Hi, I've created a custom rule for monitoring log file located on UNC path (used Kevin Holman's blog). The rule produces alerts as expected from the log files where "everyone" has read only permission. The NAS share where the actual log file is located has restricted permissions. To overcome this I used the RUN AS account and RUN as profile in SCOM. But I'm getting this event on the agent server which I'm using as the target. Description: Error opening log file directory Directory = \\"NAS PATH"\logs Error: 0x80070005 Details: Access is denied. What more settings do we need to check as far as the permissions are related? The account used in RUN AS account/profile has got the permissions on this share. I'm able to login to the server using this account and open up the log file. But the scom agent is not able to do it. Please can someone help me with this. Adhokd

Hi Assuming: Server 1 has an OpsMgr agent and is running the check Server 2 = server where log files resides Could you confirm that you can log on to Server 1 with the Run As Account and see \ open the share and access the file. How did you associate the Run As Profile with your rule? Could you open up the rule and double check the configuation tab and just make sure that the correct Run As Profile is listed. Cheers GrahamView OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/

Hi, thanks for replying. Yeah I can login with the run as account on the server 1 where the scom agent is installed. I used the "secure references" option to associate the run as profile to the log file monitoring rule. It appears proper. Adhokd

hi Do you mean you opened up the xml and made the change there? Or using the Authoring Console? I do it via xml for monitors but for rules, it is easiest just to go to the rule (after you have created it), open it and go to the configuration tab and set the Run As Profile there. Edit - Add Question - What do you see in the config tab for your rule under Run As Profile? Is it the correct profile? Cheers Graham View OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/

hi, I saw the config tab and "default profile" was lisetd. I changed this to the relevant profile name. The response tab contains the same for the alert but there I kept the default profile only. Still after changing the run as profile on the data source the event of "access denied" on log file path is still coming. Are there any more places I need to check? Adhokd

Hi You seem to have everything in place - i there any auditing you can enable on the NAS device to check which account OpsMgr is using? Cheers GrahamView OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/

Hi, Thanks for your reply.. I configured the default action account profile for the particular server to have other domain account credentials. It helped to read the log file and as the account chosen had elevated privileges on the agent server the other monitoring (service, performance) on that box is working fine too. This seems to be resolved and thanks for all your help. Adhokd