What if you have an ad integrated SCOM agent, that has received the AD policy correctly but still tries to connect to the old management server?
How can this happen?
During the upgrade of SCOM 2007 R2 to SCOM 2012 it can be that you need to move your agents to other Management servers, because the old ones do not meet the requirements. So you change your agent assignement settings, but not all agents fall over to the new servers. Why?
It could be that the ports are not opened correctly if they are behind a firewall. Example: the new management servers were added to the rules, but the old ones got removed also. So the agent cannot connect to the old servers anymore. In our scenario I saw that the AD cache entries in the registry were not updated correctly after the upgrade to 2012. So I had to change that manually to connect to the new management servers.
Scenario:
Management Group: XY
Old management servers: OldMS1.abc.de, OldMS2.abc.de (still on SCOM 2007R2)
New management servers: NewMS1.abc.de, NewMS2.abc.de (SCOM 2012)
You will see the following error in the OpsManager event log of the agent, because it tries to connect to old management servers which are not part of the 2012 environment anymore:
Event Type: Error
Event Source: OpsMgr Connector
Event ID: 21006
Description:
The OpsMgr Connector could not connect to OldMS1.abc.de:5723. The error code is 10061L(No connection could be made because the target machine actively refused it.). Please verify there is network connectivity, the server is running and has registered it’s listening port, and there are no firewalls blocking traffic to the destination.
How to solve that?
First step is to stop the “System Center Management” service (Healthservice).
Then open up the Registry through regedit.exe and change the entries in the following keys:
HKLM\Software\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\XY\AD Cache\Primary SCP Info\Service DNS Name
Old entry: OldMS1.abc.de
New entry: NewMS1.abc.ad
HKLM\Software\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\XY\AD Cache\Secondary SCP Info Root\Secondary SCP Info 1\Service DNS Name
Old entry: OldMS2.abc.de
New entry: NewMS2.abc.ad
HKLM\Software\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\XY\Parent Health Service\AuthenticationName
Old entry: OldMS1.abc.de
New entry: NewMS1.abc.ad
HKLM\Software\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\XY\Parent Health Service\NetworkName
Old entry: OldMS1.abc.de
New entry: NewMS1.abc.ad
Now you can start the “System Center Management” service (Healthservice) again.
The agent should now fail over to the new management servers.