0

I'm trying to run the Discovery Wizard in SCOM 2016 against a few MS SQL servers, so the Health agent can be pushed to the remote computers.

I've found documentation stating that the following ports should be open: 135, 137, 139, 445, and 5723.

At the SCOM management server, I probed those ports on a SQL server already being monitored (added by the previous admin); PowerShell's Test-NetConnection cmdlet returned 'False' for each.

I'm perplexed as to how the previous admin successfully ran the Discovery Wizard against the other SQL servers. Having a list of all ports to open would lead to just a single request to the firewall management team. Is there a complete list?

32767
  • 5
  • 1
  • 5
  • The SCOM agent can be installed manually, you don't need to use the Discovery Wizard. If there was no connectivity between the Management Server and the monitored servers, this is probably how it has been done. – Massimo Jun 24 '20 at 13:58
  • Hmm. Was hoping to find a way to let SCOM push the install. This time, it's only 4 servers, but next week, there may be many more. Thanks for the answer though. – 32767 Jun 25 '20 at 17:38
  • Have the firewall managers open the ports, then. – Massimo Jun 25 '20 at 18:16
  • `I probed those ports on a SQL server already being monitored (added by the previous admin); PowerShell's Test-NetConnection cmdlet returned 'False' for each.` Are you sure there isn't a SCOM Gateway? – Greg Askew Jun 25 '20 at 18:30
  • @GregAskew, right now there's only one Management Server on the network (no gateways) – 32767 Jun 25 '20 at 19:14

1 Answers1

0

This is the official documentation about SCOM 2016 and firewall ports: https://docs.microsoft.com/en-us/system-center/scom/plan-security-config-firewall?view=sc-om-2016.

For agent push installation, you need the following ports to be open between the Management Server and the servers to manage (also between the Management Servers and Domain Controllers):

  • TCP 5723
  • TCP 135
  • UDP 137
  • UDP 138
  • TCP 139
  • TCP 445
  • TCP 49152-65535 (full range)

If the ports are not currently open, this means the SCOM agents have not been installed using push installation; they probably have been installed manually.

Massimo
  • 70,200
  • 57
  • 200
  • 323