none
Target address is not reachable RRS feed

  • Question

  • WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. 
       It is possible that:
       1. The destination computer is unreachable (because it is down, or due to a firewall issue).
       2. The destination certificate is signed by another certificate authority not trusted by the management server.
       3. The destination has an invalid certificate, e.g., its common name (CN) does not match the fully qualified domain name (FQDN) used for the connection.
       4. The servers in the resource pool have not been configured to trust certificates signed by other servers in the pool.

    We are not able to telnet from management server to destination server (linux) for port 1270.

    Can someone assist us

        
    Tuesday, August 27, 2019 8:36 PM

Answers

All replies

  • Hello,

    If you are not able to telnet to port 1270 (TCP) it appears that the firewall port is not open, Linux servers often have an iptables firewall that blocks this port by default, so make sure that the required firewall port is open.

    You'll find the list of firewall ports over here:
    Configuring a Firewall for Operations Manager


    Best regards,
    Leon


    Blog: https://thesystemcenterblog.com LinkedIn:

    Tuesday, August 27, 2019 9:01 PM
  • Dumb question but do you get this error message when you try to install the agent? If yes, it's normal you can't telnet to 1270 yet, as it's the port used by the agent once its installed and running.

    Otherwise, I agree with Leon, check iptables or firewalld on linux server and any other potential firewall in between scom and linux server

    Wednesday, August 28, 2019 6:48 AM
  • Hi,

    Yes, we may use the following command to check WinRM connectivity (from management server):

    winrm enumerate http://schemas.microsoft.com/wbem/wscim/1/cim-schema/2/SCX_Agent?__cimnamespace=root/scx -username:<Linux user> -password:"<Linux password>" -r:https://<Linux server>:1270/wsman -auth:basic -encoding:utf-8



    note: the Linux server name should be resolved (either by DNS server or operations manager hosts file)

    If it fails, check if port 1270 is enabled (from Linux sever), see below example from a debian 7 server:



    Hope the above information helps.

    Regards,

    Alex Zhu
    -----------------------------------------------
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, August 28, 2019 7:31 AM
  • Hi 

    As i checked with unix and network team they have confirmed port 1270 is open and there is no firewall .

    but still same issue

    Wednesday, August 28, 2019 11:56 AM
  • What about all the rest of the error message?

    Did you properly setup Linux monitoring certificates and resource pool?

    Are you using the actual proper linux server name (run "hostname" on the linux server to find it) when you try to push the agent?

    Wednesday, August 28, 2019 12:25 PM
  • HI 

    yes resource pool is correct , because we are able to do other server . only one server is having problem like this.

    hostname is correct

    Wednesday, August 28, 2019 6:36 PM
  • Hi,

    were you able to get the server monitored again? What was the cause? Thanks in advance for your feedback and for marking all the answers that helped you. 

    Regards,


    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer" where applicable. This helps the community, keeps the forums tidy, and recognizes useful contributions. Thanks!) Blog: https://blog.pohn.ch/ Twitter: @StoyanChalakov

    Friday, September 13, 2019 8:38 AM
    Moderator