locked
Unable to discover agetless machine on workgroup RRS feed

  • Question

  • Hi,

    I have a scom 2007 sp1 mgmt group with an RMS. I have a gateway server catering to a remote domain, on the same subnet as this gateway server, I have a server in a workgroup. This is a Cisco server running Win2000 server. The cisco guys suggest that if we install the SCOM agent on this machine, cisco application will behave unpredictably... hence the plan for agentless monitoring. But, I am unable to discover the machine, In the discovery wizard, I select the gateway server which is on the same subnet, enter the server name and the local admin credentials but the wizard is unable to find the workgrouped server. Port 5723 is opend from gateway to workgroup server.  The gateway has a valid certificate and is communicating with the RMS. Can anyone help me discover this workgrouped machine.

     

    Monday, June 21, 2010 1:11 PM

Answers

  • "To use agentless management, the management server’s action account must also be a local administrator on the remote computer and must be in the same domain, or a trust relationship must exist between their domains."

    http://technet.microsoft.com/en-us/library/bb735426.aspx

     


    http://OpsMgr.ru/
    Thursday, August 5, 2010 3:54 PM
  • Hi

    Alex has hit the nail on the head for agentless monitoring. You can't use certificates with agentless monitoring to monitor workgroup computers.

    Certificates only works with agent based monitoring (and if you are trying this then I would suggest to manually install the agent and point it at the gateway server during the install - don't forget to enable manual agent installs and then approve the pending installation).

    Cheers

    Graham


    View OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/
    Friday, August 6, 2010 7:58 AM

All replies

  • hi Mel,

    can u follow through with this

    http://technet.microsoft.com/en-us/library/cc950517.aspx


    Damilola Osude, MCITP
    Monday, June 21, 2010 2:00 PM
  • Hi Damilola,

     

    Had a look at the link, the instructions works for a machine within the same domain or a remote domain, but not working for our workgroup server for some reason. Comes up with discovery failed.. no events logged in the evenviewer as well, so I am not sure what could be causing this.

     

     

    Monday, June 21, 2010 3:29 PM
  • no errors...hmmm. well maybe you can check to see between the gateway server and the work group computer if they can communicate with each other..try doing a ping from gws to wrkgroup client, if they cannot communicate, then u can edit the host file and add an entry for the gate way server on the work group computers.
    Damilola Osude, MCITP
    Monday, June 21, 2010 3:59 PM
  • Hi Damilola,

    Thank you for the response. nslookup is able to find the workgroup server since I have added an alias on the DNS server. name resolution works from the workgroup server to the gateway server as well without any errors.

    Monday, June 21, 2010 4:11 PM
  • hi Mel,

    you may need to install a cert for the workgroup machine to enable it communicate with the gateway server. though this is specified as a requirement for agent managed workgroup computer in a gateway server scenario it might as well work for your scenario. you can look through the operations manager gateway server scenario here.

    Hope it helps!


    Damilola Osude, MCITP
    Tuesday, June 22, 2010 6:44 AM
  • Hi,

     

    I have imported the certificate from the same CA that provided certs for the RMS and gateway server.

    Looking at the evtvwr of the gateway server, I noticed this error at the time I ran the discovery on the RMS. Though I am surely entering the correct password. I am able to login to the workgroup server using the local Admin credentials that I enter for the discovery process.

    Event Type: Error
    Event Source: Health Service Modules
    Event Category: None
    Event ID: 11551
    Date:  22/06/2010
    Time:  12:19:45
    User:  N/A
    Computer: LBCLCYDC1PRE
    Description:
    Computer verification failure for Machine Name: lbclcycmspre is 0x80070005. Access is denied.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Tuesday, June 22, 2010 1:52 PM
  • did u enable agent proxy on the gateway server at the rms? to do so go to admin console, from agent managed computers, select the gateway server , right click and select properties . on the security tab check the enable as proxy agent.

    You can also check if dcom is enabled on the workgroup computer. you could read through this thread  here too


    Damilola Osude, MCITP

    Tuesday, June 22, 2010 2:53 PM
  • Please check if this article will help:

    The Discovery Wizard may stop responding during the discovery process in Microsoft System Center Operations Manager 2007:

    http://support.microsoft.com/kb/941409/en-us


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, June 23, 2010 3:12 AM
  • Hi Damilola and Vivian,

    Agent Proxy and DCOM are enabled.

    is_broker_enabled  has been set to 1

    Regards,

    Wednesday, June 23, 2010 4:51 PM
  • Hi Mel,

     

    I'm wondering if you managed to track this problem down? I'm having the same problem.

     

    Many thanks, Steve

    Thursday, August 5, 2010 3:33 PM
  • "To use agentless management, the management server’s action account must also be a local administrator on the remote computer and must be in the same domain, or a trust relationship must exist between their domains."

    http://technet.microsoft.com/en-us/library/bb735426.aspx

     


    http://OpsMgr.ru/
    Thursday, August 5, 2010 3:54 PM
  • Hi

    Alex has hit the nail on the head for agentless monitoring. You can't use certificates with agentless monitoring to monitor workgroup computers.

    Certificates only works with agent based monitoring (and if you are trying this then I would suggest to manually install the agent and point it at the gateway server during the install - don't forget to enable manual agent installs and then approve the pending installation).

    Cheers

    Graham


    View OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/
    Friday, August 6, 2010 7:58 AM
  • Hi Mel,

    I'm in the same boat as you. Can't get an agent on and it doesn't share a domain with either gateway or another agent.

    I managed to get a little further on this though, past discovery wizard anyway. You can trick the discovery mechanism into adding the agentless workgroup host by adding a dummy entry for that machine name to the AD. The discovery wizard find this one, then you can move on and select 'agentless' and assign your workgroup host to the DMZ gateway.

    Unfortunately I haven't managed to get the discoveries working right yet. Seems to me there should be a way to get this working - basemanagedentity and mt_computer values look ok and gateway action account has admin on agentless host so registry probe and wmi queries should be able to work (they run manually). I reckon there's a way to get this working but unfortunately I've run out of time and will do this another way.

    I'd be interested if anyone else carries this further and gets it working though.

    Steve
    Monday, August 9, 2010 8:44 AM