none
SCOM 2007 R2 Agent Managed Object stays in "Not monitored" status RRS feed

  • Question

  • I pushed the scom agent on some servers and three of those servers stayed with "Not monitored" status in Agenet Managed.  I checked the service, they're set to Auto and running.  I reset the service without any problem but not communicating with management servers?  Would you have any idea?  Thanks, Ziba
    Tuesday, October 20, 2009 6:55 PM

Answers

  • Hi Ziba

    What is the DNS name of the machine - right click my computer, properties, Computer Name tab. What is the full computer name listed there? What is the domain name listed there?

    If you search for this computer object in AD, what is the FQDN?

    Also, on the Primary Management Server, are there any entries in the operationsmanager event log for these servers?

    As Anders has pointed out further up the thread, it could be a AD \ DNS configuration issue. I have seen this quite frequently.

    If not, if you do a netstat -an from the command prompt on the Primary Management Server for the agents, can you see the IP addresses of the agents that are "Not Monitored" listed in the output (you may want to pipe the output to a text file to look at).

    Do you have another Management Server that you could use as the agents Primary Management Server? Try pushing "from" there instead (even the RMS for a test)?

    Cheers

    Graham


    View OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/
    • Marked as answer by ZibaK Saturday, October 24, 2009 3:59 AM
    Friday, October 23, 2009 5:07 PM
    Moderator

All replies

  • Hi Zibak.

    Stupid question perhaps, but are the servers/agents approved in the Console?
    Best regards, Marnix Wolf

    (Thoughts on OpsMgr)
    Tuesday, October 20, 2009 6:56 PM
    Moderator
  • Did you import a Management pack?

    Also look in the eventlog if the agent is requesting new configuration from the Management server.
    Also look if you have WMI issues.

    Regards
    Greetz,

    Arie de Haan
    MVP SCOM
    This posting is provide "AS IS" with no guarantees, warranties, rigths etc.
    Tuesday, October 20, 2009 10:07 PM
    Moderator
  • Hi Marnix, questions coming from you! Never stupid :)  Yes, it's server and I installed the agent using discovery wizard.  They are in console (agent managed) but not sure where to look if they're approved or not.  There are nothing on pending.
    Tuesday, October 20, 2009 11:46 PM
  • Hi Arie, the event log says that the service may disabled or set to manaul.  The service is set to Auto and running.  I am able to reset it without any problem.

    Tuesday, October 20, 2009 11:48 PM
  • Hi,
    When you restart the health service on the agent, can you see which events you get in the operations manager event viewer, and also post a couple of them here, if there are warnings or critical events.
    Anders Bengtsson | Microsoft MVP - Operations Manager | http://www.contoso.se
    Wednesday, October 21, 2009 7:25 AM
    Moderator
  • I stopped the service and the event log shows this event (Information) HealthService (3680) The database engine stopped.  Event ID: 101 Source: Health Service ESE.

    I started the service and event log shows the event (critical) Source: OpsMgr Connector .  Event ID: 20070. 

    The OpsMgr Connector connected to (MS Server.  . ..), but the connection was closed immediately after authentication occurred. The most likely cause of this error is that the agent is not authorized to communicate with the server, or the server has not received configuration. Check the event log on the server for the presence of 20000 events, indicating that agents which are not approved are attempting to connect.


    Here are more related event logs:

     

    Source: OpsMgr Connector.  Event ID: 21023.  OpsMgr has no configuration for management group (....) and is requesting new configuration from the Configuration Service. (critical)

    Source: OpsMgr Connector.  Event ID: 21016.  OpsMgr was unable to set up a communications channel to (MS Server .  . . ) and there are no failover hosts. Communication will resume when  (MS Server . . . .) is available and communication from this computer is allowed. (critical)

     

    Wednesday, October 21, 2009 11:47 AM
  • Hi Zibak.

    How is the security of OpsMgr set when it comes to approving manual installed Agents? Because is that what these servers are? Manually installed Agents they have? Looks like it though.


    Best regards, Marnix Wolf

    (Thoughts on OpsMgr)
    Wednesday, October 21, 2009 12:07 PM
    Moderator
  • It looks like it but I used the discovery.  The security setting is set to Review new manual agent installations in pending management view.
    Wednesday, October 21, 2009 12:29 PM
  • is the machine in AD and everything works with that communication?
    Anders Bengtsson | Microsoft MVP - Operations Manager | http://www.contoso.se
    Wednesday, October 21, 2009 12:59 PM
    Moderator
  • Yes, I was able to install the agent without any problem.
    Wednesday, October 21, 2009 1:13 PM
  • There seems to be a problem with authentication.
    Any clues in the eventlog on the Management Server?
    Also, because you just setup the agents and don't have a lot of monitoring going on, i presume, i suggest you uninstall the agent. On the agent itself and delete any objects in opsmgr.

    then check to see if there are no more errors/warnings in the eventlog and install the agent again.
    Greetz,

    Arie de Haan
    MVP SCOM
    This posting is provide "AS IS" with no guarantees, warranties, rigths etc.
    Wednesday, October 21, 2009 5:07 PM
    Moderator
  • Bothe scom servers (RMS and MS) are in "Warning" status.  All three servers (with this issue) were recently moved to the new domain\ou and they're all windows 2000 servers (their dns suffix is correct).  I have uninstalled and reinstalled the agent.  I have installed agent manually on one of these servers and approved it (it's under the scom (RMS) but still with the same status (empty circle with not monitored)

    I copied this event from the scom (MS) server.

    Log Name:      Operations Manager
    Source:        OpsMgr Connector
    Date:          10/21/2009 1:28:49 PM
    Event ID:      21037
    Task Category: None
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:      MS Server
    Description:
    Operations Manager has received data for management group '...' from health service "Server Agent".  This health service is attempting to send data from or about health service 184c0aac-0da8-d690-0bec-ee5c0bd1d439 but is not authorized to do so.  The data has been discarded. This may indicate an attack on this health service, or it may be a result of configuration not being in sync across management servers.  Because this event may occur frequently, it will be suppressed for the next 5 minutes.

    I appreciate any help.  Thanks, Ziba
    Wednesday, October 21, 2009 5:43 PM
  • Hi Zibak.

    Now I come to think of it, sounds like a SPN issue. Three sites which I always use for SPN and troubleshooting are:
    1: http://wchomak.spaces.live.com/blog/cns!F56EFE25599555EC!824.entry?sa=646856610
    2: http://blogs.technet.com/jonathanalmquist/archive/2008/08/14/operations-manager-2007-spn-s.aspx
    3: http://blogs.technet.com/kevinholman/archive/2007/12/13/system-center-operations-manager-sdk-service-failed-to-register-an-spn.aspx


    Also has Kevin Holman made a very good posting (never seen a bad posting from him...) about trouble shooting Agents:
    http://blogs.technet.com/kevinholman/archive/2009/10/01/fixing-troubled-agents.aspx

    But first - when I were you - I would check upon how the SPN's are set. #1 tells you how to do that, #2 tells you what it should look like. #3 tells you how to register it manually.
    Best regards, Marnix Wolf

    (Thoughts on OpsMgr)
    Thursday, October 22, 2009 9:03 AM
    Moderator
  • Thank you Marnix, we did the SPN at the begining (registering the sdk account).  Also, question!  If it's the SPN, why works for all the servers but not these three servers?  Is it possible to do that?  I appreciate your help very much.  Thanks, Ziba
    Thursday, October 22, 2009 11:47 AM
  • Hi Zibak.

    That's a good question.

    So the problem is 'only' isolated to these three servers? Indeed, if it is SPN related, then you would see it all over the environment. Stupid question perhaps (even though you say my questions aren't stupid :) ), are these servers in the same trust boundary as the OpsMgr environment? I mean, can Kerberos be used? Or are certificates needed?

    Have you already run the HSLockdown.exe tool on these servers in order to see what is happening here (permissions wise I mean)? http://thoughtsonopsmgr.blogspot.com/2009/09/hslockdown-explained.html 

    And does the blogposting of Kevin Holman shed any light on the topic?
    Best regards, Marnix Wolf

    (Thoughts on OpsMgr)
    Thursday, October 22, 2009 11:56 AM
    Moderator
  • Thanks Marnix, yes they are in the same environment (trust boundary) as all other servers and rms and ms servers.  We don't use certificate.  I will review the HSLockdown.exe tool as well as well as Kevin Holman's topics.  Ziba
    Thursday, October 22, 2009 12:09 PM
  • Hi Ziba

    An interesting issue it is. Keep me posted since I am very interested in the outcome. Feel free to spam this thread as much as you need. :)
    Best regards, Marnix Wolf

    (Thoughts on OpsMgr)
    Thursday, October 22, 2009 12:10 PM
    Moderator
  • Hi Marnix, I tried another bunch of servers and only it happens to windows 2000 servers.  Would you know the components requirement for installing agents?  I remember something about xml 6.0 and if it is not there then pushing the agent will try to install it before installing the agent (just a thought).  Is this a good area to look for the solution?  Thanks,, Ziba
    Thursday, October 22, 2009 3:30 PM
  • Hi Marnix, where to check for Hotfixes required for OS Compatibility since these are windows 2000 servers?
    Thursday, October 22, 2009 4:44 PM
  • Hi Ziba.

    As far as I know W2K) needs SP4 to be installed (http://technet.microsoft.com/en-us/library/bb309428.aspx).

    XML 6.0 parser is also needed but is automatically installed with the Agent. Kevin Holman has written a good posting about what needs to be in place for pushing an Agent to a server: http://blogs.technet.com/kevinholman/archive/2007/12/12/agent-discovery-and-push-troubleshooting-in-opsmgr-2007.aspx.

    However, this doesn't seem to be the issue here since the Agent is installed. It is 'only' not communicating. Perhaps it is a certificate issue (even an Agent which uses Kerberos has a certificate): http://blogs.technet.com/jimmyharper/archive/2009/08/25/health-service-problem-on-windows-2000-agent.aspx

    When I hear about your probs I would say it is the last link which is the probable cause of it.
    Best regards, Marnix Wolf

    (Thoughts on OpsMgr)
    Thursday, October 22, 2009 5:58 PM
    Moderator
  • Thank you Marnix, so far no luck! Also wanted to add that the version for these windows 2000 servers show as "Unkown" may help for troublehshooting.  Thanks, Ziba
    Friday, October 23, 2009 4:02 PM
  • Hi Ziba

    What is the DNS name of the machine - right click my computer, properties, Computer Name tab. What is the full computer name listed there? What is the domain name listed there?

    If you search for this computer object in AD, what is the FQDN?

    Also, on the Primary Management Server, are there any entries in the operationsmanager event log for these servers?

    As Anders has pointed out further up the thread, it could be a AD \ DNS configuration issue. I have seen this quite frequently.

    If not, if you do a netstat -an from the command prompt on the Primary Management Server for the agents, can you see the IP addresses of the agents that are "Not Monitored" listed in the output (you may want to pipe the output to a text file to look at).

    Do you have another Management Server that you could use as the agents Primary Management Server? Try pushing "from" there instead (even the RMS for a test)?

    Cheers

    Graham


    View OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/
    • Marked as answer by ZibaK Saturday, October 24, 2009 3:59 AM
    Friday, October 23, 2009 5:07 PM
    Moderator
  • Hi Graham, the computer name and DNS suffix are corrct.  I am able to discover these servers by FQDN.  The only place that the DNS suffix is not correct is from computer name --> when you click on more... bottun, you see the domain name (not the full dns).  Also, when we did the netstat -an on RMS server, we did not see the IP address for these servers (problem servers).  I pushed the agent using differen management server and still installing the agent without any problem and with "Not Monitored" status.  Tonight, I will change the dns suffix from the More...........  and reinstall or repair the agent.  I will let you know the result.  Thanks for your help as always.  Ziba

    Friday, October 23, 2009 6:38 PM
  • Thank you Graham and Anders (and everyone), that was it!!!! :) It fixed the problem.  I uninstalled the agent --> changed the DNS suffix (Righ click on my computer --> Property --> Computer Name --> More ---> Change the DNS suffix) Rebooted the server -->  Installed the agent successfully (using the discovery and resolved the server name from AD not manaully) and there was the famouse "GREEN CHECK" mark (healthy agent :).  Enjoy your weekend, Ziba

    Saturday, October 24, 2009 4:06 AM
  • Graham,

    I have answered to the questions below. Please help me out to report my agent on console. I have reinstalled the agent manually after deleting the entry from Computer Table in OpsDB.

    Agent is NOTcoming to Pending Management view and throwing errors in agent as 21023, 20070 and 21016.

    What is the DNS name of the machine - right click my computer, properties, Computer Name tab. What is the full computer name listed there? What is the domain name listed there? 
    [Ans] Both DNS name and Computer listed correctly.

    If you search for this computer object in AD, what is the FQDN? 
    [Ans] AD name is also correct.

    If not, if you do a netstat -an from the command prompt on the Primary Management Server for the agents, can you see the IP addresses of the agents that are "Not Monitored" listed in the output (you may want to pipe the output to a text file to look at).
    [Ans] After doing netstat -an, I could see the server listed with "TIME_WAIT" as below

    TCP   <MS Name>:5723     <Agent Name>:2495      TIME_WAIT

    Do you have another Management Server that you could use as the agents Primary Management Server? Try pushing "from" there instead (even the RMS for a test)?

    [Ans] I have tried pushing from console on another MS, but still it is not reporting to console.


    Regards, Suresh

    Tuesday, April 24, 2012 7:20 PM
  • Suresh,

    Did you ever solve your problem? I have the exact same issue as you describe, but nothing will solve it...

    Thanks in advance

    Sunday, April 21, 2013 6:59 PM
  •  Ben it would be best to open a new question and give some specifics about your setup. It is best to start a new question because this one is from two years ago and was closed.

    thank you,

    scott


    Scott Moss MVP (Operations Manager) President - System Center Virtual Users Group |Vice President - Atlanta Southeast Management Users Group (ATL SMUG)
    Please remember to click “Mark as Answer” on the post that helps you!
    my new blog om2012.wordpress.com

    Sunday, April 21, 2013 9:27 PM
    Moderator