SCOM Agents in DMZ via Gateway Server

Similar Messages

• Move SCOM agent between gateway server and management server ?

  Dear all,
  IN SCOM 2012 R2 is it possible to move SCOM agent between gateway server and management server ? I mean if one agent is reporting to Gateway server , in case if i want to shutdown that Gateway server , can i move to another Management server and
  Vice versa ?
  Thanks,
  Sengo

  Hi,
  http://blogs.catapultsystems.com/cfuller/archive/2012/06/05/how-does-the-failover-process-work-in-opsmgr-2012-scom-sysctr.aspx
  and links at the bottom of
  the article

• Gateway server and Management server in SCOM 2012

  What are the main Different between Gateway server and Management server in SCOM 2012?
  I have referred this , is there anything ?
  http://blogs.technet.com/b/momteam/archive/2008/02/19/10-reasons-to-use-a-gateway-server.aspx

  1) Management server can write data , gathered from agent, directly into operations manager database. Gateway server should forward data, collected from managed agent to management server.
  2) In a unturst environment for example workgroup or untrust domain, and you do not want to deploy a certificate to every monitored agent, you should deploy gateway server rather than managment server.
  Roger

• Scom agent errors from dmz computer

  hello everybody.
  i have installed scom agent on dmz computer. there is connection with scom rms server and after approving it listed in my agent managed computer list.
  but i have some erros in agent computer event log .
  hear is.
  Log Name:      Operations Manager
  Source:        Health Service Modules
  Date:          03/10/2014 09:17:13
  Event ID:      11903
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      srv-ns1
  Description:
  The Microsoft Operations Manager Expression Filter Module could not convert the received value to the requested type.
  Property Expression: Property[@Name='QueriesResponded']
  Property Value: Property[@Name='QueriesResponded']
  Conversion Type: DataItemElementTypeInteger(5)
  Original Error: 0x80FF005A
  One or more workflows were affected by this.  
  Workflow name: Microsoft.Windows.Server.DNS.2012R2.Monitor.DNSSEC.NameResolutionQueries
  Instance name: ameriaam.am on srv-ns1
  Instance ID: {CA3BB4AA-6AD9-B0CD-D35E-CF17BAC9BCE2}
  Management group: AmeriabankMG
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Health Service Modules" />
      <EventID Qualifiers="49152">11903</EventID>
      <Level>2</Level>
      <Task>0</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2014-10-03T05:17:13.000000000Z" />
      <EventRecordID>1051</EventRecordID>
      <Channel>Operations Manager</Channel>
      <Computer>srv-ns1</Computer>
      <Security />
    </System>
    <EventData>
      <Data>AmeriabankMG</Data>
      <Data>Microsoft.Windows.Server.DNS.2012R2.Monitor.DNSSEC.NameResolutionQueries</Data>
      <Data>ameriaam.am on srv-ns1</Data>
      <Data>{CA3BB4AA-6AD9-B0CD-D35E-CF17BAC9BCE2}</Data>
      <Data>Property[@Name='QueriesResponded']</Data>
      <Data>Property[@Name='QueriesResponded']</Data>
      <Data>DataItemElementTypeInteger(5)</Data>
      <Data>0x80FF005A</Data>
    </EventData>
  </Event>
  Log Name:      Operations Manager
  Source:        Health Service Modules
  Date:          03/10/2014 09:17:13
  Event ID:      11903
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      srv-ns1
  Description:
  The Microsoft Operations Manager Expression Filter Module could not convert the received value to the requested type.
  Property Expression: Property[@Name='QueriesResponded']
  Property Value: Property[@Name='QueriesResponded']
  Conversion Type: DataItemElementTypeInteger(5)
  Original Error: 0x80FF005A
  One or more workflows were affected by this.  
  Workflow name: Microsoft.Windows.Server.DNS.2012R2.Monitor.DNSSEC.NameResolutionQueries
  Instance name: esazatem.am on srv-ns1
  Instance ID: {8A7B8118-E730-492F-30BD-E754979CF884}
  Management group: AmeriabankMG
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Health Service Modules" />
      <EventID Qualifiers="49152">11903</EventID>
      <Level>2</Level>
      <Task>0</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2014-10-03T05:17:13.000000000Z" />
      <EventRecordID>1049</EventRecordID>
      <Channel>Operations Manager</Channel>
      <Computer>srv-ns1</Computer>
      <Security />
    </System>
    <EventData>
      <Data>AmeriabankMG</Data>
      <Data>Microsoft.Windows.Server.DNS.2012R2.Monitor.DNSSEC.NameResolutionQueries</Data>
      <Data>esazatem.am on srv-ns1</Data>
      <Data>{8A7B8118-E730-492F-30BD-E754979CF884}</Data>
      <Data>Property[@Name='QueriesResponded']</Data>
      <Data>Property[@Name='QueriesResponded']</Data>
      <Data>DataItemElementTypeInteger(5)</Data>
      <Data>0x80FF005A</Data>
    </EventData>
  </Event>
  Log Name:      Operations Manager
  Source:        Health Service Modules
  Date:          03/10/2014 09:17:12
  Event ID:      11903
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      srv-ns1
  Description:
  The Microsoft Operations Manager Expression Filter Module could not convert the received value to the requested type.
  Property Expression: Property[@Name='QueriesResponded']
  Property Value: Property[@Name='QueriesResponded']
  Conversion Type: DataItemElementTypeInteger(5)
  Original Error: 0x80FF005A
  One or more workflows were affected by this.  
  Workflow name: Microsoft.Windows.Server.DNS.2012R2.Monitor.DNSSEC.NameResolutionQueries
  Instance name: ameriagroup.am on srv-ns1
  Instance ID: {C57A482A-A0B6-CC89-0855-FD43B75FCE26}
  Management group: AmeriabankMG
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Health Service Modules" />
      <EventID Qualifiers="49152">11903</EventID>
      <Level>2</Level>
      <Task>0</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2014-10-03T05:17:12.000000000Z" />
      <EventRecordID>1047</EventRecordID>
      <Channel>Operations Manager</Channel>
      <Computer>srv-ns1</Computer>
      <Security />
    </System>
    <EventData>
      <Data>AmeriabankMG</Data>
      <Data>Microsoft.Windows.Server.DNS.2012R2.Monitor.DNSSEC.NameResolutionQueries</Data>
      <Data>ameriagroup.am on srv-ns1</Data>
      <Data>{C57A482A-A0B6-CC89-0855-FD43B75FCE26}</Data>
      <Data>Property[@Name='QueriesResponded']</Data>
      <Data>Property[@Name='QueriesResponded']</Data>
      <Data>DataItemElementTypeInteger(5)</Data>
      <Data>0x80FF005A</Data>
    </EventData>
  </Event>

