Are you getting this error when trying to install reporting? 

Here are the steps to resolve it.

1.  Check to User Permissions.

-  Verify the user you are running the installer as is a member of the Operations Manager Administrators.
-  Verify the user has sysadmin access to the database in SQL.

2.  Check the SPN of the SDK Service.

- http://wchomak.spaces.live.com/blog/cns!F56EFE25599555EC!824.entry?sa=646856610
- http://blogs.technet.com/jonathanalmquist/archive/2008/08/14/operations-manager-2007-spn-s.aspx
- http://blogs.technet.com/kevinholman/archive/2007/12/13/system-center-operations-manager-sdk-service-failed-to-register-an-spn.aspx

3.  Check the Operations Manager database.

- Go into SQL Enterprise Management Studio 
- Expand Databases, OperationsManager, and Tables
- Right click on MT_ManagementGroup
- Click Open Table if you are using SQL Server 2005 or click Edit Top 200 Rows if you are using SQL Server 2008.
- Look at the Value in column SQLServerName_6B1D1BE8_EBB4_B425_08DC_2385C5930B04
- This should be the name of your operations manager database server.  (If you ever moved your operations manager database to a new SQL server there is a chance that this step got missed.)

With the arrival of Windows Server 2008 R2 it seems that more administrators are keeping UAC enabled.  I ran into an issue where I installed the certs for a gateway server and ran the cert import tool but kept getting this error

Event: 21016

OpsMgr was unable to set up a communications channel to scomrms1.scom.com and there are no failover hosts.  Communication will resume when scomrms1.scom.com is available and communication from this computer is allowed.

and

Event: 21007

 The OpsMgr Connector cannot create a mutually authenticated connection to scomrms.scom.com because it is not in a trusted domain.

I ran MOMCertImport and everything seemed to be fine.  After taking a look into HKLM\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings\ I realized that there was no reg key for ChannelCertificateSerialNumber.

This told me there was a problem with running the MOMCertImport tool as nothing was being written to the registry.

It turns out that running MOMCertImport doesn’t call the UAC dialog box the application runs and lets you select you cert and exits normally.  So what you must do is right click on MOMCertImport.exe and click on Run as administrator.

Then click Continue in the UAC dialog box.

After installing the scom agent on a Red Hat 5.3  server and importing the management packs I started getting a bunch of  Secure Reference Override Alerts in my ops manager console.

The Health Service on computer SCOMMS.mydomain.com failed to resolve Secure Reference override. This issue may affect multiple instances. Additional details: Account for RunAs profile in workflow “Microsoft.Linux.RHEL.5.Process.Klog.Restart”, running for instance “Red Hat Enterprise Linux Server release 5.3 (Tikanga)” with id:”{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}” is not defined. Workflow will not be loaded. Please associate an account with the profile. Management group “MG”

So how do we fix these problems?  After searching for a solution I came across Marius Sutara’s Secure Reference Helper tool.   http://blogs.msdn.com/mariussutara/archive/2009/04/09/tool-opsmgr-2007-r2-what-to-do-with-secure-reference-override-alert.aspx

I downloaded the 64-bit version of the program but when I tried to install it, the installation failed.

I tried it on another RMS server and it failed there too.  So we can’t even use the tool because the installer doesn’t work.  Not so fast.

Lets extract the files from the MSI and see what it does.

msiexec /a “c:\temp\SecureReferenceSetup.x64.msi” /qb TARGETDIR=”c:\securefiles”

Here are the files from the MSI.

Microsoft.SystemCenter.Community.SecureReferenceHelper.xml - This file just creates the task in the actions pane.  (Not all that useful to me)
SecureReference.exe – This is the meat of the application.  You can run this program standalone as long as you have the .net 3.5 framework installed.
SecureReference.SetupAction.exe -  This is the installer that was failing.
So lets see what this puppy does.

I launch the SecureReference.exe app and get a login screen.  If you have admin access to the RMS you can just type in the RMS server name in the box.

I uncheck perform removal of duplicate alerts automatically.

Using the tool and I can plainly see that the problem is with the Unix Privileged Account.  I set the Unix Privileged Account to my Unix Action Account and my problem is solved.

**Update** some people were still having problems extracting the files so I posted the executable for the application on my blog.

http://www.scom2k7.com/downloads/SecureReference.zip

If you try to delete a distributed application you may get an error like this.

Application: System Center Operations Manager 2007 R2
Application Version: 6.1.7221.0
Severity: Error
Message:

: Verification failed with [1] errors:
——————————————————-
Error 1:
: Failed to verify View with ID: View_1f1998325fe94ccb97855d7154bfa30c
Target property :ManagementPackElement=Service_ceecc43c88ee428197f7eafbf91236e2 in ManagementPack:[Name=my.managementpack, KeyToken=, Version=1.0.0.0] for this View is incorrect.Cannot find ManagementPackElement [Type=ManagementPackClass, ID=Service_ceecc43c88ee428197f7eafbf91236e2] in ManagementPack [ManagementPack:[Name=my.managmentpack, KeyToken=, Version=1.0.0.0]]
——————————————————-

The reason for this error is that there is a view that you created in the Monitoring Console to display the distributed application.  You have to delete this view first.  Then you can delete the distributed Application.

Our SQL Team doesn’t want to manage SQL Express installations. Typically SQL Express is used for Dev/Test and they don’t want to be alerted on these databases.

Turns out there is a nice override to disable discovery of these in the “SQL 200x Database Engines (Windows Server)” discovery.

All you need to do is find the SQL 200x Database Engines (Windows Server) discovery.  Create an override “For all objects of type: Windows Server”

Then choose the Parameter Name “Exclude List” and type in “SQLEXPRESS”.