SC Advisor - Error 3000: Unable to register to the Advisor Service & Onboarding Troubleshooting Steps

SC Advisor - Error 3000: Unable to register to the Advisor Service & Onboarding Troubleshooting Steps

  • Comments 13
  • Likes

We have had a few customers run into the “Error 3000: Unable to register to the Advisor Service” while trying to connect their OpsMgr 2012 Management group to System Center Advisor.

Error 3000: Unable to register to Advisor Service.

There are two reason why a customer may run into this:

  1. The server clock is off sync with the current time by more than 5mins. You can resolve this pretty easily by changing the clock time on your server to match the current time, you can accomplish this with opening command prompt as an Administrator type w32tm /tz to check the time zone, and w32tm /resync to sync.
  2. Their internal proxy server\firewalls are blocking communication to the Advisor service endpoints. We provide detailed instructions for this second case in this article. Read on.

PROXY REGISTRATION / CONFIGURATION STEPS

Step 1: Request exception for the service endpoints

The following domains and URLs need to be accessible through the firewall for the management server to access the Advisor Web Service.

Resource

Ports

service.systemcenteradvisor.com

scadvisor.accesscontrol.windows.net

scadvisorservice.accesscontrol.windows.net

scadvisorstore.blob.core.windows.net/*

data.systemcenteradvisor.com

ods.systemcenteradvisor.com

*.systemcenteradvisor.com

Ports 80 and 443

Ports 80 and 443

Ports 80 and 443

Ports 80 and 443

Ports 80 and 443

Ports 80 and 443

Ports 80 and 443

 The following domains and URLs need to be accessible through the firewall to view the Advisor Web portal and OpsMgr Console (to perform ‘registration’ to Advisor).

Resource

Ports

*.systemcenteradvisor.com

*.live.com

*.microsoft.com

*.microsoftonline.com

login.windows.net

Ports 80 and 443

Ports 80 and 443

Ports 80 and 443

Ports 80 and 443

Ports 80 and 443

Also ensure the Internet Explorer proxy is set correctly on your computer you are trying to login with. Especially valuable test is to try and connect to a SSL-enabled website, i.e. https://www.bing.com/ – if the HTTPS connection doesn’t work from a browser, it probably also won’t in the OpsConsole and in the server modules that talk to the web services in the cloud.

If none of the above steps resolves your issue please login to the Advisor Preview portal click the ‘Feedback’ button on the bottom right of the web page and file a ‘Feedback’ item and we will respond and help you troubleshoot further within 24hours.

 

POST-REGISTRATION PROXY CONFIGURATION STEPS

Once you have completed registering your OpsMgr Environment to the Advisor Service you need to follow Steps 2, 3 and 4 to allow your Management servers to send data to the Advisor Web Service.

Step 2: Configure the proxy server in the OpsMgr Console

  • Open the OpsMgr Console

  • Go to the “Administration” view

  • Select “Advisor Connection” under the "System Center Advisor" Node

Click “Configure Proxy Server”

  • Check the checkbox to use a proxy server to access the Advisor Web Service
  • Specify the proxy address


Step 3: Specify credentials if the Proxy Server requires Authentication

If your proxy server required authentication, you can specify one in the form of an OpsMgr RunAs account and associate it with the ‘System Center Advisor Run As Profile Proxy’

  • In the OpsMgr Console, go to the “Administration” view

  • Select “Profiles” under the "RunAs Configuration" Node

  • Double click and open “System Center Advisor Run As Profile Proxy


  • Click ‘Add’ to add a 'RunAs Account'. You can either create one or use an existing account. This account needs to have sufficient permissions to pass through the proxy
  • Set the Account to be targeted at the ‘Operations Manager Management Servers’ Group
  • Complete the wizard and save the changes

  

Note: not all code paths currently support authentication. It is still possible that you will need to set some of those exclusions mentioned in Step 1 to allow anonymous traffic to some of those destinations. We will keep this document uptodate as this requirement evolves.

Step 4: Configure the proxy server on each Management Server for WinHTTP

NOTE: this step is no longer required if you updated your Management Servers to Update Rollup 3 for System Center 2012 R2, or Update Rollup 7 for System Center 2012 SP1.

  • Open Command Prompt as an Administrator on the Management Server

  • Type netsh winhttp set proxy myproxy:80

  • Restart the ‘System Center Management’ Service (HealthService)
  • Do step 2 on each of your management servers in your management group

Step 5: Configure the proxy server on each Management Server for Managed code

There is another setting in Operations Manager, which is intended for general error reporting, but we have noticed that - when set - due to the same modules being used in multiple workflows, this proxy setting also ends up affecting Advisor connector's functionality.
The recommendation is therefore to also set it (to the same proxy you set in the other places) for each and every MS if you use a proxy.

