Menu Close

How to determine if your agents are firewalled from specific Management Servers

Had an interesting request –

Customer is migrating agents from a complex environment into new management groups.  Before they did this – they wanted to ensure that agents were not firewalled off from the new management servers.  This can be a monumental task in large environments, especially with unique gateway and firewall deployments.


I have added a discovery which will handle this scenario to the SCOM.Management MP available here:


In the SCOM.Management.Agent.Class.PowerShell.Properties.Discovery.ps1 script, you can configure which parents you’d like to see tested:


# Constants section - modify stuff here: #================================================================================= # Assign script name variable for use in event logging $ScriptName = "SCOM.Management.Agent.Class.PowerShell.Properties.Discovery.ps1" $EventID = "1006" #SCOM Management Servers or Gateways that we wish to test the port availability to using FQDN seperated by a comma such as "","","" [array]$Parents = "","","" #=================================================================================


This will do a port check on 5723 from the agent to each management server or gateway in this list, and report back in a class property, and another property to gather the IP address of the agent, to make quick work of new firewall requests you might have to make:




I have also updated the MP to support agent and server versions for SCOM 2016 UR6, SCOM 1801 and 1807.

1 Comment

Leave a Reply

Your email address will not be published.