Agent discovery and push troubleshooting in OpsMgr 2007

<!--[if lt IE 9]>

<![endif]-->

Comments

  • Anonymous
    January 01, 2003
    So.... no ports are required to perform a manual agent install.  You would assume that you have access to the desktop of that machine - and therefore the firewall is irrelevant. Now - for the manually installed agent to COMMUNICATE with through the firewall, that is a different story.  Only tcp_5723 is required for agent communication.  This communication channel is initiated FROM the Agent, TO the Management Server.  Once the channel is opened from the agent - the communication is bi-directional. The only additional ports - are ones for Active directory, if you are using AD/Kerberos authentication.  This is assumed working if the machine is a member of a domain, and their authenticating DC is on the other side of the firewall.  If using certs, this is irrelevant.

  • Anonymous
    January 01, 2003
    Tried pushing out to the server again this morning and the push was successful yet I can find no change in the enviromental variables.

  • Anonymous
    January 01, 2003
    Not sure what you mean by live. Yes, it is still applicable to SCOM 2012.

    As to your issue - if the agent reports that it didn't find policy in AD, it didn't find policy in AD. :-) Check the SCP that is supposed to be created when enabling AD integration. There is a tool to create the container. The LDAP rule only populates the groups. There is good documentation on this and lots of blog articles as well on configuring AD integration.

  • Anonymous
    January 01, 2003
    Hey sir thanks for taking the time to respond, again. Yes the dev_scom_HSvcSCP_SG container along with Domain Local security groups and containers for each of the management servers were created during the ADI setup. In terms of reference materials I have SCOM 2012 Unleashed 2nd edition and just about all of the known articles in terms of configuring ADI per a documented procedure. So I'm thinking I've overlooked some minor detail in terms of getting this to work.

    In viewing a reference site I see mention of a rule called AD rule for Domain. I have version 7.1.10226.0 of the Default management pack installed and when performing a search for this rule I see an AD rule for Domain: mydomain.com, ManagementServer: domainms but I don't see the rule displaying polling info. Again not sure what I'm missing.

  • Anonymous
    January 01, 2003
    the account used is the management server action account - by default - this is in the UI.  Unless - you chose an optional account and entered that in - then it will use those credentials one time, and discard them.

  • Anonymous
    January 01, 2003
    I uninstalled an agent off of  a server 2K and when I re-installed an agent I get Error Code: 80070643 Error Description: Fatal error during installation.  Auto Updates is set to auto and is running.  What else could throw the 80070643 error?  

  • Anonymous
    January 01, 2003
    All communications are initially originated FROM the agent TO the management server, however, then once the communication channel is open from the agent - the communication is bi-directional.  Therefore - it depends on how your chosen firewall works - as to whether you need to open communiciation in both directions, or only from agent to MS.  When in doubt, just open both directions for this single port.

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Whats in the OpsMgr event log on the DC?  Try a manual agent install and see if it will complete. Turn up MSI logging and then post or email the logfile.

  • Anonymous
    May 23, 2008
    Kevin, as usual, invaluable information, thanks so much. -The learning curve continues.

  • Anonymous
    July 24, 2008
    I can do a discovery and install of an agent on my domain controller but the server stays in "Pending Management" and doesn't go anywhere.  If I check on the machine where I pushed the agent the files are present in c:program...system center op... What is going on?  I have uninstalled antivirus on both machines and I can figure out why the agent isnt viewable anywhere in the System Center Console...Please help

  • Anonymous
    September 19, 2008
    What direction do the firewall rules need to be? Are they all uni-directional from SCOM to app servers?

  • Anonymous
    March 27, 2009
    Thank you very much.You blog is very helpfull in my current working enviromnent.

  • Anonymous
    July 07, 2009
    Thx Kevin. What to do when the fatal code still can't be overcome, after following the fix scenario above? Error Code: 80070643 Error Description: Fatal error during installation. Thx, John Bradshaw

  • Anonymous
    July 24, 2009
    Very helpful.  How do you determine what account is being used to do the push?

