Deploying Unix/Linux Agents using OpsMgr 2012

<!--[if lt IE 9]>


Comments (37)
  1. Dote78 says:

    Oh, nevermind my last post. The solution is already out there 🙂…/27d1983a-96d2-4900-8730-0a9522d870b4

    Again, thanks for the great post 🙂

  2. Ted T Hacker says:

    Is there a way to configure the run as accounts to install/monitor some Linux servers with a privileged and other servers with an unprivileged account? It seems the configuration only one way or the other for all the servers.

  3. Thanks for the great post.

    It is valuable and amazing as always.

  4. Dote78 says:


    Thanks for the info. I succesfully configured a number of linux using the same credentials for monitoring. But I'm trying to add now another group of linux boxes with a different set of credentials (as I dont want to share a privileged account between all my servers) and when trying to add the credentials to the profile, the "All targeted objects" option is not available anymore.

    Is it possible to monitor several Linux machines using different SUDOer accounts for each one?

    Thanks a lot


  5. cchelten says:

    Agreed this document helped out so much. I appreciate the share.

  6. Dominique says:

    Excellent document again….

    I do not see any Resouce Pools in my environment even I have about 100 Cross Platform agent running monitored and alerting properly, is it normal?

    Is it only SCOM 2012?

    As I have VMs managed in SCOM through nWorks from Veeam/VMware using the vCenter what is the main difference in the informtion provided by the two ways to managed the VM/Linux machine?



  7. Barry says:

    we are getting below error when using a privileged account

    Failed during SSH discovery. Exit code: 1

    Standard Output: Sudo path: /usr/bin/

    Standard Error: sudo: no tty present and no askpass program specified

    Exception Message:

  8. Raksha says:

    HI Kevin,

    Could you please help me in including the SCOM R2 agent in our Server Template.

    Is it there any power shell script to install manually.

    We are planning to automate the SCOM agent installation by adding the agent to Template. But we have different SCOM gateway server for different domain.

    P Lease help if there any solution for this.



  9. lee cooper says:

    hi kevin

    i followed your instuctions as detailed above but i seem to be getting the following error i dont know if i missed something out what do you think

    Failed to sign kit. Exit code: 1

    Standard Output: Failed to start child process '/sbin/init.d/scx-cimd' errno=13


    Standard Error: cp: cannot create /etc/opt/microsoft/scx/ssl/scx.pem: Permission denied

    Exception Message:

  10. Geet says:

    Hi Kevin,

    Do you have the Solution to fix the below error:

    Failed to sign kit. Exit code: 1

    Standard Output: Failed to start child process '/sbin/init.d/scx-cimd' errno=13


  11. do you need an agent on the AIX system says:

    I know how to get the .cert to the unix system (aix) but dont they need an agent on their side and where do you get it from?

  12. i am trying to discover and install agent into Linux machines throught SCOM 2012 . Below is the error i am facing …please someone help em Failed to sign kit. Exit code: 1 Standard Output: Failed to start child process ‘/etc/init.d/scx-cimd’ errno=13
    RETURN CODE: 1 Standard Error: cp: cannot create regular file `/etc/opt/microsoft/scx/ssl/scx.pem’: Permission denied Exception Message:

  13. Anonymous says:

    I’m not a Linux guy…know very little but was able to pretty quickly get a CentOS 6.5 VM managed

  14. Anonymous says:

    Pingback from SCOM QUICK Install |

  15. Kara says:

    Hello!! This process works for more than 70 linux servers?
    Do i need a Gateway server?

    I have one management server in my infraestructure!!

  16. Anonymous says:

    Java Application Server management with System Center Operations Manager has been available since 2010

  17. Mahesh Adate says:

    Thanks for the article. I am facing issue after adding the server into console. Until direct root login is enabled all the services are showing perfect in the scom 2012 R2 console.However, few services are failing after disabling direct root login.I have
    set up monitoring account with user having sudo privileges but no luck. Please suggest.

  18. Anonymous says:

    This blog is a continuation of “Managing JBoss Application Server 7 with System Center Operations

  19. Vicki says:

    I followed the instructions exactly, but at the step: "Discover and deploy the agents" when I hit discover, I got: "Data at the root level is invalid.Line 2, position 1"
    This is scom 2012, with the required linux/unix MPs installed. Has anyone else seen this? If so how did you deal with it?

  20. Anonymous says:

    At Microsoft Ignite we announced the public availability of preview OSS Management Packs for System Center

  21. sam says:

    What is the difference between monitoring windows machines and monitoring linux#unix pr any other cross plat machines using scom ?
    Apart from the configuring steps that are mentioned by @Kevin.
    I would like to know the difference with respect to workflows and other stuff which runs @ the background ?

