BRONZE PARTNER:
BRONZE PARTNER:
Industry News:
| |
| |
|
|
|
|
|
| MOM 2005 Agent on a DMZ Host |
|
|
|
By: Scott Moss
Posted On: 5/30/2007
MOM 2005 Agent on a DMZ Host
The KB below is packed with information and trouble shooting steps.
The majority of the problems I've encountered are usually related to, Naming resolution and firewall ports.
Microsoft KB article How to install and manage Microsoft Operations
Manager 2005 agent computers that are behind a firewall or in an untrusted domain
http://support.microsoft.com/kb/904866
Requirements for MOM agents that are behind a firewall
The following ports must be open TCP port 1270 and UDP port 1270, and it must be bi-directional.
Also note that the agent must be manually installed on the DMZ host, and updates must be manually applied too.
The following should be done prior to manually installing the agent on the DMZ host if you're providing your own host name resolution.
1. Use the host file on mom server to resolve the fqdn name of the DMZ host.
2. Use the host file on the agent computer to resolve the fqdn name(s) of the MOM Server(s).
3. After modifying and saving the changes to the host file, open a command prompt and run the following command nbtstat -RR.
4. To verify that the proper ports are opened up on the firewall, from the MOM 2005
Resource Kit use the MOM Remote Pre-requisite Checker, from the Management Server.
Use the computer name that was added to the host file, to run the diagnostic. The tool runs 14 different tests trying to access the computer that was specified. The Channel test is the one that needs to be passed in order for the MOM agent to function properly.
A problem that I've run into more than once
A DMZ host does not ever send a heartbeat, or the heartbeat stops updating information to Management server.
This is usually a problem with UDP port 1270 going from the DMZ agent to the Management Server.
Visit my blog
http://myitforum.com/cs2/blogs/smoss/default.aspx
|
|
|
|
|
|
