Problem Description and Symptoms:
The Operations Manager Audit Collections Service is not starting with the following errors and event Id:
Event ID 4661 Error :
AdtServer encountered the following problem during startup:
Task: Load Certificate
Failure: Certificate for SSL based authentication could not be loaded
Error: 0x80092004
Error Message:
Cannot find object or property.
Solution:
1. Ensure that the certificate exists on the Management Server acting as ACS collector and is valid (If not, issue one for the Collector and import it in the Local Computer –> Personal –>Certificates Store)
2. Open CMD as Administrator
3. Go to the following path “%systemroot%system32SecurityAdtServer”
4. Execute the following: adtserver.exe -c and choose the certificate to be used (This command will allow you to bind the certificate to the service)
5. Start the Audit Collection Service by executing: net start adtserver
6. Check the collector health
In which scenarios certificates are needed and why?
ACS requires mutual authentication between Forwarder(s) and Collector(s) servers, prior to the exchange of information between them, to secure the authentication process is encrypted between these two. When the Forwarder and the Collector reside in the same Active Directory domain or in Active Directory domains that have established trust relationships, they will use Kerberos authentication mechanisms provided by Active Directory.
But when the Forwarder and Collector are in different domains with no trust relationship, other mechanisms must be used to satisfy the mutual authentication requirement in a secure way. Here comes the use of certificates to ensure that authentication between these 2 parties (Forwarder and Collector) can take place, thus start exchanging information between them.