Clients stop reporting and switch to Unmanaged in MOM2005 - FCS is part of a PC image RRS feed

  • Question

  • Hi,

    I am having some problems with our installation of FCS in our environment.

    I have the Reporting, Collection and management server roles on 1 server.  The distribution element is through WSUS (Main server in our data centre, and replica servers at each site around the world)

    All of our servers are reporting ok as our all new PC builds (We are rolling out new Hardware with Vista globally)

    The problem happens after a PC has had a problem and needs to be rebuilt.  The machine name stays the same.  We are using Altiris for PC deployment.

    The newly rebuilt PC no longer reports, and appears as unmanaged in MOM administrator.  If I try and use the wizard to "reinstall" the agent it fails.  (We have the firewall enabled on clients as well as the remote regisrty service not running)
    ** note installs ok when firewall turned off and remote registry enabled.

    Why is it that the MOM agent is installed and reports ok from a new build but not from a rebuild.

    This is going to become a serious problem soon as we have over 5000 clients being rolled out.  We cannot be in a position where by rebuilt machines need to have firewalls disabled and remote regisrty enabled to re-install the mom agent.


    Wednesday, September 17, 2008 10:58 AM

All replies

  • Hi Chris
    Have you tried bouncing the MOM service on the server?  Are you interested in keeping the data in the database from before the machine was reimaged?  You might need to do the following:

    1) Take the client machine offline
    2) Use the MOM Admin console to delete the machine from MOM's management
    3) Have the new machine installed via imaging

    Try bouncing the MOM service on the server first though

    Forefront Client Security PM
    Chris Sfanos / Forefront PM
    Thursday, September 18, 2008 4:45 PM
  • Hi Chris,

    I have tried as you have suggested, but I am still having the issue.  We are now in full swing in deploying our new machines world wide, and a good percentage of the new machines end up in 'unmanaged computers'  or in pending wanting to uninstall the agent!

    In addition to this, most of the computers in 'agent managed' last contacted the server a week, two weeks, two months ago.

    I have tried using the push method for the mom agent from the server, and even after having the remote registry enabled and also port 1270 TCP/UDP enabled on the client I still get an RPC error trying to install.

    Any ideas?

    Please let me know if you need any further detail or log files?

    Tuesday, May 12, 2009 2:13 PM
  • If you know of a machine that you have reimaged that is showing up in the unmanaged section try doing the following..

    Check managed computers to see if the same name is in there if so force that to unmanaged and delete both items.
    Check the discovery rules and delete any discovery rule that is in place for that computer name.

    Restart the MOM service on the client and see if this allows it come back and be pending action to become managed.. we approve new clients every 45min after the hour..

    If you are still having issues I would recommend that you call in and open a case with us here at CSS.

    CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response) Check out my blog http://blogs.technet.com/kfalde
    Tuesday, May 12, 2009 5:23 PM