How to get your agents back to “Remotely Manageable” in OpsMgr 2007 R2
<!--[if lt IE 9]>
<![endif]-->
Comments
Anonymous
January 01, 2003
The comment has been removedAnonymous
January 01, 2003
Venkat - I clearly address that in the above blog post. If you are using AD integration, you should not modify this setting. It will break AD integration.Anonymous
January 01, 2003
Console can't do it, but Powershell canAnonymous
January 01, 2003
@Phil -
If you are using AD integration, you would generally not want to change this setting. If using AD integration, you don't use the console to assign management servers, you use AD integration rules. However, it is plausible that you want to use AD integration, but want remotely manageable set to true, so you can easily apply/push agent upgrades via the console.
If that isn't required, and you will also use group policy to push out the agent updates, then I'd not change the setting.
Editing the SQL database is not supported by Microsoft. You wont ever get a "support statement" on this, other than "unsupported". However, for customers who understand the issue, and understand why they need remotely manageable = true, this is a very safe modification to make.- Anonymous
June 22, 2016
Hi Kevin! Is it really unsupported from Microsoft to convert manually installed OpsMgr agents to “Remote Manageable” by changing "IsManuallyInstalled” against the operational DB. Only against agents that should have been installed through SCOMs "Discovery". - Anonymous
June 22, 2016
Is it more supported and easier to install UR for agents through Windows Update or push it through SCCM? If we do this on all agents will the "discovey" agents be change to "manaully"?//Mats A
- Anonymous
Anonymous
January 01, 2003
Hey sir thanks for taking the time to respond, again. Yes the dev_scom_HSvcSCP_SG container along with Domain Local security groups and containers for each of the management servers were created during the ADI setup. In terms of reference materials I have SCOM 2012 Unleashed 2nd edition and just about all of the known articles in terms of configuring ADI per a documented procedure. So I'm thinking I've overlooked some minor detail in terms of getting this to work.
In viewing a reference site I see mention of a rule called AD rule for Domain. I have version 7.1.10226.0 of the Default management pack installed and when performing a search for this rule I see an AD rule for Domain: mydomain.com, ManagementServer: domainms but I don't see the rule displaying polling info. Again not sure what I'm missing.Anonymous
January 01, 2003
dang it! replied to the wrong thread/post. Please delete if possible.Anonymous
January 01, 2003
@Jarrad - What do you mean "internet based" ? Do they connect via direct internet with a direct management server open to the public internet (gasp). Or do they connect via a VPN tunnel and then are managed alike a remote WAN agent on the corp network? In either case, it doesnt really matter. The benefit of not locking them down as a "manually installed" agent is that we will try to update them when you apply CU's, and you have the option to attempt a repair. If you dont have full RPC/SMB open to manage the agent, then it is an irrellevant conversation.Anonymous
January 01, 2003
Do these settings also apply to scom 2012?Anonymous
January 01, 2003
Yes Ramesh - that is basically one of the key points of this post - for that ability right there.Anonymous
January 01, 2003
The comment has been removedAnonymous
January 01, 2003
No, you arent missing anything - SP1 had a bug where this didnt work and block access in the console as it should. It was "fixed" in R2.Anonymous
January 01, 2003
@David - This is the setting, that the hotfix installer will use to determine the agent should be placed into pending. Therefore - the answer is yes - if this is set to "Yes" then when you apply a hotfix to a Management server that has directly assigned agents - they should now go into pending management for an update. If you approve it - it will work, provided the account you use has permissions, and the firewall ports are open. (same as agent push)Anonymous
January 01, 2003
Yep.Anonymous
January 01, 2003
The comment has been removedAnonymous
January 01, 2003
@Jonathan - the SCSM agents are "special" and should not be updated nor patched/moved or treated as remotely manageable.Anonymous
January 01, 2003
@AFL - Yes. It is applicable to SCOM 2012.Anonymous
February 21, 2010
Kevin - After we install the agents manually on servers (behind firewall, workgroup) and if we set those agents to “Remotely Manageable = Yes” using the query as you suggested, we'll be able to control those agents from the UI alike those which are pushed from the console - right? Also if MS releases hotfixes/updates applicable for R2 agent, then those will appear in the pending management node to ease our administration - right? I just wanted to get it confirmed that after we run the query that will set ALL manually agents back to “Remotely Manageable = Yes”, then they will become similar to the pushed agents on all aspects!Anonymous
February 22, 2010
