How to get an AD integrated SCOM agent to connect to the correct management server?

What if you have an ad integrated SCOM agent, that has received the AD policy correctly but still tries to connect to the old management server?

How can this happen?

During the upgrade of SCOM 2007 R2 to SCOM 2012 it can be that you need to move your agents to other Management servers, because the old ones do not  meet the requirements. So you change your agent assignement settings, but not all agents fall over to the new servers. Why?

It could be that the ports are not opened correctly if they are behind a firewall. Example: the new management servers were added to the rules, but the old ones got removed also. So the agent cannot connect to the old servers anymore. In our scenario I saw that the AD cache entries in the registry were not updated correctly after the upgrade to 2012. So I had to change that manually to connect to the new management servers.

Scenario:

Management Group: XY
Old management servers: OldMS1.abc.de, OldMS2.abc.de (still on SCOM 2007R2)
New management servers: NewMS1.abc.de, NewMS2.abc.de (SCOM 2012)

You will see the following error in the OpsManager event log of the agent, because it tries to connect to old management servers which are not part of the 2012 environment anymore:

Event Type: Error
Event Source: OpsMgr Connector
Event ID: 21006
Description:
The OpsMgr Connector could not connect to OldMS1.abc.de:5723.  The error code is 10061L(No connection could be made because the target machine actively refused it.).  Please verify there is network connectivity, the server is running and has registered it’s listening port, and there are no firewalls blocking traffic to the destination.

How to solve that?

First step is to stop the “System Center Management” service (Healthservice).

Then open up the Registry through regedit.exe and change the entries in the following keys:

HKLM\Software\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\XY\AD Cache\Primary SCP Info\Service DNS Name

Old entry: OldMS1.abc.de
New entry: NewMS1.abc.ad

HKLM\Software\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\XY\AD Cache\Secondary SCP Info Root\Secondary SCP Info 1\Service DNS Name

Old entry: OldMS2.abc.de
New entry: NewMS2.abc.ad

HKLM\Software\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\XY\Parent Health Service\AuthenticationName

Old entry: OldMS1.abc.de
New entry: NewMS1.abc.ad

HKLM\Software\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\XY\Parent Health Service\NetworkName

Old entry: OldMS1.abc.de
New entry: NewMS1.abc.ad

Now you can start the “System Center Management” service (Healthservice) again.

The agent should now fail over to the new management servers.

Advertisements
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: