How to determine if your agents are firewalled from specific Management Servers


 

Had an interesting request -

Customer is migrating agents from a complex environment into new management groups.  Before they did this – they wanted to ensure that agents were not firewalled off from the new management servers.  This can be a monumental task in large environments, especially with unique gateway and firewall deployments.

 

I have added a discovery which will handle this scenario to the SCOM.Management MP available here:

https://blogs.technet.microsoft.com/kevinholman/2017/05/09/agent-management-pack-making-a-scom-admins-life-a-little-easier/

 

In the SCOM.Management.Agent.Class.PowerShell.Properties.Discovery.ps1 script, you can configure which parents you’d like to see tested:

 

# Constants section - modify stuff here: #================================================================================= # Assign script name variable for use in event logging $ScriptName = "SCOM.Management.Agent.Class.PowerShell.Properties.Discovery.ps1" $EventID = "1006" #SCOM Management Servers or Gateways that we wish to test the port availability to using FQDN seperated by a comma such as "scom1.opsmgr.net","scom2.opsmgr.net","scom3.opsmgr.net" [array]$Parents = "scom1.opsmgr.net","scom2.opsmgr.net","scom3.opsmgr.net" #=================================================================================

 

This will do a port check on 5723 from the agent to each management server or gateway in this list, and report back in a class property, and another property to gather the IP address of the agent, to make quick work of new firewall requests you might have to make:

 

image

 

I have also updated the MP to support agent and server versions for SCOM 2016 UR6, SCOM 1801 and 1807.

 

https://blogs.technet.microsoft.com/kevinholman/2017/05/09/agent-management-pack-making-a-scom-admins-life-a-little-easier/


Comments (1)

  1. They can download the firewall from the internet, as i do.

Skip to main content