Something that I run across a lot in helping clients test connectivity issues in firewalled environments, is “is there a firewall blocking port 5723 traffic?”
In the past we would use tools like Telnet, or Portqry to test port connectivity, but often this is not installed and not easily available. Luckily, we always have PowerShell!
Here is a quick and dirty PowerShell script you can run as a single line, to test name resolution and port availability. Just change the $server value in quotes.
$server="scom2.opsmgr.net";$ip=([System.Net.Dns]::GetHostAddresses($server)).IPAddressToString;$tcp=New-Object net.sockets.tcpclient;$tcp.Connect($server,5723);$out=$tcp.Connected;write-host "`nPort 5723 test result for ($server) on IP ($ip) : ($out)"
Here it is as a script, if you want to see it all, but not on a single line:
$server="scom2.opsmgr.net"; $ip=([System.Net.Dns]::GetHostAddresses($server)).IPAddressToString; $tcp=New-Object net.sockets.tcpclient;$tcp.Connect($server,5723); $out=$tcp.Connected; write-host "`nPort 5723 test result for ($server) on IP ($ip) : ($out)"
The output:
You can also use a simpler command, “Test-NetConnection” However, this command is only available starting in PowerShell V4, so it might not be available on all systems with older PowerShell installations. V4 was included by default starting with Windows Server 2012R2.
Test-NetConnection -Port 5723 -ComputerName scom2.opsmgr.net
The output:
Fantastic, when i was serving Microsoft as vendor it used to be a default installation of this little tool on all servers but moving to small organisations it wasnt, i was always copying the Portqry tool to local machine to do the query… but with this 🙂 …
Hi Kevin
Bob Vukas is here from ScomShell
I send you yesterday message about hydropower station to control with scom
thank you for nice presentation yesterday
as I said you help me so much that I call you as hero
and I own you so much for time that you making all this MP for SCOM for free
I am with monitoring system for 20 years much before the scom
My power stations is still in build proces so i will let you know when i finish
to cam to see my national park to be my gest
and to define sensors and monitoring solutions
regards
Bob Vukas
Hi Kevin,
I am trying to monitor DMZ servers from my SCOM servers . Got the ports 5723\24 open on the DMZ . but when we check from the SCOM servers it is showing connection false . However it is showing True when checked from DMZ .
like am trying from my scom servers
Test-NetConnection -Port 5723 -ComputerName DMZsrv1
output
TcpTestsucceeded : False
and from DMZsrv1
Test-NetConnection -Port 5723 -ComputerName SCOMsrv1
output
TcpTestsucceeded : True
Now the question is should I get the output as TRUE when tested from SCOM to DMZ
Please advise on it.
Regards
Chandra
This is normal. Connections originate FROM the child to the parent. So from the agent to the MS or GW, and from the GW to the MS.
If testing, you test from the child to the parent. The parent MS is listening on tcp5723. The agent is NOT.