Hi Ramesh Updating the table by itself will not be enough - be aware that you'll still need to open the relevant ports to enable the updates to take place. If these manually installed agents are behind a firewall then making them "remotely manageable" won't magically enable them to receive updates if the firewall won't pass the traffic. And you won't get your security teams to open the Netbios ports required for push install .... http://blogs.technet.com/kevinholman/archive/2007/12/12/agent-discovery-and-push-troubleshooting-in-opsmgr-2007.aspx Cheers GrahamAnonymous
February 22, 2010
Thanks Graham - I understand that we won't be able to push future updates on agents behind firewall if the ports are not open, but they will appear in the 'pending management' mode - right? What we are basically seeking is to assign the SCOM agent installation task on all servers to our L1 helpdesk who will install the agents manually and then we'll run this SQL query to make them 'Remotely Manageable=Yes'. So in case of future updates from MS for R2 agent, all of them will appear in the 'Pending Management' node and whichever do fail while approving from the console we'll update them manually. Regards RameshAnonymous
March 04, 2010
Thanks Kevin, This is very Useful.. thanks JasonAnonymous
March 13, 2010
Hi Kevin, This is working for the test machines I tried. I would like to know what exactly you consider "AD Integration"? is it the fact that the discovery is done through AD? Is it the fact that all machines are in AD domain? Is it something else? Thanks, DomAnonymous
April 20, 2010
pingback from: http://cornasdf.blogspot.com/2010/04/systems-center-operations-manager-r2.htmlAnonymous
September 22, 2010
We have several manually installed agents in our SCOM 2007 SP1 environment. What I find stranges is that even the manually installed agents appear to be 'Remotely Manageable = Yes', as oppposed to 'IsManuallyInstalled = Yes'. Am I missing something? Regards, SvenAnonymous
November 28, 2010
Hi, we downloaded and installed SCOM 2007 R2 CU3, later we applied the SQL Query to change Remotely managed for some servers to yes. till now the Agents are not showing in Pending Management in order to approve the update, is there any further action required? regards, DamatiMan@Gmail.comAnonymous
February 14, 2011
Hi Kevin, I have 4000+ servers that have manually installed agents on R2CU2 that now have Remotely Managed = "Yes" via the SQL Script. The question that keeps getting mixed answers is when CU4 is applied to the OPSmgr Infrastructure will the agents now come into pending allowing me to upgrade all these manually installed agents that now have the Remotely Managed flag set to Yes. This is assuming all firewall ports are open etc. I keep getting different answers on this question and would like to know since the intention is to have all 4000+ agents come into pending and then phase these updates in groups during off hours. These agents have not been repaired just the Remotely Managed set to Yes. Thanks.Anonymous
June 30, 2011
Hi Kevin, I know this was covered a while ago, hopefully you are still aware of comments! Am I to understand by the comment: "***Another thing to note – is if the “Remotely Manageable” flag is set to “No”… we will NOT put those agents into “Pending Management” for a hotfix (when a SCOM hotfix that should also be delivered to agents is applied to a management server). This is by design." That if we DO use the script to change all our agents to be remotely manageable that they should EVENTUALLY show up in Pending Management as needing an update after running a CU? Kind RegardsAnonymous
February 13, 2012
Hi Kevin, We have SCOM 2007 R2 envi and i am planning for CU5 update installation. We have few of agents that are not remotely manageble (manually installed). If i change them to remotely manageble agents using the sql query provided will my AD Integration breaks? if it is broken, can i dele that and put it back in place using momoadadmin.exe? Thanks,Anonymous
April 19, 2012
It would be very nice, if the agent were able to download updates via the already opened standard ports, through the firewalls. Netbios is not an option, and now we have to make an sccm package.........Anonymous
July 04, 2012
Hi Kevin, Is this still the case for SCOM 2012? Cheers, JarradAnonymous
July 10, 2012
Thanks Kevin. Another question. Would you recommend this for internet based managed agents?Anonymous
July 15, 2012
Hi Kevin, I meant internet based just like in Config Manager, agents connecting via the internet. Don't worry this customer is using certs, gateway servers, firewalls, dedicated AD and Ops Mgr infrastructure isolated just for this, port redirects... etc. But I stupidly did not think about the UDP ports needed!!!Anonymous
September 25, 2012
I'm a little confused by this, since we have a script that load balances the Agents between MS every month. Most of the Agents are manually installed, and some are pushed out from the console. According to this, we shouldn't be able to run the script successfully since the manual Agents should ignore it. We run R2 CU5 (now CU6) and it works fine. So is this a case of "Console can't do it, but Powershell can" or is it the script is specifically written to circumvent the issue? Param([array]$CSVServerList) $arrServerObject = @() $arrAgentObject = @() foreach($Server in $CSVServerList) { $arrServerObject += Get-ManagementServer | where {$.Name -eq $Server} echo "Looking for $Server" } $ServerCount = $arrServerObject.Count if ($ServerCount -gt 1) { echo "Found $ServerCount management servers" } else { echo "Found only 1 (or less) management servers. Aborting..." Exit } echo "Getting agents..." foreach ($Server in $arrServerObject) { $arrAgentObject += Get-Agent | where {$.PrimaryManagementServerName -eq $Server.Name} } $AgentCount = $arrAgentObject.Count if ($AgentCount -gt 1) { echo "Found $AgentCount agents" Start-Sleep -m 200 } else { echo "Found only 1 (or less) agents. Aborting..." Exit } $i = 0 foreach ($Agent in $arrAgentObject) { if ($i -ge $ServerCount) { $i = 0 } $arrTemp = @($arrServerObject | Where-Object {$_ -ne $arrServerObject[$i]})
