UPDATE – These instructions have now officially been added to the AGPM Microsoft Docs documentation.
Super quick post, but I want to put this out there because it’s taken me weeks to figure out what the hell has been going on with one of my AGPM servers.
Late last year, had someone in my SOE team say that they couldn’t see difference reports for a specific domain. Errored every time.
Should be a quick fix…it wasn’t. Tried all sorts of things and in the end, ended up blowing the AGPM server away and starting again. It worked…for a time.
It then started giving the same error again. So I knew that blowing it away and reinstalling would work…but only temporarily. So I went looking for an *ACTUAL* fix.
The main link I found was this one and while it did have some useful information in it, it still didn’t solve my problem. It talks of a hotfix – which (up until a few weeks ago) had disappeared and couldn’t be found. They have since relinked it back so you can still grab it.
So without further ado, here are the steps I used to fix this problem once and for all!
- Make sure you know the username/password of your AGPM service account
- If you don’t know the password, change it and then modify your AGPM installation
- Give your AGPM service account administrative rights over your AGPM server – even if it’s just temporarily!
- Log onto your AGPM server AS YOUR AGPM SERVICE ACCOUNT
- This step is critically important – if you log on as a different user, it will not work. (Yes, even as a Domain/Enterprise admin. I know. I tried.)
- This step is the one that is missing from every help article I went looking at – none of the mentioned this!
- Shutdown AGPM service
- This just saves you having to wait while the installer tries to do it and then complains about it
- Install hotfix: MDOP March 2017 Servicing Release (AGPM4.0SP1_Server_X64_KB4014009.exe)
- Once done, don’t worry about restarting the service, the installation will do that all for you!
- Remove the admin rights for the AGPM Service Account if you don’t want it to a permanent admin of the server
- Log off the server
- Connect to AGPM using an AGPM client
- Preferably on a machine that is not the AGPM server!
- See that your difference reports now work again!
I really really hope this helps someone else who’s bashed their head against the wall repeatedly trying to fix this. If it has, shoot me a comment and let me know!
Thank you so much for this Post! I safed a lot of time after I spend already enough work troubleshooting the issue to generate a HTML GPO difference report. It actually helped me a lot after I bashed my head against the wall repeatingly trying to fix this.
Great POST!!!!
Lyn
(System Engineer)
Excellent, you helped me! Thank you!
what if I was lazy and used a Local System Account instead of a proper service account when I installed AGPM?
That’s a nice article , Thanks 🙂
thankyou soo much – cant believe its 2022, and they STILL havent merged it with the current MDOP release..
THANK YOU! 2023 and this is still needed.