Troubleshoot MOM 2005 Agent Installation

This section provides troubleshooting solutions for issues that might occur during the installation of MOM 2005 agents.

Agent Behind Firewall Fails to Connect to MOM Server

The manual installation of an agent fails if the agent is located behind a firewall.

Solution

An agent can be successfully installed on computers located behind a firewall. The following four procedures must be completed to allow successful installation of agents that are located behind a firewall:

1. Configure the MOM server to accept manual agent installations.

2. Configure the firewall.

3. Configure each computer located behind the firewall.

4. Reconfigure the MOM server to accept manual agent installation.

To configure the MOM server to accept manual agent installations

1. In the MOM Administrator console, expand the Administration node and select Global Settings.

2. In the details pane, select Management Servers.

3. Select the Agent Install tab, and then clear the Reject new manual agent installations check box.

4. On the Administration pane, select Global Settings.

5. On the Security tab, clear the Mutual Authentication Required field.

6. Right-click the Management Pack folder, and click Commit Configuration Change.

7. Stop and then start the MOM Service on all management servers in the management group.

To configure the firewall

1. Configure the firewall to allow the agent to send TCP/UDP data on port 1270 to the MOM server.

2. If IPSec is deployed in the domain, allow IKE client protocol between the firewall and the MOM Server.

To configure each computer located behind the firewall

1. Run setup.exe on the computer behind the firewall.

2. On the MOM 2005 Setup Resources dialog box, click the Manual Agent Install tab, and then click Manually Install Microsoft Operations Manager Agent to launch the Microsoft Operations Manager 2005 agent installation.

3. In the Agent Configuration screen, type in the name of the management server and the management group. Check the Agent control level to ensure that it is at none.

4. You might receive an error message stating that the management server cannot be contacted. This behavior is expected. Click OK to continue.

5. On the Active Directory Configuration screen, select No. This disables mutual authentication.

6. In the Summary screen, click Finish.

7. Allow at least 60 seconds for the agent to attempt to connect to the management server.

To configure the MOM server

1. In the MOM Administrator console, expand the Administration node, expand Computers, and then click Pending Actions.

2. Right-click the icon of the agent computer, and click Approve Manual Agent Installation Now.

3. Click Yes.

Agent Installation Fails Due to Security Settings

In an Active Directory environment, mutual authentication between agents and the MOM Server is required by default. If mutual authentication is not enabled during agent installation, the installation fails.

Solution

To resolve agent installation failures caused by mutual authentication settings during manual agent installation, click Yes in the dialog box that asks whether mutual authentication is required.

If you do not want to use mutual authentication, you can disable it.

To disable mutual authentication

1. In the MOM Administrator console, expand Administration and then click Global Settings.

2. On the Administration pane, select Global Settings.

3. Select the Security tab, and clear the check box in the Mutual Authentication Required field.

4. Right-click the management pack folder, and click Commit Configuration Change.

5. Restart the MOM Service on all Management Servers in the management group.

Check Agent Installation Logs for Failure Information

The console view that lists deployment issues does not list agent installation failures. Most deployment issues are viewed in the Deployment view of the Operations console. This view is seen by selecting Global Views, Microsoft Operations Manager, and then clicking Deployment.

Solution

To check for agent installation issues, open the agent installation log located in the %ProgramFiles%\Microsoft Operations Manager 2005\Agent Logs folder.

Error Code: 5 Access Is Denied

This message can appear when the user account provided to the agent installer does not have administrative rights to the agent computer.

Solution

Add the user account used for installing agents to the Administrators local group on the agent computer.

Agent Does Not Appear in Pending Actions After Installation

Agents may not appear in the Pending Actions folder of the Administrator Console after manual installation. This can happen if the agent is covered by a discovery rule or is already listed in Unmanaged Computers prior to manual installation.

Solution

If the agent has a discovery rule already created, delete the discovery rule. If the agent appears in the Unmanaged Computers list, delete it from the list. In both cases, the agent should appear in the Pending Actions folder for approval when it next attempts to connect to the MOM Server.

Error: Event ID 21218

An informational error appears in the Event log with the Event ID of 21218 when an agent cannot load any cached configuration information. This error occurs if the cache configuration file is missing. This file is not present when a Management Server and agents are newly installed.

Solution

This error is expected and no action is required.

Related Links

• How to install and manage Microsoft Operations Manager 2005 agent computers that are behind a firewall or in an untrusted domain
• The Microsoft Operations Manager (MOM) 2005 agent does not download any rules or send any information back to the MOM 2005 Management Server