  These errors are coming from the DNS 2012 R2 MP. Is this server in your DMZ a DNS 2012 R2 Server? if not, it should go away once the discovery for this mp runs or re-runs, and the SCOM agent stops running those monitors on that agent. If it does not go away,
  stop the SCOM Agent, and clear the agent cache then start up the agent again.
  Hope this helps!
  Scott Moss MVP (Operations Manager) President - System Center Virtual Users Group |Vice President - Atlanta Southeast Management Users Group (ATL SMUG)
  Please remember to click “Mark as Answer” on the post that helps you!
  my new blog om2012.wordpress.com

• SCOM Gateway Server Upgrade from 2012 SP1 to R2

  Hi,
  I am upgrading our SCOM environment from 2012 SP1 to R2. But unable to upgrade the Gateway Server. The installation of R2 setup stops with error message: "The operation manager gateway can't be installed on a computer on which the Operation Manager
  management server, Operations Console, operational database, web console, agent, System Center Essentials, or System Center Service Manager is already installed."
  I checked none of the above component is installed on the gateway server. Please suggest what is the issue?
  Regards,
  Daya Ram

  Hi,
  Have you followed the steps below to upgrade a gateway server:
  Log on to a computer that hosts the gateway server with an Operations Manager Administrators role account for your Operations Manager management group.
  On the Operations Manager media, run Setup.exe.
  In the Optional Installations area, click Gateway management server.
  On the Welcome to the System Center 2012 R2 Operations Manager Gateway Upgrade Wizard page, click
  Next.
  On the The wizard is ready to begin gateway upgrade page, click
  Upgrade.
  On the Completing the System Center 2012 - Operations Manager Gateway Setup wizard page, click
  Finish.
  You may check below directory:
  C:\Program Files\System Center 2012\Operations Manager
  Regards,
  Yan Li
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• SCOM Gateway Server Issue

  Hi All
  I am having an issue related with my LAB Gateway server with SCOM 2012 SP1
  I am having 2 Management server and 3 gateway server in my LAB. Now I am trying to install a new Gateway server. But its not showing in Management server list. Its showing as a SCOM Client. have any one faced this issue or any idea.
  Your earlier response is appreciated.