$FailoverServers = $arrTemp -join ","
Set-ManagementServer -AgentManagedComputer: $Agent -PrimaryManagementServer: $arrServerObject[$i] -FailoverServer: $arrTemp $arrTemp = $null $i++ }
Anonymous
January 17, 2013
Marius, I just tried this on my scom 2012 infrastructure and works great. Took a minute for the console to update, so give it some time. ThanksAnonymous
January 25, 2013
I've just run this on SCOM 2007 and although the agent is now remotely manageable, the option to change primary management server is still not available.Anonymous
March 26, 2013
Hi Kevin, Now we are planning to do scom 2012 upgrade from scom 2007 r2 and enabled AD integration . therefore we need to move the agents to another MG server. In this case can you explain how to move the AD integrated agents to another management server Thanks in AdvanceAnonymous
September 16, 2013
I'm guessing this procedure is safe to use on SCOM 2012 if the QUERY returns a correct list of agents...but I can I get some confirmation that it is? I can't see the GUID changing for 'BaseManagedTypeId' - but stranger things have happened.Anonymous
October 30, 2013
Hi Kevin, can i use this to break AD Integration? We don't won't to use AD Integration any longer. My idea is to run the script, remove Container in AD, apply CU4 to SCOM so that all Agents will be shown under pending management, update the Agents through the console. I think this should work, or not? I think this is better than uninstall all Agents and then reinstall via console. BR KlausAnonymous
October 30, 2013
@Klaus - Interesting concept. I don't know. Have to test it. There is a registry entry for agents that let them know they are AD integrated vs manual configuration. This might work as you desire, but I'd have to test and observe.Anonymous
November 01, 2013
Hi Kevin, thanks for your answer. I've tested this and it works. :-)! BR KlausAnonymous
February 21, 2014
Hi Kevin, will the correct use of the scripts for the purposes described in this article void any Microsoft support agreement?Anonymous
June 10, 2014
So I have tested this process on a few servers. (We're moving away from AD integration and moving some servers to gateway servers) After I've run the query against the database it shows as remotely manageable and repair and uninstall are available, but change primary management server is still greyed out.
Any thoughts on this?Anonymous
June 10, 2014
I should have mentioned I am on 2012 R2...Anonymous
September 12, 2014
Hi Kevin,
Could you assist me how can i upgrade SCOM 2007 R2 agent into SCOM 2012 R2 agent. I could not get any idea properly.
Thanks
Richa.Anonymous
September 22, 2014
Excelente.Anonymous
September 26, 2014
We have SCOM 2012 R2 in our envirnment.
Our clients have shared a list of servers and it's big list to do by hand.
I need to write an sql querry which determine which all have SCOM agent installed and which all have not .
Can anyone help me on this?Anonymous
February 05, 2015
Are there any issues with updating SCOM agents on SCSM server (SC R2) to "remotely manageable"?Anonymous
February 05, 2015
Thanks for the quick response!Anonymous
April 15, 2015
The comment has been removedAnonymous
May 25, 2015
Hi Kevin,
Is this fix applicable in SCOM 2012 R2?
Regards,
AFLAnonymous
June 03, 2015
My requirements are, I need to do remotely manageable = 'yes' for selected agents, like out of 1000 only 200, as this 200 servers are reporting to a gateway server which I need to move to another gateway server....but as per your script either all or 1 server can be set to 'yes'. can there be any modification done, which can fulfill my requirements??Anonymous
February 15, 2016
This is my final article in a 3 part series about Alert Management. Part 1 is here . Part 2 is hereAnonymous
March 30, 2016
Thanks Kevin this worked for meGrahamAnonymous
April 28, 2016
Thanks Kevin for the wonderful explanation.Anonymous
April 26, 2017
Hello Kevin,Thanks for the post,If suppose i am having 2 agents( Cul-sql01 and Cul-DC01)both are installed manually and i want to bring back only server Cul-sql01 to remotely manageable. Could you share the sql query for this scenario also.How can i get BaseManagedTypeId or each agent.===============================================UPDATE MT_HealthServiceSET IsManuallyInstalled=0WHERE IsManuallyInstalled=1AND BaseManagedEntityId IN(select BaseManagedEntityID from BaseManagedEntitywhere BaseManagedTypeId = ‘AB4C891F-3359-3FB6-0704-075FBFE36710’AND DisplayName = ‘agentname.domain.com’)========================================Best Regards...AnuAnonymous
January 04, 2018
Will it work when there are different domain agents are present in the environment? Currently got 5 gateway and 3 management servers?Anonymous
January 04, 2018
kkAnonymous
January 15, 2018
Thanks for this :)