Computer Tips and Tricks
Get the latest posts via rss

Wednesday, 3 February 2010

Install SCOM 2007 R2 Agent to vSphere 4 (ESX) Servers

SCOM 2007 R2 includes agents for UNIX/LINUX servers, and we therefore decided to push these out to our ESX Hosts, running vSphere 4. All looked easy enough at first, go into administration, run a discovery, select “Unix/Linux computers”, enter host name/IP/IP Range and off you go.

This is a Microsoft product communicating with a Linux OS, so as expected its not as easy as that. All discovers OK and the install starts on the Hosts, the agent gets partially installed but then fails with a “Not Enough Entropy” error.

Searching on this error, it would seem it’s a common enough problem, and after some digging its not too bad to fix. The error details show “Failed to allocate resource of type random data: Failed to get random data - not enough entropy” and this is related to the generation of a certificate for the connection between SCOM and the agent. At a very basic level, the Certificate generation does not have enough Entropy to generate the certificate, and so we need to increase it, and whilst we are at it, have a tidy up of the failed install.

Connect to your ESX host, directly or using Putty. Firstly clear the failed install of the SCOM agent by using the following command

rpm –e scx

If you don’t remove the failed install, you will just get an “Access Denied” error when you try to push it out again from SCOM.

If you want to view your current available entropy, use the following command

cat /proc/sys/kernel/random/entropy_avail

to Increase the Entropy enough for the install of the agent, use

dd if=/dev/urandom of=~/.rnd bs=1 count=1024

This creates a .rnd file with 1024B of random data that the certificate creation process will use instead of the default system entropy.

Whilst you are on the Host, it may be worth checking connectivity to it on port 1270, as this is the port used by SCOM for communication once the agent is installed. If you cannot connect on port 1270 you will have to open this up on the firewall on the ESX server using

esxcfg-firewall -o 1270,tcp,in,SCOMAgent

Now go back to SCOM administration, and deploy the agent again, all should go smoothly now and the agent will install and the ESX host will be monitored.


Anonymous said...

Thanks for the info. I almost got it installed before it came up with the error "The certificate signing operation failed.". I went through the Deploying, Installing, Validating phases before it got to the Signing phase and stopped with the aforementioned error. Any ideas how to fix this? I'm running ESX 4 Update 1.

Anonymous said...

I found the problem to be with the RMS being unable to sign the certificate for some reason. To fix the problem I had to move the .pem file from the ESX host to the RMS server manually and run scxcertconfig to get it to work. I followed the instructions in this article :

Andy said...

Many thanks for that.

Anonymous said...

this is awesome. It really helped me. Agent is installed on ESX 4 & scom is getting data from it.
But, I tried to test if it generates alert by taking out one physical disk, but no alert/error is being generated. can you help?

Post a Comment