  Hi,
  Whether the gateway server is listed under pending management, if it is, try to remove it from here before running the approval.
  Please also go through the below similar thread for more details:
  SCOM 2012 R2 Gateway installation error and no System Center Management server after install
  http://social.technet.microsoft.com/Forums/en-US/ce6d0a73-c31d-4c26-85d4-d3cce35d48c3/scom-2012-r2-gateway-installation-error-and-no-system-center-management-server-after-install?forum=operationsmanagerdeployment
  Please follow the below steps:
  1) Validate that the gateway server can ping the Management Server that it will need to communicate with and can telnet to port 5723. Also validate that the OpsMgr Management Server can ping the Gateway server. If traffic doesn’t route between these systems,
  or they cannot resolve each others names, or they cannot communicate on port 5723 the Gateway will not function.
  2) Install the gateway server from the OpsMgr media (Gateway management server).
  When installing, choose the Management Server that we have determined will be the primary Management Server for gateway servers in the environment and configure the gateway to run as local system.
  3) Next if required in the OpsMgr console we delete the agent from pending management if it appears in that view.
  4) Perform the approval of the gateway by transferring the Microsoft.EnterpriseManagement.GatewayApprovalTool.exe from the installation media to the appropriate path to run it from (c:\program files\System Center Operations Manager 2012\Server is the default
  location)
  Regards,
  Yan Li
  Regards, Yan Li

• Difference between Scom 2007 and Scom 2012 Gateway server setup.

  Hi All,
  Greetings!!
  I would like to know the differences for gateway server setup in Scom 2007 and 2012 versions..
  Are there any changes in the data collection or in the configuration? and also the prerequisites for it.
  Please let me know these info..
  Regards,
  Gokul

  There is no great different in settng up gateway server in SCOM 2007 R2 and SCOM 2012. As summary, it requires
  1.Request certificates.
  2. Import those certificates into the target computers by using the MOMCertImport.exe tool.
  3. Distribute the Microsoft.EnterpriseManagement.GatewayApprovalTool.exe to the management server.
  4. Run the Microsoft.EnterpriseManagement.GatewayApprovalTool.exe tool to initiate communication between the management server and the gateway
  5. Install the gateway server.
  However, the prerequisites has different between SCOM 2007 R2 and SCOM 2012
  SCOM 2007 R2 gateway server support folloiwng OS
  Windows Server 2003 Standard Edition with Service Pack 1 (SP1)
  Windows Server 2003 Standard Edition with Service Pack 2 (SP2)
  Windows Server 2003 Standard x64 Edition with SP1 or SP2
  Windows Server 2003 Enterprise Edition with SP1
  Windows Server 2003 Enterprise Edition with SP2
  Windows Server 2003 Enterprise x64 Edition with SP1 or SP2
  Windows Server 2003 R2 Standard Edition with SP1 or SP2
  Windows Server 2003 R2 Standard x64 Edition with SP1 or SP2
  Windows Server 2003 R2 Enterprise Edition with SP1 or SP2
  Windows Server 2003 R2 Enterprise x64 Edition with SP1 or SP2
  Windows Server 2008 Standard 32-Bit with SP1 or SP2
  The 64-bit edition of Windows Server 2008 Standard with SP1 or SP2
  Windows Server 2008 Enterprise 32-Bit with SP1 or SP2
  The 64-bit edition of Windows Server 2008 Enterprise with SP1 or SP2
  Windows Server 2008 Datacenter 32-Bit with SP1 or SP2
  The 64-bit edition of Windows Server 2008 Datacenter with SP1 or SP2
  Windows Server 2008 R2
  Windows Server 2008 R2 with SP1
  SCOM 2007 R2 gateway server
  CPU :2.8 GHz or faster
  Memory: 2 GB of RAM or more
  available Space: 20 GB of available hard disk space
  NET Framework 2.0
  Microsoft Core XML Services (MSXML) 6.0
  SCOM 2012 Gateway server
  Disk space: %SYSTEMDRIVE% requires at least 1024 MB free hard disk space.
  Server Operating System: must be Windows Server 2008 R2 SP1, Windows Server 2012, Windows Server 2012 Core Installation or Windows Server® 2012 R2.
  Processor Architecture: must be x64.
  Windows PowerShell version: Windows PowerShell version 2.0, or Windows PowerShell version 3.0.
  Microsoft Core XML Services (MSXML) version: Microsoft Core XML Services 6.0 is required for the management server.
  .NET Framework 4 is required if the Gateway server manages UNIX/Linux agents or network devices.
  Roger

• SCOM gateway server configuration steps

  Can anybody share the SCOM gateway server configuration steps?

  In addition, I would like to share the following with you for your reference:
  Deploying Gateway Server in the Multiple Server, Single Management Group Scenario
  http://technet.microsoft.com/en-us/library/bb432149.aspx
  Deploying Gateway Server on Windows Server 2008
  http://technet.microsoft.com/en-us/library/dd789059.aspx
  Managing Gateway Servers in Operations Manager 2007
  http://technet.microsoft.com/en-us/library/cc540382.aspx
  Two items regarding the Gateway Server
  http://blogs.technet.com/b/momteam/archive/2007/08/09/two-items-regarding-the-gateway-server.aspx
  Powershell Commands to configure Gateway Server / Agent Failover
  http://blogs.technet.com/b/jimmyharper/archive/2010/07/23/powershell-commands-to-configure-gateway-server-agent-failover.aspx
  Hope this helps.
  Thanks.
  Nicholas Li - MSFT
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Error trying to run SSIS Package via SQL Server Agent: DTExec: Could not set \Package.Variables[User::VarObjectDataSet].Properties[Value] value to System.Object

  Situation:
  SSIS Package designed in SQL Server 2012 - SQL Server Data Tools
  Windows 7 - 64 bit.
  The package (32 bit) extracts data from a SQL Server db to an Excel Output file, via an OLE DB connection.
  It uses 3 package variables:
  *) SQLCommand (String) to specify the SQL Statement to be executed by the package
  Property path: \Package.Variables[User::ExcelOutputFile].Properties[Value]
  Value: f:\Output Data.xls
  *) EXCELOutputFIle (String) to specify path and filename of the Excel output file
  Property path: \Package.Variables[User::SQLCommand].Properties[Value]
  Value: select * from CartOrder
  *) VarObjectDataSet (Object) to hold the data returned by SQL Server)
  Property path: \Package.Variables[User::VarObjectDataSet].Properties[Value]
  Value: System.Object
  It consists out of 2 components:
  *) Execute SQL Task: executes the SQL Statement passed on via a package variable. The resultng rows are stored in the package variable VarObjectDataSet
  *) Script Task: creates the physical output file and iterates VarObjectDataSet to populate the Excel file.
  Outcome and issue:The package runs perfectly fine both in SQL Server Data Tools itself and in DTEXECUI.
  However, whenever I run it via SQL Server Agent (with 32 bit runtime option set), it returns the errror message below.
  This package contains 3 package variables but the error stating that a package variable can not be set, pops up for the VarObjectDataSet only.  This makes me wonder if it is uberhaupt possible to set the value of a package variable
  of type Object.
  Can anybody help me on this please ?
  Message
  Executed as user: NT Service\SQLSERVERAGENT. Microsoft (R) SQL Server Execute Package Utility  Version 11.0.2100.60 for 32-bit  Copyright (C) Microsoft Corporation. All rights reserved.    Started:  6:40:20 PM  DTExec: Could
  not set \Package.Variables[User::VarObjectDataSet].Properties[Value] value to System.Object.  Started:  6:40:20 PM  Finished: 6:40:21 PM  Elapsed:  0.281 seconds.  The package execution failed.  The step failed.
  Thank you very much in advance
  Jurgen

  Hi Visakh,
  thank you for your reply.
  So, judging by your reply, not all package variables used inside a package need to be set a value for when run in DTEXEC ?
  I already tried that but my package ended up in error (something to do with "... invocation ...." and that error is anything but clearly documented. Judging by the error message itself, it looks like it could be just about anything. that is why I asked my
  first question about the object type package variable.
  Now, I will remove it from the 'set values' list and try another go cracking the unclear error-message " ... invocation ...". Does an error message about " ... invocation ..." ring any bells, now that we are talking about it here ?
  Thx in advance
  Jurgen
  Yes exactly
  You need to set values only forthem which needs to be controlled from outside the package
  Any variable which gets its value through expression set inside package or through a query inside execute sql task/script task can be ignored from DTExec
  Ok I've seen the invocation error mostly inside script task. This may be because some error inside script written in script task. If it appeared after you removed the variable then it may because some reference of variable existing within script task.
  Please Mark This As Answer if it helps to solve the issue Visakh ---------------------------- http://visakhm.blogspot.com/ https://www.facebook.com/VmBlogs

• Problem upgrading from SCOM 2012 SP1 to R2 (near impossible to uninstall SCOM agent from Management Server)

  I'm trying to upgrade our SCOM 2012 SP1 environment to R2, but I have a heck of a problem getting there.
  We currently have an test installation with SCOM 2012 SP1 with Management Server and Console on a single 2012 Standard server. The database are located on a remote server. The R2 setup stopped mid way through the setup, because the SCOM 2012 SP1 agent is
  installed. And I could NOT remove it my any normal means. I've tried "misexec.exe /x productcode", the setup, powershell uninstall and so on. Nothing works, because the management server installation is blocking the uninstall. The uninstall says
  I have to remove the management installation first. And that's not gonna happen.
  I had to follow this guide to finally getting through the setup: http://www.opsman.co.za/forcibly-removing-a-scom-agent-that-cannot-be-uninstalled-by-normal-means/
  In addition to searching for the agent msi install key in registry, and deleting everything. After I did this, the setup is working, and the SCOM management server, console and DB are up to date. However, the Microsoft Monitoring Agent are STILL there in
  Control Panel. And this can NOT be the most healthy way of getting through the setup.
  I'm about to upgrade to R2 in our production environment with 3 management servers, and I would hate to go through this sketchy process there as well. Just for the record, I have no idea why the agents are installed on our management servers.
  Any of you have tips as to how I can get rid of the agents more gracefully?

  Hi
  Thanks for the replay guys!
  None of those links touch my problem I'm afraid. I have followed the Upgrade guides you pointed to, step by step. But the setup does not Complete. There's problems during the actual software Upgrade of the management servers (3'rd step in the Upgrade page).
  I've dived into the Application logs and installation logs, and as far as I can tell, it stops because it has trouble upgrading while the server has the 2012 SP1 Agent installed. I do not remember the actual error text right now, but I can get it in a few
  days.
  Anyhow, the setup DID move on once I removed most of the registry information of the agent installation. So. that leaves me to the conclusion that the agent IS in fact stopping the setup. Either the agent are malfunctioning, or the setup do not expect the
  agent to be present on the management servers. I suspect the latter to be the the most plausible. At least until Yan Li told me this was normal.
  So, I'm not sure what to think. I'm pretty much forced to remove this agents, as this is the only thing allowing me to continue the setup. At least untill I'm told otherwise. But I hate to do it this way. It's so dirty. The registry is pretty much cleaned,
  but there's still Application files present, and the agent is still in the Control panel and can be started. It's not something I would like to do in our prodution environment.

• Running SCOM Powershell cmdlets on SCOM Agent Server

  Hello,
  I have to run some SCOM cmdlets on SCOM Agent Server. But I am getting the below error.
  "Get-SCOMClass : The Data Access service is either not running or not yet initilized. Check the event log for more information."
  In the Agent Server, there is no "Data Access service".
  Please help me in running the SCOM cmdlets on SCOM Agent Server.
  Thanks in advance.
  Regards,
  Mahadevan.G

  Hi Mahadevan:
  On a SCOM management server, the SDK service name is "System Center Data Access Service". If you don't see that service listed then you are not on a SCOM management server.
  Not sure what you mean "SCOM Agent Server"? The SCOM cmdlets won't run on a computer with just the SCOM agent installed unless you also install the SCOM console/powershell features from the SCOM install media.
  The Get-SCOMClass cmdlet (or Get-SCClass) should run on a management server with no problems. Recommend check again that you are really logged into a SCOM management server.
  John Joyner MVP-SC-CDM

• Certificate Template - SCOM Gateway Server

  Hi
  I am using AD Domain level 2003 in my organization. Is there any particular requirement for certificate template to provide authentication between SCOM Management server and SCOM Gateway server.
  I tried a lot but I am getting authentication issues.
  Any solution would be really appreciated.
  Thanks in advance.
  Abhinav | MCTS-Server Virtualization

  Hi,
  Here is a similar thread, please also go through it for more helpful information:
  SCOM 2012 Gateway Server Certificate
  http://social.technet.microsoft.com/Forums/systemcenter/en-US/f499a9c5-1f52-464d-819d-7cbc8a96a845/scom-2012-gateway-server-certificate
  Step-by-step walkthrough: Installing an Operations Manager 2012 Gateway
  http://blogs.technet.com/b/pfesweplat/archive/2012/10/15/step-by-step-walkthrough-installing-an-operations-manager-2012-gateway.aspx
  Regards,
  Yan Li
  Regards, Yan Li

• Gateway Server in SCOM

  Hi experts,
  I need your advice on the below point
  * It is recommended to keep Management server in the same datacenter. But in case if we got another datacenter with less network bandwidth, can we place GATEWAY server there though its a trusted zone. Please clarify.
  Regards, Pratap

  Hello Pratap,
  If you need a gateway server, then it has to be in the another DataCenter and the agents in that same datacenter will point to the Gateway Server. The best part about this will be you do not need to install certificates on each server in that second data
  center. All you need to do is configure certificates on the Gateway Server and the Management Server, where the Gateway Server will be pointing to.
  And Since Bandwidth is an issue, if the agents from different datacenter point to the MS (in another DC) directly, then it will take up a lot of bandwidth for each agent however, if the communication is only between the Gateway Server and MS then that should
  utilize less bandwidth.
  Hope this helps!
  Regards,
  Abdul Karim. (http://sites.google.com/site/scomblogs Twitter:@Abdul_SCOM)

• SCOM Agent on Linux Server Fail

  Dears,
  I am new to this topic of deploying SCOM Agent to Linux Server...
  In my deployment, I want to push SCOM Agent to Linux Ubuntu, I have confirmed below:
  Ubuntu distribution is supported
  I am using root account with no SSH certificate 
  On Linux Server firewall for IPv4 and IPv6 is off
  I can telnet to linux port 22
  root account have privilege to access 22
  WHen I try push installation, I am able to:
  Discover the servers
  Push the agent and deploy it (I can see the service scom agent service started and I can telnet to Linux Server port 1270)
  when scom push agent wizard try to sign the certificate it fail with below error:
  Task invocation failed with error code -2130771918. Error message was: The SCXCertWriteAction module encountered a DoProcess exception. The workflow "Microsoft.Unix.Agent.GetCert.Task"
  has been unloaded.
  Module: SCXCertWriteAction
  Location: DoProcess
  Exception type: ScxCertLibExceptionTask invocation failed with error code -2130771918. Error message was: The SCXCertWriteAction module encountered a DoProcess exception. The workflow "Microsoft.Unix.Agent.GetCert.Task"
  has been unloaded.
  Module: SCXCertWriteAction
  Location: DoProcess
  Exception type: ScxCertLibException
  Exception message: Unable to open root store; {Access is denied.}
  Additional data: Sudo path: /etc/opt/microsoft/scx/conf/sudodir/
  -----BEGIN CERTIFICATE-----
  MIIDETCCAfkCAQEwDQYJKoZIhvcNAQEFBQAwQjEfMB0GA1UEAxMWZnRwLnRlbGVj
  b20ubW9pLmdvdi5xYTEfMB0GA1UEAxMWZnRwLnRlbGVjb20ubW9pLmdvdi5xYTAe
  Fw0xMzA0MTcwNjEyMThaFw0zNDA0MTIwNjEyMThaMEIxHzAdBgNVBAMTFmZ0cC50
  ZWxlY29tLm1vaS5nb3YucWExHzAdBgNVBAMTFmZ0cC50ZWxlY29tLm1vaS5nb3Yu
  cWEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+d2oX2lK20nSDGmcD
  whe1sy2WJ9mXGTtZm7VLidh12vN1yImkzi6Ds/mJPA2cKfBlWc8PJX/Uje7m647F
  SBaqDfORsWGhW3XQUkj44lWKsqiq2AFe2ZJIXw0peWIIZzvGzo0vfNc66ECFv3G8
  RFaF1M9KppJE0SExR9DGAkgrOym9xsYce6mBqdmli4Imr7eBWsr8bkQob1OCem4E
  N70tPW4al4N0un2G6p5CVDNOiNCKvE11QdBugQ8uFCpksoB9IFPggxsF3qg+BpPx
  Q+N0p3/sjpiGqwRHXUNIPBzCok3C2mi9hNgsTlBU6BPJEaTgDIvJJvcm6Isvn+zo
  vdFDAgMBAAGjFzAVMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUA
  A4IBAQAqCjyyqVjdcxU3AWKNCzs7g7Gc6nQlNIaurHsV6Wks8Qo24PED6eLdhCDL
  SSOxp/pi3jxpq1LWcYyjy0dCDlUceQVaGVgu/wwqqkvvZcukYbG3DSp/m+kAwyDu
  0zr4S8Iq1sjmHm7CqCrinQcdXN5OrW8EYd3yzBalZ33WNPbBQJADK0ZENDkfSatZ
  vjMoyFgrFmMM+sG52ZeILohfwU/DJow6SYe45VhHUB6oimFgPRpTy+Ir4FM+Xo0W
  JhJPtYD80nYX7fKtLFbLzF21yF96o5gCvoLoqyL0rJOvakF9qVaCIy9s/jrt1Axh
  W8lSYN+wCCDAnTpmHMPS37KL2zHV
  -----END CERTIFICATE-----
  Management group: OMMS
  Workflow name: Microsoft.Unix.Agent.GetCert.Task
  Object name: Unix Linux Monitoring Resource Pool
  Object ID: {76C1B3F5-866D-0AFC-3E98-4EBC36647765}
  I have tried to:
  I tried to add FQDN Name of Linux Server with IP address to host file (but again it fail)
  I have tried sudo account , it also fail with same error
  Please help on this.

  Jean,
  It looks like this is most likely your issues. Please give it a try and see if it resolves the problem.
  Possible Causes
  The Management Servers default action account does not have the necessary privileges (administrator) to open the root certificate store.
  Resolutions
  Set the Action Account for the Manage Server(s) as a local administrator account
  Configure a local administrator account in the Run As Profile: Certificate Signing Profile
  If the Certificate Signing Profile is configured, the action account associated in that profile will be used. If not, it will fall back to the default Action Account
  Regards,
  -Steve

• SNMP Monitoring behind SCOM Gateway Server

  Hi All
  Is it possible to monitor Network devices / SNMP that sit behind a SCOM Gateway server? If so, how do these get discovered?
  I have a need to monitor devices like HP printers, WAP, JetDirect cards, EPOS equipment etc. on a site that doesn't have SCOM on-premise.
  Are there any limitations to this?
  Thanks

  Hi,
  Yes, it is possible. when you create discovery, you may specify that it should run from gateway server.
  On the device you want to monitor, set your SNMP public community string to point to the IP address of the SCOM Gateway server. In the SCOM Administration console, choose Network Devices in the Discovery Managment Wizard choose network device and click next.
  In the next screen enter the IP address of the network device you want to monitor and under the mangment server drop down choose the gateway server who’s IP you entered in the SNMP string earlier.
  Here is a similar thread for you reference:
  https://social.technet.microsoft.com/Forums/systemcenter/en-US/475cf4f5-c724-4c7c-808e-7265b304b0ba/snmp-monitoring-over-gatewayserver?forum=operationsmanagergeneral
  In addition, you may check is there any management pack for your devices and import them into your management group.
  Regards,
  Yan Li
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]