Cannot update Opsmgr agent / Pending Management RRS feed

  • Question

  • Hi,

    We have some w2k servers in the DMZ and  the Opsmgr agents are manually installed. After adding a new MP and updating the existing MPs all agents are automatically updated except the one in DMZ. I have found them in "Pending Management" approved them to be updated. But I got the follwing error

    "The MOM Server could not execute WMI Query "Select * from Win32_OperatingSystem" on computer senldogo0081.springer-sbm.com.

    Operation: Agent Install

    Install account: SPRINGER-SBM\SCOM_MSAA

    Error Code: 800706BA

    Error Description: The RPC server is unavailable "

    On the firewall port 135,137,139, 445 and 5723 are between the RMS, MS and the agents are open.

    How can I update the agents?



    Monday, March 2, 2009 3:59 PM


  • Hi,

    1. Make sure that RPC traffic is open on the firewall between the SCE server and the client. For example, if you have a ISA firewall, make sure the RPC filter is disabled.


    Just for your reference, the following are port requirements of the remote procedure call (RPC):


    RPC run-time on one server always connects to the remote server's RPC Endpoint Mapper at a well-known port (port 135). The RPC Endpoint Mapper then assigns dynamically assigned ports between 1024-65535 (by default) for replication.

    This is why by default port 135 TCP/UDP and ports 1024-65535 TCP must be open for RPC to work.


    2. Verify that Enable RSS, Enable TCP and Enable TCP Chimney were set to 0 in registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters.

    Here is a KB article for your reference:


    The Microsoft Windows Server 2003 Scalable Networking Pack release



    3. Verify RPCSS is enabled. Please refer to:


    Error messages are logged in the SQL Server error log when you use SQL Server 2000 on a computer that is running Windows 2000 Server Service Pack 4 or Windows Server 2003


    4. Please ensure the client is a member of "SCE Managed Computers" group in AD users.


    5. Please make sure two GPO which are created during installation set to enforce.


    6. Enable "Windows Firewall: Allow inbound remote administration exception". Refer to the following article:


    7. If you do have a program exception, but wish to still prevent allow local program exceptions, then you can add a further remote program exception to your group policy as follows:


    %SystemRoot%\422C3AB1-32E0-4411-BF66-A84FEEFCC8E2\MOMAgentInstaller.exe:SCE server IP address:enabled:MOMAgentInstaller


    How to Change Windows Firewall Exceptions for System Center Essentials



    8. Check whether you can resolve the client’s name correctly.


    9. Reboot the client, and then try to install then agent again.

    • Marked as answer by Eric Zhang CHN Wednesday, March 11, 2009 7:54 AM
    Wednesday, March 4, 2009 9:44 AM