SCOM Cross domain Agent communication problem
-
Thursday, October 11, 2012 2:22 PM
Hello,
I have SCOM 2007 R2 server in xyz.sc.com domain. All agents in xyz.sc.com domain and agents in pqr.sc.com domain can talk to SCOM server.
New domain ab.sc.com is added and all DC in ab.sc.com is not able to communicate with SCOM server. There is a trust relationship between the two domainsEvent id 20002 is generated on SCOM server for DC in ab.sc.com domain.
On DC i see 20070 and 21016 event.
Using portquery i verified 88,389 TCP 5723, 135,139,445 UDP 137, 138 ports and they are open.
I guess its SPN problem. How do i verify SPN? Where do i run setspn -L command and check for what?
Note: I have install agent manualy on all DC.
All Replies
-
Thursday, October 11, 2012 3:43 PM
Hi,
If you are sure that you dont have any issues with the trust relationship and if you have installed the agent manually on the DC, can you check the agent under pending management of the SCOM Console and approve it if that is present.
Thanks,
Vasanth
-
Thursday, October 11, 2012 4:14 PMMachine do not appear under "pending management" mode
-
Thursday, October 11, 2012 4:31 PM
are you able to browse the scom server with \\scomserver and could you send us the event log details.
are you able to telnet to the port 5723 ?
Thanks,
Vasanth
-
Thursday, October 11, 2012 5:27 PM
Yes i can browse SCOM server using IP or FQDN. I can telnet to port 5723.
Error from client
-
Thursday, October 11, 2012 5:27 PM
On SCOM Server
-
Thursday, October 11, 2012 6:05 PM
Hi, can you check if manual agent installation is set to reject in scom console - administration - settings
-
Friday, October 12, 2012 4:07 AMModeratorThere are only two types of trust you can use with OpsMgr: parent-child (autocreated for domains in the same forest) and the forest trust. External and realm trusts aren't supported. Check your trust type. You must use certificates if you're cant establish the forest trust.
http://OpsMgr.ru/
- Edited by Alexey Zhuravlev - G14MVP, Moderator Friday, October 12, 2012 4:08 AM typo
-
Friday, October 12, 2012 5:12 AM
Thanks Alexey for reply. I forgot to mention that this was working fine 15 Days back and problem started after we changed IP address of SCOM server.
Also manual agent install are set to approve after review.
-
Friday, October 12, 2012 6:25 AM
Check agent management server name and make sure that it is the FQDN name of SCOM server and not IP address or NetBIOS name.
About the consideration of changing SCOM server ip Address
Roger
-
Friday, October 12, 2012 7:05 AMModerator
Hi,
Please also check the management server and agent sides and see if there are any related errors in Event Log.
In addition, you may check the DNS settings referring to the following post:
SCOM 2007 R2 Agent Managed Object stays in "Not monitored" status
Hope this helps.
Thanks.Nicholas Li
TechNet Community Support
-
Wednesday, October 17, 2012 6:07 AM
My problem got resolved it was a network issue. Network team made some changes on network side which caused this outage.
- Marked As Answer by Gooddesi Wednesday, October 17, 2012 6:07 AM
-
Wednesday, October 17, 2012 6:21 AMif the errors you were getting were network related i'm very interested to see what the "network changes" are. The alerts suggests however the connectivity is fine, just not authentication.
Rob Korving
http://jama00.wordpress.com/
.png)
