Tuesday, 17 December 2013
Configuring SCOM 2007 agent in a workgroup (on a Lync edge server)
Here are some interesting bits on fixing the issues related to setting up communication between an agent on a Lync edge server in a workgroup and a domain-based SCOM server.
Computer name vs full computer name
Configuration of a Lync edge server includes setting up the primary DNS suffix, as explained here:
After configuring the DNS suffix add routes to Edge server. Tab to change the computer name click Change, in Full computer name click More and add Primary DNS suffix of this computer: the suffix of the Active Directory Domain Services.
This adds the suffix to the computer name and forms the full computer name that looks like an FQDN. This FQDN-like name has to be used as a common name of the server when creating a certificate that will be used for communication with SCOM.
No primary DNS suffix in the CN of the certificate:
Log Name: Operations Manager
Source: OpsMgr Connector
Event ID: 21007
Task Category: None
Level: Error
Keywords: Classic
Computer: Lync-edge.domain.com
Description:
The OpsMgr Connector cannot create a mutually authenticated connection to SCOM-server.domain.com because it is not in a trusted domain.
Log Name: Operations Manager
Source: OpsMgr Connector
Event ID: 21016
Task Category: None
Level: Error
Keywords: Classic
Computer: Lync-edge.domain.com
Description:
OpsMgr was unable to set up a communications channel to SCOM-server.domain.com and there are no failover hosts. Communication will resume when SCOM-server.domain.com is available and communication from this computer is allowed.
Log Name: Operations Manager
Source: OpsMgr Connector
Event ID: 21021
Task Category: None
Level: Error
Keywords: Classic
Computer: Lync-edge.domain.com
Description:
No certificate could be loaded or created. This Health Service will not be able to communicate with other health services. Look for previous events in the event log for more detail.
Log Name: Operations Manager
Source: OpsMgr Connector
Event ID: 20052
Task Category: None
Level: Error
Keywords: Classic
Computer: Lync-edge.domain.com
Description:
The specified certificate could not be loaded because the Subject name on the certificate does not match the local computer name
Certificate Subject Name : Lync-edge
Computer Name : Lync-edge.domain.com
In CA server, create and import a new certificate. Set the 'Subject name' to CN=computername.domain.com, and the 'Friendly name' to computername.domain.com.
A certificate is required for both SCOM server and a non-domain member, and it needs to be imported with MOMCertImport.exe /SubjectName <FQDN> on both sides.
Step by Step for using Certificates to communicate between agents and the OpsMgr 2007 server
If the certs are okay, but the new agent has not been approved in SCOM:
Log Name: Operations Manager
Source: OpsMgr Connector
Date: 16/12/2013 11:37:52 AM
Event ID: 20070
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Lync-edge.domain.com
Description:
The OpsMgr Connector connected to SCOM-server.domain.com, but the connection was closed immediately after authentication occurred. The most likely cause of this error is that the agent is not authorized to communicate with the server, or the server has not received configuration. Check the event log on the server for the presence of 20000 events, indicating that agents which are not approved are attempting to connect.
Log Name: Operations Manager
Source: OpsMgr Connector
Event ID: 21016
Task Category: None
Level: Error
Keywords: Classic
Computer: Lync-edge.domain.com
Description:
OpsMgr was unable to set up a communications channel to SCOM-server.domain.com and there are no failover hosts. Communication will resume when SCOM-server.domain.com is available and communication from this computer is allowed.
Approve the new agent in SCOM.
Step by Step for using Certificates to communicate between agents and the OpsMgr 2007 server
If the new agent's host is missing the root certificate:
Log Name: Operations Manager
Source: OpsMgr Connector
Event ID: 20067
Task Category: None
Level: Warning
Keywords: Classic
Computer: Lync-edge.domain.com
Description:
A device at IP x.x.x.x:5723 attempted to connect but the certificate presented by the device was invalid. The connection from the device has been rejected. The failure code on the certificate was 0x800B010A (A certificate chain could not be built to a trusted root authority.).
Import the root cert at the workgroup computer.
Step by Step for using Certificates to communicate between agents and the OpsMgr 2007 server
If the AD integration option is on (on the agent's host):
Log Name: Operations Manager
Source: HealthService
Event ID: 2010
Task Category: Health Service
Level: Error
Keywords: Classic
Computer: Lync-edge.domain.com
Description:
The Health Service cannot connect to Active Directory to retrieve management group policy. The error is Unspecified error (0x80004005).
Turn off AD integration:
In the agent's registry, go to HKLM\SYSTEM\CurrentControlSet\Services\HealthService\Parameters\ConnectorManager.
Set EnableADIntegration in the registry to ‘0′.
Restart the HealthService.
SCOM Workgroup Monitoring – Disable AD Integration
If the netework service account (used in the run as profile for “Microsoft Lync Server 2013 Remote Watcher Profile for Discovery”) cannot access the Lync server or its components (e.g. a database):
Alert: An internal exception has occurred during discovery.
Source: Discovery Script on Lync-edge.domain.com
Alert description: Discovery did not succeed. Monitoring may fail if discovery data's initial state was not available. Please check alert context for details.
Log Name: Operations Manager
Source: Health Service Script
Event ID: 223
Task Category: None
Level: Error
Keywords: Classic
Computer: Lync-edge.domain.com
Description:
DiscoverMachine.ps1 :
--------------------------------------------------------------------------------
-Script Name: Lync Server MP Machine Topology Discovery
-Run as account: nt authority\network service
-Execution Policy: Bypass
--------------------------------------------------------------------------------
Value of Source Id is {2469342F-3092-2CD4-2CE3-D45CA920984C}.
Value of ManagedEntity Id is {DBB1C579-0999-9D12-7B08-AC6C479AE328}.
Value of Target Computer is Lync-edge.domain.com.
Lync Server Module is added
Successfully initialize discovery data.
An exception occurred during discovery script, Exception : Could not connect to SQL server : [Exception=System.Data.SqlClient.SqlException (0x80131904): Cannot open database "xds" requested by the login. The login failed.
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.
Either add the Network Service account to the local group RTC Component Local Group on the Lync server or modify the Run As account used by 'Microsoft Lync Server 2013 Remote Watcher Profile for Discovery' in SCOM.
SCOM 2012 Lync Server 2013 Management Pack discovery error
After adding the Network Service account to the local group RTC Component Local Group on the Lync edge server:
Log Name: Operations Manager
Source: HealthService
Event ID: 7028
Task Category: Health Service
Level: Information
Keywords: Classic
Computer: Lync-edge.domain.com
Description:
All RunAs accounts for management group SCOM management group have the correct logon type.
Log Name: Operations Manager
Source: HealthService
Event ID: 7024
Task Category: Health Service
Level: Information
Keywords: Classic
Computer: Lync-edge.domain.com
Description:
The Health Service successfully logged on all accounts for management group SCOM management group.
Log Name: Operations Manager
Source: HealthService
Event ID: 7025
Task Category: Health Service
Level: Information
Keywords: Classic
Computer: Lync-edge.domain.com
Description:
The Health Service has authorized all configured RunAs accounts to execute for management group SCOM management group.
Verifying communication between the SCOM server and a workgroup agent:
Check agent/server connectivity (it should say ESTABLISHED):
On Lync server: netstat –a | findstr SCOM-server
On SCOM server: netstat –a | findstr Lync-edge
More info:
Installing Lync 2013 Edge Server
Obtaining Certificates for Non-Domain Joined Agents Made Easy With Certificate Generation Wizard
Setup Lync Server Components wizard returns the warning "Host not found in topology" during the Lync Server Edge server installation
Step by Step for using Certificates to communicate between agents and the OpsMgr 2007 server
When you try to install a System Center Operations Manager agent on a workgroup computer withoutusing a gateway server, Operations Manager cannot see the workgroup computer
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment