Forum Discussion

RHendle_110546's avatar
Icon for Nimbostratus rankNimbostratus
Jan 07, 2011

F5 Actions Task not visible

I'm trying to setup action tasks for users based on their role. I understand that under administration, security, user role there are some example profiles that can be used or customized. I've added tasks and users that are part of these profiles but they do not see the appropriate F5 action tasks that have been added to the user profile.



Goal: What I'm looking to accomplish is giving users access to only enable / disable the pool members.



How I configured:



I've created a Custom User Role Profile with the following configuration.


Group Scope:


All selected




Disable LTM Pool Member


Enable LTM Pool Member


Force LTM Pool Member Offline


Authorized for F5 Device Configuration.




Scoped down to view F5 Networks and a view that has the specific pool members specific to a application.



The issue:


When logged as a user using the custom user role they do not see any of the following options:


F5 Actions


F5 Device Tasks (expected)


F5 LTM Node Tasks (expect based on profile user would not see)


F5 LTM Pool Member Tasks (Would expect to see this)


In fact, only the F5 MP user that installed the software / MP on the management server has the access to run any of the F5 tasks. All other adminstrators that have full access in SCOM have no access to the F5 Actions or Tasks.







2 Replies

  • Dave_Ruddell_79's avatar
    Historic F5 Account
    Hey Rob,



    We are actually not doing anything special with SCOM with how we create views and User Roles. Everything is done through the same means that any user would go through. That being said, there is a possibility of 2 things going on here. The first (and most likely) is that SCOM is caching the Console states in the local registry. When it does this, you will see inconsistancies between the Console and the database. In your case, you are seeing that the F5 Pack isn't showing up for any of the users. If you want to clear this cache, there are a few different alternatives which you can try. The first is to start the Console from the command line with the /clearcache option:



    C:\Program Files\System Center Operations Manager 2007\Microsoft.MOM.UI.Console.exe" /clearcache



    The next option is to manually delete the console view settings from the registry. They will be located here for the current user:



    HKEY_CURRENT_USER\Software\Microsoft\Microsoft Operations Manager\3.0\Console



    Or in the appropriate USERS folder:



    HKEY_USERS\S-1-5-21-779940496-1561666661-2965329820-1131\Software\Microsoft\Microsoft Operations Manager\3.0\Console



    In either of the above cases, if the view was the issue, it should now be cleared out and the next time the console is closed and launched, the cache will be regenerated and the correct views will be pulled from the database. The other location in this case will be in local files, located for each user here for Windows 2008 / Vista / 7:






    or here for most other versions:



    C:\Documents and Settings\username\Local Settings\Application Data\Microsoft\Microsoft.Mom.UI.Console




    Now on the other hand, it may not be your cache at all, in which case you should carefully review your other security roles. In some cases, new views will not automatically be added to the roles when they are added to Operations Manager. I'm not sure why the Admin accounts are not seeing the F5 Folders or Views, but I believe it might be cache related.



    For the other User Roles, make sure that the views for that particular user or group are not disabled in another User Role. I have a feeling Operations Manager will pick the most locked down Role, but I could be wrong. I would just make sure you look through your other Roles and make sure there aren't any oddities and definitely make sure to clear out the cached views so you know you are getting the latest and most updated versions for all users.



    Let me know if these work out your issues, or if you are still facing these problems afterward. Sorry for the troubles on this, but good luck!





  • Dave,


    Thanks for the feedback. I have tested the "C:\Program Files\System Center Operations Manager 2007\Microsoft.MOM.UI.Console.exe" /clearcache option but it did not solve the problem. In additoin, regardless if I'm using a a scoped security User role or a SCOM Admin User account the only account that works is the account that installed the F5 MP is successfully able to see and utilize the F5 Actions or Tasks.



    F5 Actions


    F5 Device Tasks (expected)


    F5 LTM Node Tasks (expect based on profile user would not see)


    F5 LTM Pool Member Tasks (Would expect to see this)



    Please let me know what additional information I can provide.



    Thanks, Rob