Only 5732 TCP is required for minimum management. ICMP is required from MS to Agent if you want reliable "computer down" monitoring.
Connectivity direction is FROM agent TO MS initially. Check that name resolution works (ping) from agent to MS. Check certificates to make sure they are both working - the SCOM event log on the agent is the BEST verbose log to look for errors/root cause From: [email protected] [mailto:[email protected]] On Behalf Of Orlebeck, Geoffrey Sent: Wednesday, June 3, 2015 2:07 PM To: '[email protected]' Subject: [msmom] Manual Agent Install Port Requirements (DMZ) All: I am trying to manually install SCOM 2012 agent on a couple servers in our DMZ. We are allowing TCP 5723 Inbound/Outbound between host and SCOM management servers. However, after manually installing they do not show up under pending management. I triple checked the Management Group name is spelled correctly across the 3 servers as well as having necessary info to discover the management servers (host records, etc.). However, the agents do not appear under Pending Management. I referenced Microsoft's TechNet article and found the following: Agent, manual installation of MOMAgent.msi System Center Management service 5723/TCP Windows Firewall Agent, push installation * System Center Management service * File and Print Sharing * Remote Administration 5723/TCP 137/UDP, 138/UDP, 139/TCP, 445/TCP 135/TCP, 445/TCP Windows Firewall Windows Firewall Windows Firewall I just want 100% confirmation that only TCP 5723 is required for manual agent installation and management. If so, I can look at our network configuration to confirm each step has the necessary allowances, but wanted to confirm on my end before roping other people into the issue. Thank you. -Geoff Confidentiality Notice: This is a transmission from Community Hospital of the Monterey Peninsula. This message and any attached documents may be confidential and contain information protected by state and federal medical privacy statutes. They are intended only for the use of the addressee. If you are not the intended recipient, any disclosure, copying, or distribution of this information is strictly prohibited. If you received this transmission in error, please accept our apologies and notify the sender. Thank you.
