How to determine if your agents are firewalled from specific Management Servers


Had an interesting request -

Customer is migrating agents from a complex environment into new management groups.  Before they did this – they wanted to ensure that agents were not firewalled off from the new management servers.  This can be a monumental task in large environments, especially with unique gateway and firewall deployments.


I have added a discovery which will handle this scenario to the SCOM.Management MP available here:


In the SCOM.Management.Agent.Class.PowerShell.Properties.Discovery.ps1 script, you can configure which parents you’d like to see tested:


# Constants section - modify stuff here: #================================================================================= # Assign script name variable for use in event logging $ScriptName = "SCOM.Management.Agent.Class.PowerShell.Properties.Discovery.ps1" $EventID = "1006" #SCOM Management Servers or Gateways that we wish to test the port availability to using FQDN seperated by a comma such as "","","" [array]$Parents = "","","" #=================================================================================


This will do a port check on 5723 from the agent to each management server or gateway in this list, and report back in a class property, and another property to gather the IP address of the agent, to make quick work of new firewall requests you might have to make:




I have also updated the MP to support agent and server versions for SCOM 2016 UR6, SCOM 1801 and 1807.

Comments (1)

  1. They can download the firewall from the internet, as i do.

Skip to main content