | anders AT contoso.se | http://www.contoso.se
Post by Stuart [MVP]
I don't believe that's an appropriate agent action account for use with the
AD MP.
Stuart.
-------
MOM Agent is running as Local System
Here is the whole alert
Type de l'événement : Erreur
Source de l'événement : Microsoft Operations Manager
Catégorie de l'événement : Aucun
ID de l'événement : 9100
Date : 29/12/2006
Heure : 17:38:42
Utilisateur : AUTORITE NT\SYSTEM
Ordinateur : MYSERVER
An error occurred on line 53 while executing script 'AD Op Master Schema
Response'
Source: %3
Description: %4
Anders Bengtsson
2007-04-04 19:08:33 UTC
Permalink
Hi

I thinker there are a couple of scenarios when you cant use local system as
action account. One of them are when you verify trusts. If I dont remember
wrong your action account (domain account in this scenario) need access in
the trusted domain to verify the trust.

Is this not the same question as in the other thread?
--
Regards
Anders Bengtsson [MCSE:Security, MCSA:Messaging] | http://www.contoso.se
Post by Bob
If the Action Account is not supposed to be a Domain Admins member, why does
the MADM Guide say "The Action Account must be a member of either the Domain
Admins group or the Administrators group in the domain in which trusts are
monitored using the AD Monitor Trusts script. If the Action Account is not a
member of either of these groups, you will continue to receive a failure
Microsoft Windows Active Directory\Active Directory Monitor
Trusts\Script-AD
Monitor Trusts."
Confusion rules here. None of the AD reports are running, and it appears to
be a rights issue. THese are the errors I'm getting (Should I begin a new
thread?)
Failed to get the Infrastructure Master for the domain
'ForestDnsZones.domain.
This will cause an incomplete topology to be displayed
The error returned was: 'There is no such object on the server.'
(0x80072030)' (0x80072030) Name: Topology Discovery did not fully discover
topology - the Site Link diagram may be incomplete
I've run the fix in KB 901051, we're on a 2003 domain-2000 forest and the
version of the ADMP is 05.0.2642.0063, error still remains. In addition, I'm
getting errors . An error has occurred during report processing. '(changes
on
report run)'
o Query execution failed for data set '(changes on report run)'.
(rsErrorExecutingCommand)
? Invalid object name '(changes on report run)'.
Any thoughts on where to start are GREATLY appreciated!
Bob
Post by Anders Bengtsson
Best practices dictate that action account should never be domain admin.
Using 'localsystem' as agent action account on a domain controller provides
as good as domain admin for scripts that run on those servers, without the
risk of creating another domain account with admin rights.
--
Regards
Anders Bengtsson [MCSE, MCSA] | anders AT contoso.se |
http://www.contoso.se
Post by Stuart [MVP]
I don't believe that's an appropriate agent action account for use with the
AD MP.
Stuart.
-------
MOM Agent is running as Local System
Here is the whole alert
Type de l'événement : Erreur
Source de l'événement : Microsoft Operations Manager
Catégorie de l'événement : Aucun
ID de l'événement : 9100
Date : 29/12/2006
Heure : 17:38:42
Utilisateur : AUTORITE NT\SYSTEM
Ordinateur : MYSERVER
An error occurred on line 53 while executing script 'AD Op Master Schema
Response'
Source: %3
Description: %4
Loading...