none
Agent installed but still pending

    Question

  • I have successfully installed the agent on several servers/clients and see an Event ID 11728 "Product: System Center Operations Manager 2007 Agent -- Configuration completed successfully" and "Product: System Center Essentials Configuration Helper -- Configuration completed successfully" but yet they are still in pending after several hours.

     

    The Feature Configuration was completed after the SCE2007 install and DNS resolves correctly for the Primary Management Server. I have done a gpupdate /force and several reboots of these machines but still no luck.

     

    Anyone have any suggestions? Thanks!

    Tuesday, June 5, 2007 11:33 AM

Answers

  • Hi Bob,

     

    I noticed there are the following symptoms:

     

    When you deploy a System Center Essentials 2007 agent using the Discovery Wizard, the installation completes successfully, but the computer remains in the Pending Management view.

     

    Additionally, OpsMgr Health Service logs an event in the Operations Manager event log that is similar to the following:

     

    Event Type: Error

    Event Source: OpsMgr Connector

    Event Category: None

    Event ID: 21016

    Date: 7/11/2007

    Time: 1:13:07 PM

    User: N/A

    Computer: AGENT

    Description:

    OpsMgr was unable to set up a communications channel to SCEServer.domain.local and there are no failover hosts. Communication will resume when SCEServer.domain.local is both available and allows communication from this computer.

     

    Possible Causes:

    -----------------------------------------

     

    The pending management status and the error event indicate that the client was unable to successfully connect to the SCE server. General network connectivity problems may cause this. Let's check the following:

     

    1. A firewall is enabled in the environment, and without an exception turned on (maybe not for your case);

     

    2. The clients are deployed in a untrusted domain or workgroup;

     

    3. The group "Authenticated Users" on SCE server DO NOT has the permission to "Access this computer from the network".

     

    4. There is a duplicate SPN issue for the SCE server.

     

    The best way to find a duplicate SPN from a command line is to execute the following command:

     

    ldifde -f <filename> -d "<dc=domain-netbiosname,dc=primary-domain>" -l serviceprincipalname -r "(serviceprincipalname=<serviceprincipalname-to-check-for-duplicates>)" -p subtree

     

    e.g. :

    ldifde -f myfile.txt -d "<dc=mydomain,dc=com>" -l serviceprincipalname -r "(serviceprincipalname=HTTP/mysite.mydomain.com)" -p subtree

     

    You may check the output “myfile.txt” for more information.

     

    5. We can also capture a network monitor trace on the client computer to get more hints.

     

    I hope the suggestion is helpful. And waiting for your feedback.

    Wednesday, July 11, 2007 1:21 PM

All replies

  • Try checking the Operations Manager eventlog on one of the pending agents.  It should have the status of the agent trying to connect back to its management server.
    Tuesday, June 5, 2007 5:48 PM
  • I get an Error ID 21016

    "OpsMgr was unable to set up a communications channel to sce2007.domain.com and there are no failover hosts. Communication will resume when sce2007.domain.com is both available and allows communication from this computer."

     

    I changed it to domain above for privacy reasons...

    Wednesday, June 6, 2007 2:59 PM
  • Getting this as well...

    Event ID 21023

    "OpsMgr has no configuration for management group SCE2007_MG and is requesting new configuration from the Configuration Service."

    Wednesday, June 6, 2007 4:00 PM
  • Are there any error events from around this time giving the connection failure reason?  If you don't see it you can try bouncing the Health Service.  If there are communication issues you should see an error event or two pretty quick after startup.
    Thursday, June 7, 2007 6:19 AM
  • When I bounce the Health Service on a client I get the 21016 event id as stated above. I do however have one server that is working and that is an SMS2003 server which is going to be replaced with sce2007.
    Thursday, June 7, 2007 12:39 PM
  • Is there any type of firewall other than windows firewall enabled in the environment?  If windows firewall is enabled, can you validate that the SCE server has an exception turned on for the Operations Manager Health Service?
    Thursday, June 7, 2007 8:51 PM
  • Are there any events in the SCE server Operations Manager eventlog from around that time.  You should look for warning or error events which mention that agent or its IP address.  There may also be an event 20000 (which is informational) saying an unapproved client tried to contact the management server.
    Friday, June 8, 2007 5:11 AM
  • Hi Stephanie,

     

    There is no firewall turned on on the test machines, I have even verified this as well. We have a SonicWall firewall and there is no issue with that as well. I did notice however  that after a discovery and an agent install the clients are not automatically added to the SCE Managed Computers group (only the SMS server was added). I tried manually adding a member server (no windows firewall running), uninstalling the client, rebooting the server and doing another agent push to no avail. The only errors I see in the event viewer is what I stated above.

     

    Also I did state above our SMS 2003 server is fine and has the agent and communicates fine with the SCE server so this also shows that there are no firewall issues. After checking the member server the cert's are there. I have even gone as far as checking the registry and finding nothing in this key -> "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\System Center Essentials\1.0\PolicySettings" except this string "IsSCE".

     

    I did find this event on the sce server after an agent install on the member server:

    Event Type: Information
    Event Source: Health Service Modules
    Event Category: None
    Event ID: 10616
    Date:  6/8/2007
    Time:  7:48:10 AM
    User:  N/A
    Computer: SCE2007
    Description:
    The MOM Server successfully completed the operation Agent Install on remote computer adesso.domain.com.
    Install account: **/********
    Error Code: 0
    Error Description: The operation completed successfully.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    and this 2 minutes later:

     

    Event Type: Information
    Event Source: OpsMgr Connector
    Event Category: None
    Event ID: 21024
    Date:  6/8/2007
    Time:  6:34:28 AM
    User:  N/A
    Computer: SCE2007
    Description:
    OpsMgr's configuration may be out-of-date for management group SCE2007_MG, and has requested updated configuration from the Configuration Service. The current(out-of-date) state cookie is "5C E7 1C E1 FD AD B2 04 A2 FC 6E F4 58 43 11 63 13 05 29 A1 "

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

     

    I'm at a total loss and need help...

    Friday, June 8, 2007 11:06 AM
  • Have you run the feature configuration wizard with this release (and not a previous release)?  This has to be deployed from the SCE server per install and should create a number of keys in the policy settings.  The server needs to have permissions to the computer account of the server to allow additions of the machines to the security group.

    Friday, June 8, 2007 7:47 PM
  • If this doesn't work could you please e-mail the Operations Manager event log files from both the management server and agent to scedata@microsoft.com?  The log files should be stored in \windows\system32\config.
    Saturday, June 9, 2007 7:46 AM
  •  Marc Reyhner [MSFT] wrote:
    If this doesn't work could you please e-mail the Operations Manager event log files from both the management server and agent to scedata@microsoft.com?  The log files should be stored in \windows\system32\config.

     

    Logs sent.

    Monday, June 11, 2007 11:34 AM
  • Bob I have get the same errors that you mentioned at one of our customers at a lot of clients after remote install agents.

     

    I have resolved it at some of the clients with at the client manual uninstalled the agent ant then installed the agent again.

    After that I have do not found the client at the essential console under administration there it should be ready for be "approved"

     

    The second problem I fixed with running the "discovery wizard and choose the computer and remotely installed it "again..

     

    After all that the computer appeared under computers/all computers 

     

    Tuesday, June 12, 2007 7:38 AM
  • johnez, thanks for the help but I have already tried this on several clients to no avail....I even cleaned out the registry after a manual uninstall.
    Tuesday, June 12, 2007 9:55 AM
  • In the security settings part of the UI for manual agents what is it set to?  Is it set to review or reject new manual agent installs?  If it is set to reject new manual agent installs try changing it to reviewing new manual agent installs.  Once it is on review manual agent install check to see if the agent shows up in the pending agent management list.  Connection attempts from the agent should also get logged by the management server with event "20000" indicating that an unknown client tried to connect and that it should be approved for connecting.
    Thursday, June 14, 2007 6:34 PM
  • Please check the agent machine eventlog and see if you have any communication errors to SCE server.
    Tuesday, June 26, 2007 7:58 PM
  • May be you already got limit of 50 clients ?

    I have the same error on few client, when amount of clients reach 50

    Thursday, June 28, 2007 1:26 PM
  • Hi Bob,

     

    I noticed there are the following symptoms:

     

    When you deploy a System Center Essentials 2007 agent using the Discovery Wizard, the installation completes successfully, but the computer remains in the Pending Management view.

     

    Additionally, OpsMgr Health Service logs an event in the Operations Manager event log that is similar to the following:

     

    Event Type: Error

    Event Source: OpsMgr Connector

    Event Category: None

    Event ID: 21016

    Date: 7/11/2007

    Time: 1:13:07 PM

    User: N/A

    Computer: AGENT

    Description:

    OpsMgr was unable to set up a communications channel to SCEServer.domain.local and there are no failover hosts. Communication will resume when SCEServer.domain.local is both available and allows communication from this computer.

     

    Possible Causes:

    -----------------------------------------

     

    The pending management status and the error event indicate that the client was unable to successfully connect to the SCE server. General network connectivity problems may cause this. Let's check the following:

     

    1. A firewall is enabled in the environment, and without an exception turned on (maybe not for your case);

     

    2. The clients are deployed in a untrusted domain or workgroup;

     

    3. The group "Authenticated Users" on SCE server DO NOT has the permission to "Access this computer from the network".

     

    4. There is a duplicate SPN issue for the SCE server.

     

    The best way to find a duplicate SPN from a command line is to execute the following command:

     

    ldifde -f <filename> -d "<dc=domain-netbiosname,dc=primary-domain>" -l serviceprincipalname -r "(serviceprincipalname=<serviceprincipalname-to-check-for-duplicates>)" -p subtree

     

    e.g. :

    ldifde -f myfile.txt -d "<dc=mydomain,dc=com>" -l serviceprincipalname -r "(serviceprincipalname=HTTP/mysite.mydomain.com)" -p subtree

     

    You may check the output “myfile.txt” for more information.

     

    5. We can also capture a network monitor trace on the client computer to get more hints.

     

    I hope the suggestion is helpful. And waiting for your feedback.

    Wednesday, July 11, 2007 1:21 PM
  • Hi, Bob

     

    As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many similar scenarios.

     

    If the issue still persists and you want to return to this question, please reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.

     

    In addition, we’d love to hear your feedback about the solution. By sharing you experience you can help other community members facing similar problems.

     

    Thanks!

     

    ----------------------------------------------     

    Sincerely,

    Yog Li

    Microsoft Online Community Support


     

    Thursday, July 19, 2007 12:09 PM
    Moderator
  • I'm having this same issue, but none of the suggestions listed here are helping my situation. I was wondering if you have any more informaiton that may help. Our clients do not have the firewall enabled (unless off network).

     

    I can manage the machine remotely through RDP and computer management to see the services and event logs using the same account that I installed the agent with, it just won't report back to the server (the exact error listed in this thread).

     

    Any suggestions?

    Thursday, September 13, 2007 9:40 PM
  • Hi,

     

    I noticed that you have opened a new thread, which is the same issue I think.

     

    Agent installation problems

    http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=2138453&SiteID=17

     

    According to the error description (in the new thread), that the configuration registry key is invalid, I think you may resolve this issue by following the steps mentioned in this article:

     

    How to manually rebuild Performance Counter Library values

    http://support.microsoft.com/kb/300956/en-us

     

    Hope it helps. Thanks.

     

                                                

    Sincerely,

    Yog Li

    Microsoft Online Community Support

    Friday, September 14, 2007 10:53 AM
    Moderator
  • Actually that was a separate post, different problem. The issue that I am having is the same as this one that I am posting to, the computer has the agenty installed but will not report back to the management server.

    Friday, September 14, 2007 3:33 PM
  • Hi,

     

    Thanks for your update.

     

    Could you please open a new thread so that we can discuss it there? Generally we only focus on one topic in one thread, because in this way it will be better for other community members to participate in the discussion, and to search/find specific answers more efficiently in the future. 

     

    Also, in the new thread, please provide the details about the issue and the screenshots if possible. Thank you for your understanding!

     

    Thanks.

     

                                                

    Sincerely,

    Yog Li

    Microsoft Online Community Support

     

    Monday, September 17, 2007 11:39 AM
    Moderator
  • I'm having the same issue as above and its driving me nuts. Its on one sugle agent, I have 14 other working fine and which I think rules out the spn issue. I've tried wiping the client clean and reinstalling several time and it just hange. No useful logging anywhere easily visable in the event logs or SCE interface, which is defintely a feture that should have been included in the dashboards. So if there is any further info to point me to what issue not mentioned above is causing this please let me know.

     

    Pat

    Sunday, December 2, 2007 4:00 PM
  • Hi Guys,

    I had similar issue under the SCOM 2012 R2. Some of the SCOM Agents has been installed manually by using*.msi file on the servers. Such Agents were not visible under "Pending Management" in the SCOM Administration Console.

    When I try the Discovery Wizard...  process I got the message that these computers are pending for approval already (agents has been installed already). Only one agent at once showed up in Pending Management but when I tried to approve it, I get the error message with generic ID and "Index was out of range" error.

    I've deleted the "C:\Program Files\Microsoft System Center 2012 R2\Operations Manager\Server" (rename it to the ..._old) and restart the SCOM Health Service (net stop/start healthservice), I flushed the DNS cache (ipconfig /flushdns) but it didn't help.

    I run the "Get-SCOMPendingManagement" command from the SCOM Power Shell (send the result to a text file "... > C:\result.txt") and I saw that all missing servers were described as:

    AgentName              : server_name
    ManagementServerName   : scom_server_name
    AgentPendingActionType : ManualApproval
    LastModified           : date
    ManagementGroup        : SCOM_managementgroup_name
    ManagementGroupId      : server_id

    It shows that SCOM is aware of those SCOM Agents but probably due to some SCOM bug such agents didn't show up in the Pending Management properly and "Approval" didn't work for them properly.

    So I've reconfigured SCOM (Administration -> Settings -> Security) and in addition to the "Review new manually agent installations in pending management view" I've check the "Automatically approve new manually installed agents". Then I've restarted the SCOM HealthService on the SCOM Management Server (net stop/start healthservice)

    After the restart, when I opened MoerationManager console the previously pending servers were now in the "Agent Managed" folder (Not monitored, at the begining, but Healthy after few minutes when SCOM get the status from them).

    For Security purpose "Automatic approval" should be disabled but to solve the issue you can enable it.

    As I see its better to install SCOM Agents from SCOM Console than manually from msi file.

    Microsoft should solved this (bug) Maybe in SCOM 2016 it works well.

    Wednesday, June 27, 2018 12:44 PM