locked
Cannot update Opsmgr agent / Pending Management RRS feed

  • Question

  • Hi,

    We have some w2k servers in the DMZ and  the Opsmgr agents are manually installed. After adding a new MP and updating the existing MPs all agents are automatically updated except the one in DMZ. I have found them in "Pending Management" approved them to be updated. But I got the follwing error

    "The MOM Server could not execute WMI Query "Select * from Win32_OperatingSystem" on computer senldogo0081.springer-sbm.com.

    Operation: Agent Install

    Install account: SPRINGER-SBM\SCOM_MSAA

    Error Code: 800706BA

    Error Description: The RPC server is unavailable "

    On the firewall port 135,137,139, 445 and 5723 are between the RMS, MS and the agents are open.

    How can I update the agents?

    Thanks

    SamsonW



    Monday, March 2, 2009 3:59 PM

Answers

  • Hi,

    1. Make sure that RPC traffic is open on the firewall between the SCE server and the client. For example, if you have a ISA firewall, make sure the RPC filter is disabled.

     

    Just for your reference, the following are port requirements of the remote procedure call (RPC):

     

    RPC run-time on one server always connects to the remote server's RPC Endpoint Mapper at a well-known port (port 135). The RPC Endpoint Mapper then assigns dynamically assigned ports between 1024-65535 (by default) for replication.

    This is why by default port 135 TCP/UDP and ports 1024-65535 TCP must be open for RPC to work.

     

    2. Verify that Enable RSS, Enable TCP and Enable TCP Chimney were set to 0 in registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters.

    Here is a KB article for your reference:

     

    The Microsoft Windows Server 2003 Scalable Networking Pack release

    http://support.microsoft.com/kb/912222

     

    3. Verify RPCSS is enabled. Please refer to:

     

    Error messages are logged in the SQL Server error log when you use SQL Server 2000 on a computer that is running Windows 2000 Server Service Pack 4 or Windows Server 2003
    http://support.microsoft.com/kb/917405

     

    4. Please ensure the client is a member of "SCE Managed Computers" group in AD users.

     

    5. Please make sure two GPO which are created during installation set to enforce.

     

    6. Enable "Windows Firewall: Allow inbound remote administration exception". Refer to the following article:

     

    7. If you do have a program exception, but wish to still prevent allow local program exceptions, then you can add a further remote program exception to your group policy as follows:

     

    %SystemRoot%\422C3AB1-32E0-4411-BF66-A84FEEFCC8E2\MOMAgentInstaller.exe:SCE server IP address:enabled:MOMAgentInstaller

     

    How to Change Windows Firewall Exceptions for System Center Essentials

    http://technet.microsoft.com/en-us/library/bb437377.aspx 

     

    8. Check whether you can resolve the client’s name correctly.

     

    9. Reboot the client, and then try to install then agent again.

    • Marked as answer by Eric Zhang CHN Wednesday, March 11, 2009 7:54 AM
    Wednesday, March 4, 2009 9:44 AM