  • In the OpsMgr Console, go to the “Administration” view

  • Select “Device Management” and then the "Management Servers" Node

  • Right-click and choose “Properties” for each MS (one at the time) and set the proxy in the “Proxy Settings” tab.

Proxy settings per MS

If none of the above steps resolve your issue please login to the Advisor Preview portal click the ‘Feedback’ button on the bottom right of the web page and file a ‘Feedback’ item and we will respond and help you troubleshoot further within 24hours.

VERIFYING IF THINGS ARE WORK POST COMPLETING THE CONFIGURATION WIZARD

Step 1: Validate if the following MPs get downloaded to your OpsMgr Environment

Note: Only if you added these intelligence packs from the Advisor Portal will you see all these MPs. Search for keyword ‘Advisor’ in their name.

Advisor Management Packs 

You can additionally check for these MPs using OpsMgr PowerShell and typing these commands

get-scommanagementpack | where {$_.DisplayName -match 'Advisor'} | select Name,DisplayName,Version,KeyToken

get-scommanagementpack | where {$_.DisplayName -match 'Advisor'} | select Name,DisplayName,Version,KeyToken | Out-GridView

Step 2: Validate if data is being sent up to the Advisor service

  • Open ‘Performance Monitor’
  • Select ‘Health Service Management Groups’

  • Add all the counters that start with ‘HTTP’

  • If things are configured right you should see a lot of perfmon activity for these counters, as events and other data items (based on the intelligence packs onboarded in the portal, and the configured log collection policy) are uploaded

 

Step 3: Check for Errors on the Management Server Event Logs

As a final step if all of the above fails see if you are seeing any errors in the Operations Manager event log and filter by Event Sources: Advisor, Health Service Modules, HealthService. You can copy these event and post them in the Advisor Preview portal ‘Feedback’ view so we in the product team can help you further.

  

A few of the ‘bad’ events you might see when looking if things aren’t working are described in the following table:

EventID Source Meaning Resolution
2138 Health Service Modules Proxy requires authentication Follow step 3 and/or step 1 above
2137 Health Service Modules Cannot read the authentication certificate Re-running the Advisor registration wizard will fix certificates/runas accounts
2132 Health Service Modules Not Authorized Could be an issue with the certificate and/or registration to the service; try re-running the Advisor registration wizard that will fix certificates and runas accounts. Additionally, verify the proxy has been set to allow exclusions as in step 1 above, and/or verify authentication as in step 3 (and that the user indeed has access thru the proxy)
2129 Health Service Modules Failed connection / Failed SSL negotiation There could be some strange TCP settings on this server. Check this other blog post from the community for such as case http://jacobbenson.com/?p=511
2127 Health Service Modules Failure sending data received error code If it only happens once in a while, this could be just a glitch. Keep an eye to understand how often it happens. If very often (every 10 minutes or so throughout the day), then it is an issue – check your network configuration, proxy settings described above, and re-run registration wizard. But if it only happens sporadically (i.e. a couple of times per day) then everything should be fine, as data will be queued and retransmitted.
2128 Health Service Modules DNS name resolution failed You server can’t resolve our internet address it is supposed to send data to. This might be DNS resolver settings on your machine, incorrect proxy settings, or a (temporary) issue with DNS at your provider. Like the previous event, depending if it happens constantly or ‘once in a while’ it could be an issue – or not.
2130 Health Service Modules Time out Like the previous event, depending if it happens constantly or ‘once in a while’ it could be an issue – or not.
4511 HealthService Cannot load module – file not found This is also described in the section below ‘other known issues and workarounds’. This error typically just indicates you have old DLLs on your machine, that don’t contain the required modules. The fix is to update your Management Servers to the latest Update Rollup.
4502 HealthService Module crashed If you see this for workflows with names such as CollectInstanceSpace or CollectTypeSpace it might mean the server is having issues to send some data. Depending on how often it happens - constantly or ‘once in a while’ - it could be an issue or not. If it happens more that every hour it is definitely an issue. If only fails this operation once or twice per day, it will be fine an able to recover. Depending on how the module actually fails (description will have more details) this could be an on-premises issue – i.e. to collect to DB – or an issue sending to the cloud. Verify your network and proxy settings, and worst case try restarting the HealthService.

In addition to the above, the Advisor engineering team is committed to resolving all your onboarding issues so please contact us if you run into any issues. We are here to help. You can use the in-portal feedback mechanism for this as well.

