Manually installed agent not displayed in pending action

Forum: Operations Manager4
Viewing 15 posts - 1 through 15 (of 18 total)
  • #229955
    Profile photo of SyedIkram
    SyedIkram
    Participant

    Hi,

    I have a strange issue.

    I use SCCM to install SCOM agents and approve them from SCOM server. Both the clients and the SCOM server are in same domain and port 5723 is open. I can telnet to port 5723 from client to SCOM server. There is no firewall blocking. The timestamp of client and SCOM server are same. Both resolve dns. No antivirus blocking.

    I have installed 2000 agents the same way, but now when I install agents. The installation goes well. After manual installation I get repeated events 21006, 20070, 21023 on client side. On SCOM server I see repeated event 20000 for those manually installed agents. The installed agents are not seen in “pending action” and “managed agents” tag though the SCOM settings are set to “Review new manual agent installation in pending action.”

    I have recycled healthservice on agent side 5 times and reinstalled the agent 3 times. Also I have recycled healthservice on SCOM server and restarted configuration service. Still I get those events on both sides.

    Even after recycling or reinstalling the agent multiple times the “Connector Configuration Cache” and “Management Packs” folders under “Health state” folder are empty.

    Please help me to resolve the issue. Am I missing anything here?

    Thanks in advance

    #229956
    Profile photo of SyedIkram
    SyedIkram
    Participant
    #229958
    Profile photo of Wilson W.
    Wilson W.
    Participant

    Have you tried flushing the health cache on your SCOM management servers? If you push a SCOM agent out to a server from the SCOM console, does it still have the same problem? Does the XML configuration file on your SCOM management servers show a current time stamp?

    Also, as a sanity check, have you tried simply rebooting the SCOM management servers? I have seen in the past where some Windows servers lose domain connectivity for some reason. I have also seen issues where our security team runs their vulnerability scans against Windows servers which probes different ports and that leaves the Windows box in a weird state as well.

    #229961
    Profile photo of SyedIkram
    SyedIkram
    Participant

    Yes I have tried recycling health state many times on SCOM servers. I cannot push the agents because of security reasons. the Port is open from client to server and the Server is listening to port 5723. I can telnet from client to server with that port. hence I can only do manual install.

    I will try restart the servers and update…

    #229963
    Profile photo of SyedIkram
    SyedIkram
    Participant

    restarted SCOM servers still same issue. the agent not visible in pending action or managed or agentless or anywhere in the scom console.

    Any more advises? greatly appreciated. 🙂

    #229964
    Profile photo of SyedIkram
    SyedIkram
    Participant

    As per my knowledge if port in scom server is opened for listening and we can telnet to port 5723 on scom server from client is enough to establish the connection.

    Do you think should I request firewall team to enable 5723 port to be opened on both sides so that I can do a push installation and check? Because this is one option that I can think of to try out.

    #229965
    Profile photo of SyedIkram
    SyedIkram
    Participant

    now I have installed scom agents on other servers from sccm as I did for earlier 2000 devices. This seem to work fine. The port connectivity on server (listening mode). And I could telnet the port from client to server and not from server to the clients similar to others.

    Only these 3 servers that I have issue. So I think I will not ask network team to enable port 5723 on both side.

    any other ideas?

    #229967
    Profile photo of Wilson W.
    Wilson W.
    Participant

    Check to make sure DNS is working correctly on those 3 servers. Flush the DNS cache and make sure your DNS suffixes are all properly defined on the client systems.

    Also, Kevin Holman’s site has a query to check the SCOM database to see if those systems are not somehow orphaned in your database. Basically SCOM already has entries for those systems but they never show up in the console so they have to be deleted from the database.

    #229968
    Profile photo of SyedIkram
    SyedIkram
    Participant

    Thanks . Will check and update.

    #229971
    Profile photo of SyedIkram
    SyedIkram
    Participant

    Flushed DNS and registered it back. recycled agent. recycled scom server. rebooted client. rebooted scom DB and SCOM MS servers. network connectivity seems to be fine. There are no orphan entries in SCOM DB. In fact these server entries are not there in any table of SCOM.

    The issue still persists. :-(.

     

    #229974
    Profile photo of Wilson W.
    Wilson W.
    Participant

    Here’s an idea: Are you able to use OMS ADM/ServiceMaps (which is the old Bluestripe stuff) to visualize and see the connections your MMA agents are making to your SCOM servers? If the connections are failing somehow then the OMS ServiceMap solution may be able to show you something. And OMS has no dependency on SCOM so it doesn’t matter that SCOM isn’t working. Even if you don’t have an active OMS subscription you can still use the free tier.

    #229989
    Profile photo of SyedIkram
    SyedIkram
    Participant

    I doubt that would work because. The agent is not connected to the server in first place and the events from both sides clearly indicates that agent tries to connect but server rejects. So the map will have a red broken link with not more details. I think there could be issue with the clients itself as I was able to configure additional agents even after these 3 clients had issues.

    Will do further investigation and update…

    #229992
    Profile photo of Scott Moss
    Scott Moss
    Participant

    what is the management groups configuration for manually installed agents? the default is to deny.. which is what it sounds like it is doing, even though your doing agent installs thru SCCM, just a thought, b/c everything else is working.

    #229997
    Profile photo of SyedIkram
    SyedIkram
    Participant

    the SCOM settings are set to “Review new manual agent installation in pending action.”

    #230008
    Profile photo of Scott Moss
    Scott Moss
    Participant

    did you try running the cmdlet get-scompendingmanagement from the some powershell console on  your management server? Is this working on any other systems that only have the single port open in one direction?

Viewing 15 posts - 1 through 15 (of 18 total)

You must be logged in to reply to this topic.