none
SCOM 2012 SP1 - Not able to discover linux Workgroup servers RRS feed

  • Question

  • I have a SCOM 2012 SP1 environment.

    I need to discover and manage Linux RHEL 6 server which are NOT on Domain i.e. WORKGROUP servers.

    I have installed the scom agent manually on the server, installed the self signed certificates, created a user.

    When I am trying to discover, I am getting a message that the servers are not discoverable.

    Error: WinRM cannot complete the operation.

    Please suggest


    Anand Dutta

    Friday, January 17, 2014 12:13 PM

All replies

  • Anand,

    Most likely the firewall is blocking port 1270 on the RHEL server. By default RHEL blocks most ports on initial install. You will need to open port 1270 and the WinRM calls should succeed.

    It's no problem that these servers are not in a domain. Just make sure the DNS server SCOM uses knows the FQDN of the Linux servers.

    Regards.

    -Steve

    Friday, January 17, 2014 3:16 PM
    Moderator
  • Dear Steve, Thanks for the reply.

    Is the CA (Certificate authority) also mandatory for managing the workgroup servers?

    The linux workgroup servers's FQDN is not configured on the DNS server. Is that the problem?

    Although I have input the Linux server hostnames in the etc/Host file on Scom server.

    pls suggest


    Anand Dutta

    Friday, January 17, 2014 5:23 PM
  • Anand,

    The Management Server acts as its own CA and will automatically deploy/sign certificates with the Discovery Wizard.  If you only have a single Management Server, you can get by with the adding entries to the hosts file on the Management server.

    The issue you reported is almost certainly because of the firewall on the Linux machine. You will need to open port 1270 for inbound TCP traffic.  Here are some examples of modifying the firewall: http://www.cyberciti.biz/faq/howto-rhel-linux-open-port-using-iptables/

    Let us know if that solves the issue,

    Kris


    www.operatingquadrant.com

    Friday, January 17, 2014 6:04 PM
  • Hi Kris,

    I have done the below:

    > Installed the certificate after signing from the management server at the path -- /etc/opt/microsoft/scx/ssl/scx-host-<hostname>.pem

    > Entered the hostname and IP entry in to the Etc/Hosts file on Management server


    Anand Dutta

    Sunday, January 19, 2014 7:06 PM
  • Anand,

    Can you telnet successful to port 1270 on this server? It should connect but not return anything if successful. If you can telnet then we know port 1270 is open properly. Try running the following command from a command prompt on the SCOM server.

    winrm enumerate http://schemas.microsoft.com/wbem/wscim/1/cim-schema/2/SCX_Agent?__cimnamespace=root/scx -username:<Linux user> -password:<Linux Passwd> -r:https://<LInux system>:1270/wsman -auth:basic -skipCACheck -skipCNCheck -skiprevocationcheck -encoding:utf-8 

    If this works try running without the -skip* options:

    winrm enumerate http://schemas.microsoft.com/wbem/wscim/1/cim-schema/2/SCX_Agent?__cimnamespace=root/scx -username:<Linux user> -password:<Linux Passwd> -r:https://<LInux system>:1270/wsman -auth:basic  -encoding:utf-8 

    If this works it should show up in SCOM as long as your Run As accounts are setup properly. If the second one fails you still have a certificate issue. If the first one fails we'd need to see the error.

    Regards,

    -Steve

    Monday, January 20, 2014 9:32 PM
    Moderator
    1. Verify the SELinux is disabled and firewall is allowed connection to SCOM port 1270
    2. Verify that user use to discover have permission to monitor Red hat.
    3. Try to Discover Linux machine using IP not name

    you can also check below link for your issue

    http://blogs.technet.com/b/chandanbharti/archive/2011/12/21/linux-agent-install-issue.aspx


    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
    Monday, January 20, 2014 10:26 PM