System Center Essentials Team Blog

News and support on Microsoft SCE

Troubleshooting agent deployment in System Center Essentials 2010

Troubleshooting agent deployment in System Center Essentials 2010

  • Comments 2
  • Likes

Essentials 2010 uses up to three agents to manage computers:

  • Windows Update agent - built into the Windows operating system, configured via Group Policy - provides update distribution, software distribution and hardware & software inventory
  • Operations Manager agent - deployed to managed computer using 'Push Install' capability from Essentials server - provides rich model-based monitoring and remote task execuation
  • Virtual Machine Manager agent - deployed when using the 'Designate a host' task - provide server virtualization management

I'll focus this article on troubleshooting the deployment of the Operations Manager agent using the Computer and Device Management Wizard (aka Discovery Wizard), the most common agent deployment mechansim, explain how the Windows Update agent is configured once the Operations Manager agent has been installed, and close with an explanation of the backup agent deployment mechanism we introduced in Essentials 2010 RC.

Discovery

Before the Operations Manager agent can be deployed to a computer, it first must be discovered.  This is accomplished using a LDAP search against Active Directory.  Check out this OpsMgr blog article for a deep dive into the discovery process: http://blogs.technet.com/momteam/archive/2007/12/10/how-does-computer-discovery-work-in-opsmgr-2007.aspx

Essentials also includes scheduled 'Computer Discovery' which performs the LDAP scan on a daily schedule, discovering new un-managed computers, and attempting to deploy the OpsMgr agent to these newly discovered computers.

 Agent Deployment

Once a computer has been discovered, Essentials deploys the agent by copying over the agent installation files and starting the momagentinstaller process.

 You can view the agent deployment status in the task window that is displayed from the Discovery Wizard, by looking through the Task Status view in the Monitoring space, or by checking to see if the computer is in the Managed Agents or Pending Actions view in the Administration space. 

Agent Deployment Failures

If deployment of the OpsMgr agent has failed, you will see the failure messages in the Task Status window or Pending Actions view.  Check ou this great resource from OpsMgr MVP Cameron Fuller which contains many of the agent installation failure reasons and how to resolve them: http://cameronfuller.spaces.live.com/blog/cns!A231E4EB0417CB76!928.entry

Windows Update Agent configuration

Once the Operations Manager agent has been deployed to the computer and has succcessfully contacted the Essentials server, the Windows Update agent is configured to be controlled by the Essentials server.  If Essentials has been configured to use domain group policy, this occurs by adding the AD computer account for the computer into the 'SCE Managed Computers <management group>' security group in AD, which grants the computer the 'Apply GPO' privilege to 'SCE Managed Computers <management group>' GPO which includes the configuration settings that will cause the agent to be configured.  If Essentials has been configured to use local group policy, a runtime task will use the SCECertPolicyConfigUtil.exe (installed with the OpsMgr agent installation files) to configure the local GPO on the managed computers, again applying settings that will configure the Windows Update agent.

 Backup Agent Deployment

New in Essentials 2010 RC is a backup agent deployment process that kicks in if Essentials is configured to use domain group policy and OpsMgr agent deployment has failed.  The process uses both Group Policy and the ability of Essentials to distribute software to install the Operations Manager agent after first configuring the Windows Update agent on the computer for which agent deployment has failed.  This process happens in the background; you'll know that its working when a few hours have passed after agents failed to deploy and they have 'automagically' been installed on the same computers.

 We hope that you experience a trouble-free agent deployment experience in Essentials 2010 and start to get a ton of manageability from it very shortly after installation!

Comments
  • Any idea how to troubleshoot an instance where no managed clients are automatically added to the AD group?

    Agents can be installed manually or pushed out via SCE2010 console, and they report back fine. Forcing the SCE GPO on them and everything looks happy, but the AD group "SCE Managed Computers" only contains the SCE server.

    (In lab all worked fine)

    Server is 2008x64R2 VM, member server.

  • link to Cameron F's SCOM agent failure is broken.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment