Symptoms
The System Center Operations Manager (SCOM) agent can be deployed to Windows computers either via "remote push" from a management server or it can be manually installed on a target computer using MomAgent.msi. If the installation of the agent is not successful, there are a number of troubleshooting steps that can be used depending on where the error is occurring and how the agent will be deployed.
Resolution
Verify the target computer meets the supported configurationThe initial step in troubleshooting installation of the Operations Manager agent on a Windows computer is to verify that the potential agent meets the supported hardware and software configuration. The following articles lists the requirements for an Operations Manager 2007 and a 2012 agent:
If the target system is a Unix/Linux computer, verify that the distribution and version are supported. Please note that support for some versions of Operations Manager 2007 require post-R2 cumulative updates. The following article has the supported versions of Unix/Linux:
Troubleshooting Agent Deployment via the Discovery Wizard in the Operations Manager Console
If the agent will be deployed by means of discovery from the Operations Manager console, the agent will be installed from the management server or gateway server specified in the discovery wizard to manage the agent, not the server the operations console was connected to when it opened. Any testing, therefore, should be conducted from the management server or gateway specified when the wizard is run or a different management server/gateway should be specified during the wizard to see if the same error occurs.
If the agent will be deployed by means of discovery from the Operations Manager console, the agent will be installed from the management server or gateway server specified in the discovery wizard to manage the agent, not the server the operations console was connected to when it opened. Any testing, therefore, should be conducted from the management server or gateway specified when the wizard is run or a different management server/gateway should be specified during the wizard to see if the same error occurs.
- Problem:
The wizard does not display a list of potential agents to install.
Cause:
The credentials specified in the wizard during the initial discovery should have permission to search Active Directory for potential Operations Manager agents. If this account is not able to connect to Active Directory, then the Discovery Wizard will fail.
Typical errors that appear may be:- Error Code: 800706BA
Error Description: The RPC server is unavailable - Error Code: 80070079
The MOM Server failed to perform specified operation on computer "name". The semaphore timeout period has expired. - Error Code: 80070643
The Agent Management Operation Agent Install failed for remote computer "name"
Possible Resolutions:- During discovery, specify an account that has both domain administrator permissions and is a member of the Operations Manager Admins group.
- If the LDAP query times out, or is not able to resolve the potential agents in Active Directory, discovery can be performed via the Operations Manager Command Shell. See the following section "Troubleshooting Agent Deployment via the Operations Manager Command Shell"for additional information.
- Error Code: 800706BA
- Problem:
The intended target computer is not in the list of potential agents after the initial discovery runs.
Cause:- The computer is already identified in the database as part of the management group.
- The computer is listed under 'Pending Actions' in the Operations Console.
Possible Resolutions:- If the target computer is listed in the 'Pending Actions' node of the 'Administration' space in the Operations Console, the existing action must either be approved or rejected before a new action can be performed. If the existing install settings are sufficient, approve the pending installation from the console. If the existing settings are incorrect, reject the pending action, then run the discovery wizard again.
- Problem:
The discovery wizard encounters one of the following errors while trying to install the agent:- Operation: Agent Install
Error Code: 800706D9 - Error Description: Unknown error 0xC000296E
- Error Description: Unknown error 0xC0002976
- Error Code: 80070643
Error Description: Fatal error during installation.
Cause:- The account previously specified to perform the agent installation in the discovery wizard will need to have permissions to connect remotely to the target computer and install a Windows service. This requires local administrator permissions due to the requirement to write to the registry.
- Group policy restrictions on the management server computer account, or the account used for agent push, can prevent successful installation. Group Policy Objects in Active Directory that prevent the Management Server computer account, or the user account used by the Discovery Wizard, from remotely accessing the Windows folder, the registry, WMI or administrative shares on the target computer can prevent successful deployment of the Operations Manager agent.
- The Windows Firewall is blocking ports between the Management Server and the target computer.
- Required services on the target computer are not running.
Possible Resolutions:- If the credentials specified in the wizard do not have local administrator permissions, add the account to the local Administrators security group on the target computer, or use an account that is already a member of that group.
- Block group policy inheritance on the target computer, or the user account performing the installation.
- If an agent install is failing when using a domain account to push the agent from a management server, the use of Windows administrative tools can help identify potential issues. Log onto the Management Server under the credentials in question and attempt the following tasks. If the account does not have permission to log onto the management server, the tools can be run under the credentials to be tested from a command prompt.
- "RUNAS /user:<username> compmgmt.msc". From the 'Action' menu item, select 'connect to another computer'. Browse or type in the remote computer name. Try to open event viewer and brows any of the event logs.
- "RUNAS /user:<username>services.msc". From the 'Action' menu item, select 'connect to another computer'. Browse or type in the remote computer name. Attempt to start or stop print spooler or any other service on the target computer.
- "RUNAS /user:<username> regedt32.exe". From the File' menu item, select 'connect network registry'. Browse or type in the remote computer name. Try to open "HKey_Local_Machine" on the remote machine.
- "RUNAS /user:<username>Explorer.exe". Type the following in the address bar: \\admin$
If any of these tasks fail, try using a different account known to have Domain Administrator or Local Administrator (on the target computer) permissions. Also try the same tasks from a member server or workstation to see if the tasks fail from multiple machines.
Failure to connect to the admin$ share may prevent the Management Server from copying setup files to the target. Failure to connect to the Windows Registry on the target can cause the Health Service to not be installed properly. Failure to connect to Service Control Manager will prevent setup from starting the service.
- The following ports must be open between the Management Server and the target computer:
- RPC endpoint mapper Port number: 135 Protocol: TCP/UDP
- *RPC/DCOM High ports (2000/2003 OS) Ports 1024-5000 Protocol: TCP/UDP
- *RPC/DCOM High ports (2008 OS) Ports 49152-65535 Protocol: TCP/UDP
- NetBIOS name service Port number: 137 Protocol: TCP/UDP
- NetBIOS session service Port number: 139 Protocol: TCP/UDP
- SMB over IP Port number: 445 Protocol: TCP
- MOM Channel Port number: 5723 Protocol: TCP/UDP
- The following services must be enabled and running on the target computer:
- Netlogon
- Remote Registry
- Windows Installer
- Automatic Updates
- Operation: Agent Install
This posting is provided "AS IS" with no warranties.
No comments:
Post a Comment