Login for ‘Sharepoint_Config’, Login failed for user ‘Domain\ComputerName$’ – SCOM agent

This is about a recurring error in the event log, that does not really affect SharePoint but stirs up a lot of fuss…

(Update added 2012-12-11 – permissions needed for the agent account, see note below)

Perhaps you have encountered this error in your event logs:

database login for ‘Sharepoint_Config’ on instance ‘SQLServer\SharePointInstance’ failed. Additional error information from SQL Server is included below.
Login failed for user ‘Domain\ComputerName$’.

I have seen this a couple of times and in both cases it was due to the MOM/SCOM Agent that has a SharePoint management pack installed, the agents Windows Service runs as ‘Local System’ and thus causes this. The agent tries to access some information from the Configuration database and when accessing the database as the SharePoint Server’s ‘Local System’ account, it gets access denied, this is as it should be, the local system account must never get access outside of the server and especially to the config database.

The workaround in the cases I have seen this so far, is to either kill the SCOM agent service, or set it to run as a dedicated service account. The later is the one that sound better to me, so I will try and add info on how exactly this is done in an update to this post later.
What probably should be done when installing the Management pack, and this my personal guess so far, is that the service account for the agent, should be given the Add-SPShellAdmin permission on the Config database. This is completely unconfirmed, but if any of you would confirm that this is required, please post me a note.

On a personal note, this error caused by the monitoring agent, has been the cause of a lot of comotion and has in the end had me spend hours of unnessesary hours on finding it and mitigating its effects and also calming down the operations people that think my farms have broken…

(Updated 2012-12-11)
The required permissions for the configured run as account on an individual SharePoint farm are:
•Local admin on all SharePoint 2010 Front End and Application Servers
•Local admin on all SQL machines that host SharePoint 2010 databases
•Full Farm Administrator rights within SharePoint 2010
•DBO for all SharePoint databases
(From: http://support.microsoft.com/kb/2690744)