Somewhere between the physical and the virtual
Essentials 2010 uses up to three agents to manage computers:
I'll focus this article on troubleshooting the deployment of the Operations Manager agent using the Computer and Device Management Wizard (aka Discovery Wizard), the most common agent deployment mechansim, explain how the Windows Update agent is configured once the Operations Manager agent has been installed, and close with an explanation of the backup agent deployment mechanism we introduced in Essentials 2010 RC.
Before the Operations Manager agent can be deployed to a computer, it first must be discovered. This is accomplished using a LDAP search against Active Directory. Check out this OpsMgr blog article for a deep dive into the discovery process: http://blogs.technet.com/momteam/archive/2007/12/10/how-does-computer-discovery-work-in-opsmgr-2007.aspx
Essentials also includes scheduled 'Computer Discovery' which performs the LDAP scan on a daily schedule, discovering new un-managed computers, and attempting to deploy the OpsMgr agent to these newly discovered computers.
Once a computer has been discovered, Essentials deploys the agent by copying over the agent installation files and starting the momagentinstaller process.
You can view the agent deployment status in the task window that is displayed from the Discovery Wizard, by looking through the Task Status view in the Monitoring space, or by checking to see if the computer is in the Managed Agents or Pending Actions view in the Administration space.
Agent Deployment Failures
If deployment of the OpsMgr agent has failed, you will see the failure messages in the Task Status window or Pending Actions view. Check ou this great resource from OpsMgr MVP Cameron Fuller which contains many of the agent installation failure reasons and how to resolve them: http://cameronfuller.spaces.live.com/blog/cns!A231E4EB0417CB76!928.entry
Windows Update Agent configuration
Once the Operations Manager agent has been deployed to the computer and has succcessfully contacted the Essentials server, the Windows Update agent is configured to be controlled by the Essentials server. If Essentials has been configured to use domain group policy, this occurs by adding the AD computer account for the computer into the 'SCE Managed Computers <management group>' security group in AD, which grants the computer the 'Apply GPO' privilege to 'SCE Managed Computers <management group>' GPO which includes the configuration settings that will cause the agent to be configured. If Essentials has been configured to use local group policy, a runtime task will use the SCECertPolicyConfigUtil.exe (installed with the OpsMgr agent installation files) to configure the local GPO on the managed computers, again applying settings that will configure the Windows Update agent.
Backup Agent Deployment
New in Essentials 2010 RC is a backup agent deployment process that kicks in if Essentials is configured to use domain group policy and OpsMgr agent deployment has failed. The process uses both Group Policy and the ability of Essentials to distribute software to install the Operations Manager agent after first configuring the Windows Update agent on the computer for which agent deployment has failed. This process happens in the background; you'll know that its working when a few hours have passed after agents failed to deploy and they have 'automagically' been installed on the same computers.
We hope that you experience a trouble-free agent deployment experience in Essentials 2010 and start to get a ton of manageability from it very shortly after installation!
Any idea how to troubleshoot an instance where no managed clients are automatically added to the AD group?
Agents can be installed manually or pushed out via SCE2010 console, and they report back fine. Forcing the SCE GPO on them and everything looks happy, but the AD group "SCE Managed Computers" only contains the SCE server.
(In lab all worked fine)
Server is 2008x64R2 VM, member server.
link to Cameron F's SCOM agent failure is broken.