Microsoft KB Archive/885726

From BetaArchive Wiki

Article ID: 885726

Article Last Modified on 9/27/2007


APPLIES TO

  • Microsoft Operations Manager (MOM) 2005


Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect your system.

Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry


SYMPTOMS

When you use the Install/Uninstall Agents Wizard to try to install an agent on a computer that is running Microsoft Windows XP with Service Pack 2 (SP2) or Microsoft Windows Server 2003 with Service Pack 1 (SP1), you receive the following error message in the Microsoft Operations Manager (MOM) 2005 Task Progress dialog box:

Computer Management Task Summary:
1 Agent install(s) failed.

If you click Details, you receive information that is similar to one of the following messages, where ComputerName is the name of the destination computer, and ServerName is the name of the MOM server computer:

The MOM Server failed to perform specified operation on computer "ComputerName". Error Code: -2147023174 Error Description: The RPC server is unavailable.

The MOM Server failed to install agent on remote computer ComputerName.

Error Code: -2147467259
Error Description: The agent could not connect to the MOM Server ServerName. The error reported is 'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.'. Verify the management group name is correct, the MOM Server is running, that it is listening on port 1270, and that any firewalls between this agent and the MOM server are configured to pass TCP and UDP traffic on port 1270.
Microsoft Installer Error Description: No Description Available

One of the following events appears in the application event log on the MOM server: Source: Microsoft Operations Manager
Type: Error
Event ID: 21032

Description:
The MOM Server failed to open service control manager on computer "ComputerName". Therefore, the MOM Server can not complete configuration of agent on the computer.

Error Code: 1722
Error Description: The RPC server is unavailable.

Source: Microsoft Operations Manager
Type: Error
Event ID: 21083

Description:
The MOM Server failed to install agent on remote computer ComputerName.

Error Code: -2147467259
Error Description: The agent could not connect to the MOM Server ServerName. The error reported is 'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.'. Verify the management group name is correct, the MOM Server is running, that it is listening on port 1270, and that any firewalls between this agent and the MOM server are configured to pass TCP and UDP traffic on port 1270.
Microsoft Installer Error Description: No Description Available

Additionally, the following event is logged in the application event log on computers where the MOM agent is running: Source: Microsoft Operations Manager
Type: Error
Event ID: 26009

Description:
The agent could not connect to the MOM Server ServerName. The error reported is 'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.'. Verify the management group name is correct, the MOM Server is running, that it is listening on port 1270, and that any firewalls between this agent and the MOM server are configured to pass TCP and UDP traffic on port 1270.

This issue may also occur during an automatic push installation of the MOM agent.

CAUSE

This issue can occur if Windows Firewall is running on the destination computer or on the MOM server computer. If Windows Firewall is running on a MOM server computer, MOM agents cannot communicate with the MOM Server. If Windows Firewall is running on a destination computer, or a potential MOM agent, the MOM server cannot perform a push installation of the agent.

By default, Windows XP with SP2 turns on Windows Firewall. By default, Windows Firewall is not turned on in Windows Server 2003 with SP1.

Troubleshooting

You can use the MOM Remote Prerequisite Checker (MOMNetChk.exe) utility in the Microsoft Operations Manager Resource Kit to scan a computer for the status of the ports that the MOM service and related services use. To obtain the MOM Resource Kit, visit the following Microsoft Web site:

http://technet.microsoft.com/en-us/opsmgr/bb498240.aspx


The MOM Remote Prerequisite Checker conducts a series of connectivity tests. These tests include a ping test and a test for DNS connectivity. The utility also provides information about the status of services that the MOM service depends on. This information can appear in a report window or be saved in the Momscan.log file.

To use the MOM Remote Prerequisite Checker, start MOMNetChk.exe, enter the computer name, and then click Run Scan. If you want to save the results to a log file, click Save to Log File, and then specify the location of the file. To view the results of the tests that were run, expand the nodes in the left pane of the utility window.

Note The MOMNetChk.exe utility tests the status of required network and service components. It does not report specific errors.

WORKAROUND

Warning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

To work around this issue, manually install the agent, or configure Windows Firewall to let the MOM 2005 server communicate with the agent computer.

Manually install the agent

To manually install the agent, follow these steps:

  1. On the destination agent computer, run the Setup program from the MOM 2005 installation CD.
  2. In the Microsoft Operations Manager 2005 Setup Resources dialog box, click the Manual Agent Install tab.
  3. Click Install Microsoft Operations Manager 2005 Agent, and then follow the prompts to manually install the agent.

Configure Windows Firewall

Important These steps may increase your security risk. These steps may also make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to, or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you choose to implement this process, take any appropriate additional steps to help protect your system. We recommend that you use this process only if you really require this process.

To configure the Windows Firewall to let the MOM 2005 server communicate with the agent computer, you must open ports and then enable a program.

On computers that are running Windows Server 2003 with SP1, we recommend that you use the new Security Configuration Wizard to configure Windows Firewall for MOM 2005.

Open ports

To open the ports when Windows Firewall is running on the MOM server, follow these steps:

  1. Click Start, point to Control Panel, right-click Network Connections, and then click Open.
  2. Right-click your local area connection, and then click Properties.
  3. On the Advanced tab, click Settings.
  4. On the Services tab, click Add.
  5. In the Description of service box, type MOM 2005 TCP.
  6. In the next box, specify the computer name or the IP address of the MOM server.
  7. In the External Port number for this service box, type 1270.
  8. In the Internal Port number for this service box, type 1270.
  9. Click TCP, and then click OK.
  10. On the Services tab, click Add.
  11. In the Description of service box, type MOM 2005 UDP.
  12. In the next box, specify the computer name or the IP address of the MOM server.
  13. In the External Port number for this service box, type 1270.
  14. In the Internal Port number for this service box, type 1270.
  15. Click UDP, and then click OK.
  16. Click OK two times.

Open ports and enable a program

To open the ports, and to enable a program when Windows Firewall is running on the destination agent computer, follow these steps:

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

  1. Click Start, point to Control Panel, right-click Network Connections, and then click Open.
  2. Right-click your local area connection, and then click Properties.
  3. On the Advanced tab, click Settings.
  4. On the Services tab, click Add.
  5. In the Description of service box, type RPC.
  6. In the next box, specify the computer name or the IP address of the MOM server.
  7. In the External Port number for this service box, type 135.
  8. In the Internal Port number for this service text box, type 135.
  9. Click TCP, and then click OK.
  10. On the Services tab, click Add.
  11. In the Description of service box, type SMB over TCP.
  12. In the next box, specify the computer name or the IP address of the destination agent computer.
  13. In the External Port number for this service box, type 445.
  14. In the Internal Port number for this service box, type 445.
  15. Click TCP, and then click OK.
  16. Click OK two times.
  17. Click Start, click Run, type regedit, and then click OK.
  18. Expand the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List sub key.
  19. Right-click List, point to New, and then click String Value.
  20. Type %systemdrive%\A286B00A-C3DE-414F-A96A-2BD238948D88\MsMgmtAuxiliary.exe as the name of the new string value, and then press ENTER.
  21. Double-click the %systemdrive%\A286B00A-C3DE-414F-A96A-2BD238948D88\MsMgmtAuxiliary.exe value, type %systemdrive%\A286B00A-C3DE-414F-A96A-2BD238948D88\MsMgmtAuxiliary.exe:*:Enabled:MOM 2005 MsMgmtAuxiliary in the Value data box, and then click OK.
  22. Close Registry Editor.

On computers that are running Windows XP with SP2, you must modify the registry to enable a program in Windows Firewall.

If the MOM server computer and the MOM agent computer are not on the same subnet, you must configure the Scope setting for each exception to Any computer. If the MOM server computer and the MOM agent computer are not on the same subnet, and the Scope setting is set to Subnet only, Windows Firewall will block communication. If all the MOM components are on the same subnet, restrict network access even more by configuring the Scope setting to Subnet only to additionally restrict network access.

Keywords: kbopmaninterop kbopmaninstall kbopmandeploy kbtshoot kbinfo kbregistry kbclient kbeventlog kbevent kberrmsg kbfirewall kbsetup kbinterop kbsecurity KB885726



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/885726&oldid=209816
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki