ISA Firewall Role discovery might fail under below condition
Environment ===========a) ISA Configuration Storage Server is a part of domainb) ISA Firewall Server is part of the workgroupc) Action Account Configured for Operations Manager is Local System.
The FirewallServerRoleDisc.vbs is failing with below event.
Event Type: ErrorEvent Source: Health Service ScriptEvent Category: NoneEvent ID: 4001Date: Time: User: N/AComputer: Description:FirewallServerRoleDisc.vbs : Error - Number:-1073478746 Source:FPC.Root.1 Description:The property or method Arrays is not supported when the ISA Server computer is not connected to a Configuration Storage server.HelpContext:0 HelpFile:For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
The account used for running the script FirewallServerRoleDisc.vbs does not sufficient permissions to perform the operation.Below is the failing code extract============================strRemoteManaged = ""Set oFPCRoot = CreateObject("FPC.Root")Set oFPCServer = oFPCRoot.GetContainingServer() '#### Failing query============================
Step 1: Create a Local Admin Account on the Configuration Storage Server eg. ISAOPSMGRActionAccount with password XStep 2: Create a Local Admin Account on the Firewall Server with the same name and password eg. ISAOPSMGRActionAccount / X(Repeat the Steps if you have multiple firewall Servers , basically mirror the accounts)Step 3:On the Operations Manager ConsoleClick : Administration Node > Run As Accounts > Accounts i) Create a new Run As Account : Type (Action Account) , Fill in the other Details Click Nextii) Specify Username /Password for Domain Specify the ISA Firewall Machine Nameiii) Click Next and Create (Repeat the Steps for all Firewall Machines that need to be monitored)Step 4:Click : Administration Node > Run As Accounts > Profilesi) Double click Default Action Accountii) On the Add Run As accounts Screen , select the firewall and hit Editiii) In the Run As Account Drop down , choose the Action account created in the previous steps (Repeat the Steps for all Firewall Machines that need to be monitored)Restart the System Center Management or Health Service on the agent (Firewall)This time the script should work fine and firewall role should be discovered.
Jeevan Singh Bisht | Support Escalation Engineer