Share via


OpsMgr 2007: Agents in remote domain are unable to communicate with the Management server

Here's another great tip sent to me by Sam Allen, one of the top Support Escalation Engineers in our Las Colinas office.  If you're rolling out agents in a remote domain and find that they're unable to communicate with the management server then this is something you'll definitely want to check out:

========

Issue: After pushing an agent to another domain, the install appears to work fine but the agent can't communicate with the management server.  If you run a network trace you will see the SCOM server not being able to do LDAP lookup on the agent.  On the agent side you will see the following error.

Event Type: Error
Event Source: OpsMgr Connector
Event Category: None
Event ID: 20070
Description: The OpsMgr Connector connected to <server>, but the connection was closed immediately after authentication occurred. The most likely cause of this error is that the agent is not authorized to communicate with the server, or the server has not received configuration. Check the event log on the server for the presence of 20000 events, indicating that agents which are not approved are attempting to connect.

Cause: This can happen if the management server does not have permission to look up the machine in the remote domain.

Resolution: To resolve this issue make sure Authenticated Users have Read permissions to the domain:

1. Open AD Users and Computers .
2. Right-click on the name of the domain and select Properties.
3. Select the Security tab.
4. Make sure Authenticated Users have Read permissions.

You should also check the container where the agent is located and verify that the same permissions exist there:

1. Open AD Users and Computers .
2. Right-click on the container holding the computer and select Properties.
3. Select the Security tab.
4. Make sure Authenticated Users have Read permissions.

Once this is done the agent should start communicating properly.

========

Thanks Sam!

J.C. Hornbeck | Manageability Knowledge Engineer

Comments

  • Anonymous
    January 01, 2003
    The comment has been removed
  • Anonymous
    January 01, 2003
    thank you
  • Anonymous
    January 01, 2003
    Hi Hornbeck, I am facing the same problem when i checked  in both RMS and client end the authenticated Users have Read permissions to the domain. Could you please suggest how to fix this issue. Regards, Krish