SCOM 2012 In-place upgrade: Failed to update user role

First of all, before starting any upgrade i would suggest to carefully read and check everything posted in this great blog
The queries are now also updated, the issue listed below would have been detected.
Note: you might not want to use the LanguageCode <> ‘ENU’ at the end of the queries. Because in some cases the field can be blank and the query then won’t show the issue.

So Here’s the OpsMgrSetupWizard.log showing the error:
[10:05:42]: Always: :Current Action: RunCommandsWithAuth
[2012-08-29T10:05:42.8779296+02:00]: Always: Trace Session Started
[10:05:42]: Always: :
[10:05:42]: Always: :Hello from DBUpgrade AppDomain
[10:05:57]: Info: :Creating Azman XML file
[10:05:57]: Info: :Retrieved User Role List
[10:05:57]: Info: :Adding S-1-5-21-2991590259-3633895024-3004225335-9201 to 50585907-7858-4488-ab9c-13e0eaac08be
[10:05:57]: Info: :Adding S-1-5-21-2991590259-3633895024-3004225335-9202 to 50585907-7858-4488-ab9c-13e0eaac08be
[10:05:57]: Info: :Adding S-1-5-21-2991590259-3633895024-3004225335-9207 to 50585907-7858-4488-ab9c-13e0eaac08be
[10:05:58]: Info: :Adding S-1-5-21-2991590259-3633895024-3004225335-9207 to 2537b367-6d74-4110-b0b5-1f51c1b1b09e
[10:05:58]: Error: :Failed to update user role: : Threw Exception.Type: Microsoft.EnterpriseManagement.Common.NullConstraintException, Exception Error Code: 0x80131500, Exception.Message: Parameter UserRoleDisplayName cannot be null.
[10:05:58]: Error: :StackTrace: at Microsoft.EnterpriseManagement.Common.Internal.SecurityConfigurationServiceProxy.UpsertUserRolesV2(ICollection`1 urUpdateResults, ICollection`1 urScopeUpdateResults, ICollection`1 urViewScopeUpdateResults, ICollection`1 urTaskScopeUpdateResults, ICollection`1 urConsoleTaskScopeUpdateResults, ICollection`1 urTemplateScopeUpdateResults, ICollection`1 urDashboardReferenceScopeUpdateResults, ICollection`1 urUserUpdateResults)
at Microsoft.EnterpriseManagement.SecurityConfigurationManagement.UpdateUserRoles(ICollection`1 userRoles)
at Microsoft.EnterpriseManagement.OperationsManager.Setup.DBUpgradeConfiguration.AzManUpgrade.UpdateUserRoleAssignmentsFromR2XmlToOM10Sql(EnterpriseManagementGroup mg, String fileName)

So let’s start where it goes wrong
Adding S-1-5-21-2991590259-3633895024-3004225335-9207 to 2537b367-6d74-4110-b0b5-1f51c1b1b09e

First resolve the sid to an readable accountname using powershell
$objSID = New-Object System.Security.Principal.SecurityIdentifier (“S-1-5-21-2991590259-3633895024-3004225335-9207”)
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount]) 
this will show a readable accountname

Now you can see there’s something wrong in the UserRoleDisplayname so use powershell to list all userroles.
get-userrole | fl *

I found the userrole that matched with id 2537b367-6d74-4110-b0b5-1f51c1b1b09e
and i did it a bit drastic and just deleted the user role in the scom console. After doing this i restarted the scom upgrade and everything went well …

The better way to prevent this from happening is to use the following sql query on the OperationsManager Database:

SELECT LanguageCode, LTValue 

FROM LocalizedText
WHERE LTValue LIKE ‘%Operations Manager Report% OR LTValue LIKE ‘%Operation Manager Report% OR LTValue = ”

This also shows the Operation Manager Report Operators group and if the LocalizedText is not set to ENU you update it by using:
UPDATE LocalizedText
SET LanguageCode = ‘ENU’
WHERE LTValue LIKE ‘%Operations Manager Report%’ OR LTValue LIKE ‘%Operation Manager Report%

Or in my case i should have filled up the LTValue because my logfile stated it was empty


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s