Written by Luke

[Solved] SCOM alert : (FSRM) Active Directory resource property definitions did not synchronize

This alert is raised by SCOM when the event ID 12344 appears in the Application log.

File Server Resource Manager finished syncing claims from Active Directory and encountered errors during the sync (0x8007203a, The server is not operational.). Please check previous event logs for details.

Here is what you can do:

Verify the domain controller availability

Based on my findings with Microsoft Message Analyzer, the srmsvc process makes a traditional LDAP request on port 389 to get domain resources properties.
Thus, if your server is a Windows 2012 Server or above you can use the Test-NetConnection cmdlet to test the LDAP connection to your domain controllers. 1

Test-NetConnection -ComputerName MyDomainController -Port 389

Note

Unfortunately, the error message does not contain the name or IP address of the domain controller which could not be reached.
Among your options you have:
– Check for other error messages in the event viewer to find connection issues with a particular domain controller
– Give a try to the domain controller which was the last to send Group Policies (use the GPUpdate command which displays at the top the name of the domain controller)
– Try some or all of your domain controllers

Verify resource property conflicts

  1. On a domain controller, open the Active Directory Administration Center 2
  2. Click on Dynamic Access Control
  3. Double-click on Resource Properties

Active Directory Administration Center Dynamic Access Control Resource Properties

On the server where FSRM is installed:
1. Open the FSRM console 3
2. Expand Classification Management
3. Click on Classification Properties

File Server Resource Manager local Classification Properties

Now compare your rules to check if there are no conflicts.

Last action for every time the alert occurs

After you checked the connection with your domain controllers and also verified local and domain resource properties, you still have something to do.
In fact, the SCOM monitor has no recovery configuration because the FSRM service does not write an event when the request was successful. Therefore you need to reset the monitor’s health because SCOM won’t resolve this alert automatically, even if everything is working fine again.

  1. Reset the SCOM monitor’s health
  2. Restart the FSRM service
    3. Restart-Service -DisplayName 'File Server Resource Manager'
  3. Check the Application log for 12344 events or wait for the SCOM monitor to display an alert. In my case, it took up to five minutes after the FSRM service has been restarted and before the service asked a domain controller for the resources property list.

More about

File Server Resource Manager (Technet)

  1. Alternatively, for former operating systems, you can use the telnet client. 
  2. To open the Active Directory Administration Center type dsac in a command prompt. 
  3. To open the FSRM console, type fsrm.msc in a command prompt. 

Leave a comment