OTHER KNOWN ISSUES AND WORKAROUNDS

'Search' button in the 'Add a Computer/Group' dialogue is missing

We have had a couple of customers report that the Search button in the Computer Search dialog is invisible. We are trying to investigate why this happens. A temporary workaround is click in the ‘Filter by(optional)’ edit box and press TAB to get to the invisible search button, and then activate it by <Spacebar> or <Enter>.

 

Initialization of a module of type "System.PublishDataToEndPoint" (CLSID "{D407D659-65E4-4476-BF40-924E56841465}") failed with error code The system cannot find the file specified.

If you are not receiving any data in Advisor and you see events in the Operations manager event log of your Management Servers that look like the one below, this simply means that you have not installed the latest update rollup as per the instructions “"on “Update your Environment” on https://preview.systemcenteradvisor.com/instructions?LandingPP5 . The solution is to install the latest update rollup that will contain the updated modules.

 

Log Name:      Operations Manager

Source:        HealthService

Event ID:      4511

Level:         Error

Computer:      SCOM01.contoso.com

Description: Initialization of a module of type "System.PublishDataToEndPoint" (CLSID "{D407D659-65E4-4476-BF40-924E56841465}") failed with error code The system cannot find the file specified. causing the rule "Microsoft.SystemCenter.CollectEventDataToCloud" running for instance "SCOM01.contoso.com" with id:"{B6881268-7E49-731C-C26C-DDA954F62679}" in management group "SCOMMG".

Note that you will see multiple of these events, for various workflows.

-Satya Vel and the Advisor team 

Advisor Preview Twitter Handle: @mscAdvisor




Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • when I login to https://preview.systemcenteradvisor.com (from my workstation - no firewall/proxy issue here) with my organizational account, I get a message "The Microsoft account you used is not associated with an advisor account. Do you want to create a new Advisor account ?". I click "OK" then enter an account name (like firstname.lastname). When I click "Create", I always get an error "Account Creation Wizard did not complete... Error 0x00000000, unknown server error..."
    Same result when I try directly from SCOM console for initial registration.
    Any idea ?

  • Hi Satya,

    Thanks for the proxy information, I want to add the following:

    I missed this URL for the Management Server:
    scadvisorcontent.blob.core.windows.net:443

    For the Console I am missing these URLs:
    dc.services.visualstudio.com:443
    ajax.aspnetcdn.com:443
    az416426.vo.msecnd.net:443


    Another tip, when setting the WinHTTP and you also are monitoring Linux machines, add the domain name in the bypass-list (http://technet.microsoft.com/nl-nl/library/cc731131(v=ws.10).aspx)

  • @Eric - thanks. Keep in mind we are working on unifying some of these settings and might not require NETSH WINHTTP (or system-wide proxy) in the future. Please check on our feedback site, there are more details and conversations going on about this.

  • @Sylvain - please follow the instructions at https://preview.systemcenteradvisor.com/instructions?LandingPP5 where we direct you to create an account from the Operations Manager console, not from the web portal. We are however aware of the "0x00000000 unknown server error" that was happening yesterday, but a fix has already been pushed out, so it should work again now.

  • @Daniele.. Thanks for your feedback. it works fine now.

  • Same result when I try directly from SCOM console for initial registration.
    Any idea ?

    Lesly at http://www.hotellyonouest.com

  • Hey guys i'm getting event id 1108 from the health service

    An Account specified in the Run As Profile "Microsoft.SystemCenter.Advisor.RunAsProfile.Certificate" cannot be resolved. Specifically, the account is used in the Secure Reference Override "SecureOverrideeca4fb94_be7a_6139_fe65_7bf04b571e2d".

    I'm also not getting any system update data showing up in SCA

  • I'm actually seeing the 1108 on multiple servers as well as a LOT of 21405 events

    Command executed: "C:\Windows\system32\cscript.exe" /nologo "DiscoverHealthServiceCommunicationRelationships.js" 0 {3237253B-2A1C-38E7-8E52-588635224D35} {8F8BBA33-503D-F0AF-1A98-E5D935EF702D} server.fqdn.here "AdvisorMonitorV2"
    Working Directory: C:\Program Files\System Center Operations Manager\Agent\Health Service State\Monitoring Host Temporary Files 760\5150\

  • @Jeffrey, the DiscoverHealthServiceCommunicationRelationships issue is known and harmless - is documented in some old Advisor Release notes here http://onlinehelp.microsoft.com/en-us/advisor/ff976541.aspx

    For the other issue, problems with the RunAs account and certificate can typically be solved by just re-running the registration wizard. but if you kept connecting and disconnecting and reconnecting your management groups to different advisor accounts a few times, it is possible that your RunAs accounts are a bit in a mixed state...