  • Anonymous
    September 16, 2009
    any similar information for Unix Agent?

  • Anonymous
    October 27, 2009
    Hi Kevin, Your blogs have been invaluable to me setting up OpsMgr 2007.  Thanks for all the great info.   I'm trying to find a comprehensive list of ports required to perform a manual agent install through a firewall, as well as ports required for ongoing monitoring.  All machines are part of the domain, just seperated by the firewall.  Can you help with this? My security admins will not allow me to open the wide ranges of RPC ports required for push installs.  

  • Anonymous
    November 05, 2009
    we provided admin access to SCOM even though we are not able to see reporting console in SCOM after installing the same.

  • Anonymous
    December 08, 2009
    I have a scenario where for workgroup servers, we install the certs and agents manually but when the server appears in the console, it shows up as "Not Monitored" even after several days. The event logs do not show any cert issues, though. Any ideas ?

  • Anonymous
    April 17, 2012
    Hey Kevin, Thank you for writing this article, its helped me quite a bit. I do however keep running into the following issue while pushing agents via agent push script. My script will discover all of the machines i am trying to push to, and will attempt to install the agent but i get the following two errors. The Operations Manager Server failed to open service control manager on computer [FQDN of Server]. Therefore, the Server cannot complete configuration of agent on the computer. Operation: Agent Install Install account: [My install account] Error Code: 800706BA Error Description: The RPC server is unavailable. [this basically means the server is down, or unreachable at the moment.. Normal in this environment as servers are shipped from and too sites] and The Operations Manager Server cannot process the install/uninstall request for computer [FQDN of Server] due to failure of operating system version verification. Operation: Agent Install Install account: [my install account] Error Code: 80070005 Error Description: Access is denied. This is the error that is bothering me. I am able to use that same install account and install the agent on these machines, after logging directly into the server as the install account. I am also able to push agents from the RMS server using that install account. I checked to see if there were logs under agent logs and i cannot really read them very well, i also couldn't find a log for each of the servers that get this error. The account is a domain administrator The antivirus is turned off when installing the agent The account is a local administrator on the machines The server service is started on the machines that are domain controllers The windows firewall is turned off Im lost on what else i could possibly check, any suggestions would be very helpful. Thank you very much for your time!

  • Anonymous
    June 26, 2013
    Good info!   Thanks again.  Got an issue with pushed agent install.  It was placed on Pending Management list.  Consecutive re-installs and troubleshooting on the client side did not give any results.   In my case MOM Channel Port number: 5723 stopped responding on MS.  I saw only connections from RMS and nothing from agents.  The telnet to MS host on port 5723 then 'netstat -an | findstr 5723' on MS host themselves proved it. Restarted System Center Management - HealthService service on MS host caused MS to re-connect with monitored agents and agent install succeeded.

  • Anonymous
    January 17, 2014
    A small, but usefull link collection to use for configuration and upgrading System Center Operations

  • Anonymous
    January 17, 2014
    Here are some more links from my private collections. This links are very usefull to administrate, configure

  • Anonymous
    May 05, 2014
    These are the top Microsoft Support solutions for the most common issues experienced when using System

  • Anonymous
    August 18, 2014
    Top Microsoft Support solutions for the most common issues experienced when you use System Center 2012

  • Anonymous
    October 22, 2014
    The comment has been removed

  • Anonymous
    November 26, 2014
    Top Microsoft Support solutions for the most common issues experienced when you use System Center 2012

  • Anonymous
    November 26, 2014
    Top Microsoft Support solutions for the most common issues experienced when you use System Center 2012

  • Anonymous
    April 28, 2015
    Top Microsoft Support solutions for the most common issues experienced when using System Center 2012

  • Anonymous
    April 28, 2015
    Top Microsoft Support solutions for the most common issues experienced when using System Center 2012

  • Anonymous
    November 14, 2016
    svwrpdttouqwgqgyhxpweiziqab

  • Anonymous
    November 30, 2016
    The comment has been removed