How to determine if your agents are firewalled from specific Management Servers
Had an interesting request –
Customer is migrating agents from a complex environment into new management groups. Before they did this – they wanted to ensure that agents were not firewalled off from the new management servers. This can be a monumental task in large environments, especially with unique gateway and firewall deployments.
I have added a discovery which will handle this scenario to the SCOM.Management MP available here:
In the SCOM.Management.Agent.Class.PowerShell.Properties.Discovery.ps1 script, you can configure which parents you’d like to see tested:
# Constants section - modify stuff here:
# Assign script name variable for use in event logging
$ScriptName = "SCOM.Management.Agent.Class.PowerShell.Properties.Discovery.ps1"
$EventID = "1006"
#SCOM Management Servers or Gateways that we wish to test the port availability to using FQDN seperated by a comma such as "scom1.opsmgr.net","scom2.opsmgr.net","scom3.opsmgr.net"
[array]$Parents = "scom1.opsmgr.net","scom2.opsmgr.net","scom3.opsmgr.net"
This will do a port check on 5723 from the agent to each management server or gateway in this list, and report back in a class property, and another property to gather the IP address of the agent, to make quick work of new firewall requests you might have to make:
I have also updated the MP to support agent and server versions for SCOM 2016 UR6, SCOM 1801 and 1807.