Trying to give something back to the Community...
Feed: The Operations Manager Support Team Blog
Here's another interesting issue I came across the other day that I thought I would share with you just in case you happen to find yourself in a similar situation. Hopefully if you do then this will help you get all this working the way it should.
Scenario: An RMS in a parent domain and client agents that are domain controllers in a child domain in a DMZ.
The manual agent install goes fine on the clients but the agents never appear in the operators console despite Review New Manual agent installations in pending management View and Auto–approve New manually installed agents settings in SETTINGS—SECURITY –GENERAL.
The following event shows up on the agents:
Event Type: Error Event Source: OpsMgr Connector Event Category: None Event ID: 20070 Computer: DC Description: The OpsMgr Connector connected to <domain>, but the connection was closed immediately after authentication occurred. The most likely cause of this error is that the agent is not authorized to communicate with the server, or the server has not received configuration. Check the event log on the server for the presence of 20000 events, indicating that agents which are not approved are attempting to connect.
This event shows up on the server:
Event Type: Error Event Source: OpsMgr Connector Event Category: None Event ID: 20002 Description: A device at IP <addr> attempted to connect but could not be authenticated, and was rejected.
None of the agents show up in any of the following tables under Opsmgrdb:
Dbo.Mt_Computer Dbo.Mt_healthservice Dbo.Mt_healthservicewatcher dbo.AgentPendingActions
The following powershell command returns nothing:
The product documentation does not talk much about this scenario other than having port 5723 open from the agent to the server:
Regardless, what I’ve found is that we also need to have port 88 and port 389 opened between the agent and the RMS if they’re separated by a firewall. This has worked for me just about every time I’ve found myself in this situation.
Hope this helps,
Read the complete post at http://wmug.co.uk/blogs/cliffs_blog/archive/2009/02/18/opsmgr-port-requirements-for-scom-agents-in-a-dmz.aspx