none
Linux Agent Discovery failed: The target address is unreachable

    Question

  • I can't get my discovery to work for any Linux servers. Used this guide: Kevin Holman Linux Guide

    • Added linux server dns and fqdn name at management server hosts file
    • Added management server dns and fqdn name at linux server hosts file
    • Created resource pool
    • Created run as accounts and added them to profiles
    • Configure the Xplat certificates on both management servers
    • ICMP, TCP 1270 and 22 ports are open from management servers -> linux servers (though 1270 does not answer because there is no agent installed)
    • SCOM 2016 UR2

    I get this error message when I try to discover my linux servers:

    WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. 
       It is possible that:
       1. The destination computer is unreachable (because it is down, or due to a firewall issue).
       2. The destination certificate is signed by another certificate authority not trusted by the management server.
       3. The destination has an invalid certificate, e.g., its common name (CN) does not match the fully qualified domain name (FQDN) used for the connection.
       4. The servers in the resource pool have not been configured to trust certificates signed by other servers in the pool.


        



    • Edited by SamiKoskivaara Monday, April 03, 2017 4:08 PM picture added
    Friday, March 31, 2017 8:59 AM

Answers

  • Are you certain that port 1270 is open? On linux servers you often have an iptable firewall that blocks this port by default.
    Friday, March 31, 2017 10:38 AM

All replies

  • Are you certain that port 1270 is open? On linux servers you often have an iptable firewall that blocks this port by default.
    Friday, March 31, 2017 10:38 AM
  • Yes it's open. Checked iptables and there are no blocking rules. I wonder why SCOM is trying to use the 1270 and not ssh 22 when installing an agent.
    Monday, April 03, 2017 4:06 PM
  • It was after all the port 1270 that was closed.
    Tuesday, April 04, 2017 9:27 AM