[Last Call] Learn how to a build a cloud-first strategyRegister Now


Agent install in MOM2005

Posted on 2004-11-10
Medium Priority
Last Modified: 2008-02-01

Have been trying to implement MOM 2005. I am unable to install agent on a machine that is beyond a firewall with MOMagent.msi. I get an error saying 'Unable to connect to the server'. However if i try installing agent from setup.exe and then select MOM Agent Install tab and follow the wizard after clicking the agent install link, the agent does get installed but shows up as unmanaged!
But any agent install with MOMagent.msi in the same dmz works just fine and shows up as managed.
Can anybody tell me why?
Question by:dowhatnow
  • 5
  • 4
LVL 51

Expert Comment

ID: 12550902
I think I understand you, so here it goes..

Any server you wish to manage that is inside a firewall must have the agent installed manually from either a TS admin session or directly at the console.

Once the agent is installed is should communicate with the DCAM fine as long as you can resolve the DCAM's name from the managed server, there is nothing blocking the communication and there is a form of Trust existing (since MOM 2005 agent uses mutual authentication).


Author Comment

ID: 12553143

I have been trying to install the agent manually through a TS admin session, but like I said before, beyond a dmz, it cannot find the server if I use MOMAgent.msi . I have to go through the setup.exe and click on the link which actually calls MOMAgent.msi . It works the long way but not the direct way. Why cant i use MOMAgent.msi in a different dmz. Also , to get a heartbeat from the agent, is it necessary to open UDP 1270 port? I do have TCP 1270 open.
LVL 51

Expert Comment

ID: 12555392
Can you ping the DCAM from the server you are trying to install the agent on?

You must be able to resolve the DCAM computername either by NetBIOS or FQDN or the agent won't be able to find it.

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 12557699
Hey, thanks for the quick replies!. But I am afraid that the issue is still not clearly understood. Let me make it very clear. Yes, I am able to resolve the MOM server computer name. My agent does get installed but ONLY through setup.exe. However after getting installed, i dont get any heartbeat from the agent. Do i need UDP 1270 open?
I also would like to tell you that now the agent shows up as 'managed'. I just deleted the present entry and reinstalled agent again.
Also, plz clarify if DCAM in MOM 2000 is the same as my MOM 2005 server. I am sorry if this question sounds stupid, but I am fairly new to MOM.
LVL 51

Accepted Solution

Netman66 earned 250 total points
ID: 12561419
Yes, DCAM is the Collection Agent Manager - the same as your 2005 server.

Here is a Firewall chart from the doc set:

Using MOM with Firewalls

Your IT environment might use firewalls that separate MOM computers. Depending on your topology, this separation might present an issue. Table 6 shows when using a firewall between MOM 2005 computers is supported and when it is not.

Table 9 - Firewall Compatibility with MOM 2005
Connection                                                                             Firewall                                     Port, Protocol, or Remark

Management Server – Agentless                                                 NO                                    RPC port (TCP 135) and DCOM port range

Management Server – Administrator console                               NO                                     RPC port (TCP 135) and DCOM port range

Management Server – Operator console                                      NO                                    RPC port (TCP 135) and DCOM port range

Management Server – Agent                                                      OK                                    TCP/UDP port 1270 (see note 1)

Management Server – MOM Database                                         OK                                    OLEDB Tunneling, port 1433 (see note 2)

Reporting Database – MOM Database                                          NO                                    DTS port (TCP 1433)

Reporting Database – Reporting console                                      OK                                    HTTP port 80

Management Server – Web console                                            OK                                    TCP port 1272

MMPC – MMPC                                                                          OK                                    TCP port 1271

Management group – Management group                                    OK                                    Use MOM to MOM Product Connector

OK – using a firewall with this connection is supported
NO – using a firewall with this connection is not supported

1 - Agent Management Tasks will not work properly without the DCOM port range being opened.
2 - User configurable.

So, yes, port 1270 TCP & UDP are to be opened both ways between the managed server and the Collection Manager.  Make sure this is done via a firewall rule or ACL on the router - you only want to allow traffic between your two specific hosts, otherwise you open up a port to the world.

I had to think a bit about this and realized that all of our clients have two VPN tunnels to us so that's why I never had to deal with ports before.  If it's possible, you may want to entertain this idea since it's more secure.


Author Comment

ID: 12563714

That is some useful info. Well, checking these ports is gonna take time. So i will get back to you on mon/tue. Let me get all the approvals to open ports which are necessary and see what happens.
VPN would not be feasible in our IT environment now so I have to deal with the firewalls here.
LVL 51

Expert Comment

ID: 12565245
Good stuff.

I think, just for management purposes that port 1270 TCP/UDP both directions is all you will need.

Let us know how you make out.

Author Comment

ID: 12607089

looks like opening the port is gonna take time..i dont want to keep u in the dark for all that time!
Looks like tht is the only thing left out n it shud work thereafter..so i wud like to close the question.
Also, would appreciate if u cud provide any handy tips Thanks a lot!!!!
LVL 51

Expert Comment

ID: 12609334
No problem.  What tips would you like?  There isn't much to all this - it either works or it doesn't!  Just keep your MOM DB size down.  Run a pruning job every week - either archive or delete the old info.

Let me know what else you might want.


Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question