Agent install in MOM2005


Have been trying to implement MOM 2005. I am unable to install agent on a machine that is beyond a firewall with MOMagent.msi. I get an error saying 'Unable to connect to the server'. However if i try installing agent from setup.exe and then select MOM Agent Install tab and follow the wizard after clicking the agent install link, the agent does get installed but shows up as unmanaged!
But any agent install with MOMagent.msi in the same dmz works just fine and shows up as managed.
Can anybody tell me why?
dowhatnowAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Netman66Commented:
I think I understand you, so here it goes..

Any server you wish to manage that is inside a firewall must have the agent installed manually from either a TS admin session or directly at the console.

Once the agent is installed is should communicate with the DCAM fine as long as you can resolve the DCAM's name from the managed server, there is nothing blocking the communication and there is a form of Trust existing (since MOM 2005 agent uses mutual authentication).

0
dowhatnowAuthor Commented:

I have been trying to install the agent manually through a TS admin session, but like I said before, beyond a dmz, it cannot find the server if I use MOMAgent.msi . I have to go through the setup.exe and click on the link which actually calls MOMAgent.msi . It works the long way but not the direct way. Why cant i use MOMAgent.msi in a different dmz. Also , to get a heartbeat from the agent, is it necessary to open UDP 1270 port? I do have TCP 1270 open.
0
Netman66Commented:
Can you ping the DCAM from the server you are trying to install the agent on?

You must be able to resolve the DCAM computername either by NetBIOS or FQDN or the agent won't be able to find it.

0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

dowhatnowAuthor Commented:
Hey, thanks for the quick replies!. But I am afraid that the issue is still not clearly understood. Let me make it very clear. Yes, I am able to resolve the MOM server computer name. My agent does get installed but ONLY through setup.exe. However after getting installed, i dont get any heartbeat from the agent. Do i need UDP 1270 open?
I also would like to tell you that now the agent shows up as 'managed'. I just deleted the present entry and reinstalled agent again.
Also, plz clarify if DCAM in MOM 2000 is the same as my MOM 2005 server. I am sorry if this question sounds stupid, but I am fairly new to MOM.
0
Netman66Commented:
Yes, DCAM is the Collection Agent Manager - the same as your 2005 server.

Here is a Firewall chart from the doc set:

Using MOM with Firewalls

Your IT environment might use firewalls that separate MOM computers. Depending on your topology, this separation might present an issue. Table 6 shows when using a firewall between MOM 2005 computers is supported and when it is not.

Table 9 - Firewall Compatibility with MOM 2005
Connection                                                                             Firewall                                     Port, Protocol, or Remark

Management Server – Agentless                                                 NO                                    RPC port (TCP 135) and DCOM port range

Management Server – Administrator console                               NO                                     RPC port (TCP 135) and DCOM port range

Management Server – Operator console                                      NO                                    RPC port (TCP 135) and DCOM port range

Management Server – Agent                                                      OK                                    TCP/UDP port 1270 (see note 1)

Management Server – MOM Database                                         OK                                    OLEDB Tunneling, port 1433 (see note 2)

Reporting Database – MOM Database                                          NO                                    DTS port (TCP 1433)

Reporting Database – Reporting console                                      OK                                    HTTP port 80

Management Server – Web console                                            OK                                    TCP port 1272

MMPC – MMPC                                                                          OK                                    TCP port 1271

Management group – Management group                                    OK                                    Use MOM to MOM Product Connector


OK – using a firewall with this connection is supported
NO – using a firewall with this connection is not supported

1 - Agent Management Tasks will not work properly without the DCOM port range being opened.
2 - User configurable.

So, yes, port 1270 TCP & UDP are to be opened both ways between the managed server and the Collection Manager.  Make sure this is done via a firewall rule or ACL on the router - you only want to allow traffic between your two specific hosts, otherwise you open up a port to the world.

I had to think a bit about this and realized that all of our clients have two VPN tunnels to us so that's why I never had to deal with ports before.  If it's possible, you may want to entertain this idea since it's more secure.

Advise.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dowhatnowAuthor Commented:


Hey!
That is some useful info. Well, checking these ports is gonna take time. So i will get back to you on mon/tue. Let me get all the approvals to open ports which are necessary and see what happens.
VPN would not be feasible in our IT environment now so I have to deal with the firewalls here.
0
Netman66Commented:
Good stuff.

I think, just for management purposes that port 1270 TCP/UDP both directions is all you will need.

Let us know how you make out.
0
dowhatnowAuthor Commented:

Hey!..
looks like opening the port is gonna take time..i dont want to keep u in the dark for all that time!
Looks like tht is the only thing left out n it shud work thereafter..so i wud like to close the question.
Also, would appreciate if u cud provide any handy tips Thanks a lot!!!!
0
Netman66Commented:
No problem.  What tips would you like?  There isn't much to all this - it either works or it doesn't!  Just keep your MOM DB size down.  Run a pruning job every week - either archive or delete the old info.

Let me know what else you might want.

Cheers.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.