  22. Anonymous says:

    Two weeks ago we released a walkthrough of managing Apache HTTP Server with System Center 2016 Technical

  23. Otavio says:

    Instructions at the end of this link was very helpful too:
    Deploying the System Center Operations Manager Linux Agent fails with "The certificate Common Name (CN) does not match"

  24. Mac says:

    Hi Does anyone have the resolution about this error:

    Failed to sign kit. Exit code: 1

    Standard Output: Failed to start child process ‘/sbin/init.d/scx-cimd’ errno=13


  25. Cho says:

    The WinRM client cannot process the request.

    The authentication mechanism requested by the client is not supported by the server or unencrypted traffic is disabled in the service configuration.

    Verify the unencrypted traffic setting in the service configuration or specify one of the authentication mechanisms supported by the server.

    To use Kerberos, specify the computer name as the remote destination.
    Also verify that the client computer and the destination computer are joined to a domain.

    To use Basic, specify the computer name as the remote destination, specify Basic authentication and provide user name and password.

    Possible authentication mechanisms reported by server:

  26. Karthik says:

    I was trying to findout the agent name for scom in my AIX 7.1 server. Thanks to your last statement in this blog – I found the agent name to be scx !
    To check if scom agent is installed on AIX :
    root@euraix:/root> lslpp -l | grep -i scx
    scx.rte COMMITTED Microsoft System Center 2012

  27. Minal says:

    We have added Linux servers in school 2012 monitoring. But we are not able to generate reports for them. Can you please help?

  28. Gautam R says:

    Hi Kevin,

    I have Red hat Linux 7.3 i have imported the newer MP released for this on Jan 3rd or 4th 2017. It seems i am having trouble with firewall ports.

    When i turn off the firewall on the Unix machine the discovery wizard is able to discover the unix machine, When it is turned on on the Unix machine the discovery fails saying unreachable.

    I use Netmon to see what ports it is using to connect to the Unix machine and it seemed that it is using TCP 1270 and i verified that this is the SCOM Port from Wikipedia. is the IP of the redhat 7.3 Linux machine.

    I allowed both TCP & UDP port 1270 but still the discovery fails and in the Net mon i see this error:
    Destination Unreachable Message, Destination host is administratively prohibited,

    Frame: Number = 1688, Captured Frame Length = 94, MediaType = ETHERNET
    + Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[00-15-5D-5A-D8-0D],SourceAddress:[00-15-5D-5A-D8-18]
    + Ipv4: Src =, Dest =, Next Protocol = ICMP, Packet ID = 23333, Total IP Length = 80
    + Icmp: Destination Unreachable Message, Destination host is administratively prohibited,

    Any idea if you have seen this ?

    1. Kevin Holman says:

      TCP 1270 is used for monitoring, and the final step in discovery process.

      Discovery uses TCP 22 (SSH) to discover, deploy the agent, copy and sign the certificates.

      1. Gautam says:

        Hi Kevin,

        Thanks for the reply.

        It seems i was using the wrong commandlets to allow the firewall ports for the Unix agent.

        I used the below command in the Red Hat 7.3 server to open the ports and now it works. The ssh port was already opened.
        iptables -I INPUT 1 -p tcp -s –dport 1270 -m state –state NEW,ESTABLISHED -j ACCEPT

  29. Hello Kevin;
    Thanks for such detailed document, for new-bee like me it is time saver. I configured my environment for Linux monitoring with this.
    But I am facing challenge for discovering Linux agent via Gateway servers. I have below set up-
    2x management server in domain A
    2x gateway server in domain B.
    I am able to discover linux server without any issue via MS in Domain A. But faced challenge while discovering in Domain B via Gateway servers.
    I have created dedicated resource pool ( of gateway servers) for Linux servers in domain B and tried to discover but discovery took long time and no specific
    error generated. So it is very difficult to troubleshoot the issue. hence seek your help here.

  30. TechnicalSeeker says:


    Nice post.
    I have some questions though.
    So during the agent installation, the account used to install the agent is responsible for Agent discovery, is it right? then why do we need run as accounts, it is for what purpose and what happens if it is not there, does it affect Linux server monitoring?

  31. Pragmatic Tornado says:

    Very helpful guide, thanks. Encountered some problems, but managed to solve them along with our resident Unix expert. Took about 3 hours before I got it to work (with 3 run as accounts, not just 1). Rest should be relatively smooth sailing if I’m going to roll it out into our production environment.

  32. Lucky Zhang says:

    May I ask where did the exported certificate locate in after imported to anther SCOM management server?
    Where can we find the imported certificate from another management server?

    1. Kevin Holman says:

      In the default WIndows Certificate store, under Trusted Root certificate authorities, you will see “SCX-Certificate” for each management server.

  33. Murad A. says:

    Hi Kevin, just wondering if you have recently (this week or so) tried running a Linux/Unix discovery on SCOM 2016 Management Group? Today I had to push/install an agent to one of my Linux (Ubuntu) VM but as soon as I click on “Discover” of course after providing all the account info etc., the discovery console is just stuck and the SCOM console stops responding. Have you heard of any known issues with deploying to Linux using SCOM 2016 recently?

Comments are closed.

Skip to main content