This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 32%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECR%3C/text%3E%3C/svg%3E)
I have an environment where I need 3 UNIX resource Pools for valid reasons, i.e. network and domain segmentation. So I have a primary Resource Pool with the bulk of our servers and then 2 other DMZ ones. These contain a number of Gateway Servers in each and all have different Unix Run As accounts for different subnets and domains. I am finding it fairly complex to work out which classes I should assign the Run as accounts to in the Run As profiles.
Has anyone done this before? I just need to assign the 3 accounts to the right areas, this is proving more difficult as we can't discover anything in the DMZ until we get this going. I can separate by group but my issue is more about assigning the run as profiles to the DMZ Gateway Servers correctly, as it errors on discovery and it is only erroring as I cannot distribute the account correctly.
Hi @Christian Redgewell ,
I have done this and I also described this in an answer here:
Different accounts for different Linuxes
You just need to group all your monitored UNIX/Linux Systems in each environment and target the group with the respective service account.
I would recommend you to build a dynamic group, based on some criteria, so that you don't have to manage it afterwards, but a group with static members will do the job also. So in your case you will end up with 3 groups targeted by the different service accounts.
I hope I was able to help you.
----------
(If the reply was helpful please don't forget to upvote or accept as answer, thank you)
Best regards,
Stoyan
Hey Stoyan, thanks for that can you repost the link as it got corrupted I think. I had tried something similar I believe, targeting each run as account to the group of Linux servers but I was getting errors on Management servers with rules that were using run as accounts. I’ll try again making sure I use your method.
Hi Christian,
I have adjusted the link, should work now.
I have done this within a very big environment, where all the Linux systems were spread over 4 environments, 1 monitored with Management Servers (Ressource Pools) and the other 3 with Gateways in ressource pools. It works like charm. You need to ensure that all your service accounts are also distributed to only the Ressource Pool in the respective environment and when you target the group of systems, belonging to this environment, you should not get any alerts about failing workflows or incorrect account distribution.
If you have any questions, do not hesitate to post them here, will gladly help you out.
Regards,
Stoyan
all good I got it going this morning, it was because my Dynamic Groups were not looking at Unix/Linux Computer Class once I fixed that it started. Not sure if it is a bug but I also had to distribute the accounts to the Gateway Server objects (not the Resource Pool). When I distributed to the Resource Pools I got an error saying the Run As account wasn't distributed. I added the servers from the Pools manually and Discovery worked which was a bit strange. Now just have to fix the GPO's in the DMZ blocking WinRM!
thanks for the help, needed to bounce with someone as to what I was not seeing, I had been using your method but I think it was the issue with the distribution to the Resource Pools not working which confused things.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 15%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBR%3C/text%3E%3C/svg%3E)
Did you consider creating a separate resourcepool per account group? That's how i do it.
I assign the run-as accounts to the resourcepool and create a dynamic group that will contain all servers belonging to that group, the unix/linux computer class is then sufficient.
The unix/linux profiles are then assigned to that dynamic group.
I think i've tried assigning multiple accounts to the same pool once but then you get alerts since all accounts are tried to use against servers it does not have permissions to.
Hi thanks for the response yes I already have multiple resource groups and run as accounts. These are distributed as you suggest but it is the distribution of the 6 run as accounts to 3 Linux run as profiles that is the issue.
What i meant is that you should create as much resource pools as you have account, so in your case you need to create 6 resource pools and than it will run fine.
That’s going to affect the Resource Pool availability though? Late here I will reread in the morning in case I’ve misunderstood