To monitor servers using SCOM 2012 R2 Microsoft Operations Manager Agent should be installed in the servers. But sometimes you may have noticed agent installation via push installation/automatic discovery fails.
I’ve setup SCOM 2012 R2 in a customer environment which has below setup.
- 2 SCOM Servers in a child domain (i.e abc.y.com)
- 10 Windows Servers in the same child domain need to monitored
- 5 Windows Servers in the parent domain (i.e y.com) need to be monitored
The push installation was successful for the servers in the child domain but not in the parent domain. When I took a closer look I noticed that inbound ports except port 5723 has restrictions in the parent domain servers.
SCOM Management servers use below ports to communicate with MOM Agent. All these are inbound on the servers that has MOM agent installed.
|RPC endpoint mapper||135||TCP/UDP|
|RPC/DCOM High ports (2000/2003 OS||1024 – 5000||TCP/UDP|
|RPC/DCOM High ports (2008 OS)||49152-65535||TCP/UDP|
|NetBIOS name service||137||TCP/UDP|
|NetBIOS session service||139||TCP/UDP|
|SMB over IP||445||TCP|
SCOM uses RPC & SMB to copy the agent installation setup files to the server that needs to be monitored. Therefore TCP/UDP ports 135, 137 & 445 needs to be opened.
In my case these ports are not opened in the root domain. Therefore I proceeded with manual agent installation of the failed servers. Although the agent installation was successful still those servers was not visible on the management server.
If you are doing manual agent installation you need to configure the security settings of the management server in the Operations Console by visiting Administration > Settings > Security > Tick Review new manual agent installations in pending management view radio button.
This will list the manually installed agents in the Pending Management section so that you can review and approve. Also if you want to automatically approve the agents tick the Automatically approve new manually agent installed agents check box.