The Microsoft Operations Manager 2005 agent does not install on computers that are running Windows XP with Service Pack 2 (SP2) and Windows Server 2003 with Service Pack 1 (SP1)

When you use the Install/Uninstall Agents Wizard to try to install an agent on a computer that is running Microsoft Windows XP with Service Pack 2 (SP2) or Microsoft Windows Server 2003 with Service Pack 1 (SP1), you receive the following error message in the Microsoft Operations Manager (MOM) 2005 Task Progress dialog box:If you click Details, you receive information that is similar to one of the following messages, where ComputerName is the name of the destination computer, and ServerName is the name of the MOM server computer:One of the following events appears in the application event log on the MOM server:

Source: Microsoft Operations Manager
Type: Error
Event ID: 21032

Description:
The MOM Server failed to open service control manager on computer "ComputerName". Therefore, the MOM Server can not complete configuration of agent on the computer.

Error Code: 1722
Error Description: The RPC server is unavailable.

Source: Microsoft Operations Manager
Type: Error
Event ID: 21083

Description:
The MOM Server failed to install agent on remote computer ComputerName.

Error Code: -2147467259
Error Description: The agent could not connect to the MOM Server ServerName. The error reported is 'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.'. Verify the management group name is correct, the MOM Server is running, that it is listening on port 1270, and that any firewalls between this agent and the MOM server are configured to pass TCP and UDP traffic on port 1270.
Microsoft Installer Error Description: No Description Available

Additionally, the following event is logged in the application event log on computers where the MOM agent is running:

Source: Microsoft Operations Manager
Type: Error
Event ID: 26009

Description:
The agent could not connect to the MOM Server ServerName. The error reported is 'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.'. Verify the management group name is correct, the MOM Server is running, that it is listening on port 1270, and that any firewalls between this agent and the MOM server are configured to pass TCP and UDP traffic on port 1270.

This issue may also occur during an automatic push installation of the MOM agent.

This issue can occur if Windows Firewall is running on the destination computer or on the MOM server computer. If Windows Firewall is running on a MOM server computer, MOM agents cannot communicate with the MOM Server. If Windows Firewall is running on a destination computer, or a potential MOM agent, the MOM server cannot perform a push installation of the agent.

By default, Windows XP with SP2 turns on Windows Firewall. By default, Windows Firewall is not turned on in Windows Server 2003 with SP1.

Troubleshooting

You can use the MOM Remote Prerequisite Checker (MOMNetChk.exe) utility in the Microsoft Operations Manager Resource Kit to scan a computer for the status of the ports that the MOM service and related services use. To obtain the MOM Resource Kit, visit the following Microsoft Web site: The MOM Remote Prerequisite Checker conducts a series of connectivity tests. These tests include a ping test and a test for DNS connectivity. The utility also provides information about the status of services that the MOM service depends on. This information can appear in a report window or be saved in the Momscan.log file.

To use the MOM Remote Prerequisite Checker, start MOMNetChk.exe, enter the computer name, and then click Run Scan. If you want to save the results to a log file, click Save to Log File, and then specify the location of the file. To view the results of the tests that were run, expand the nodes in the left pane of the utility window.

Note The MOMNetChk.exe utility tests the status of required network and service components. It does not report specific errors.

Warning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

To work around this issue, manually install the agent, or configure Windows Firewall to let the MOM 2005 server communicate with the agent computer.

Manually install the agent

To manually install the agent, follow these steps:

1. On the destination agent computer, run the Setup program from the MOM 2005 installation CD.
2. In the Microsoft Operations Manager 2005 Setup Resources dialog box, click the Manual Agent Install tab.
3. Click Install Microsoft Operations Manager 2005 Agent, and then follow the prompts to manually install the agent.

Configure Windows Firewall

Important These steps may increase your security risk. These steps may also make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to, or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you choose to implement this process, take any appropriate additional steps to help protect your system. We recommend that you use this process only if you really require this process.

To configure the Windows Firewall to let the MOM 2005 server communicate with the agent computer, you must open ports and then enable a program.

On computers that are running Windows Server 2003 with SP1, we recommend that you use the new Security Configuration Wizard to configure Windows Firewall for MOM 2005.

Open ports

To open the ports when Windows Firewall is running on the MOM server, follow these steps:

1. Click Start, point to Control Panel, right-click Network Connections, and then click Open.
2. Right-click your local area connection, and then click Properties.
3. On the Advanced tab, click Settings.
4. On the Services tab, click Add.
5. In the Description of service box, type MOM 2005 TCP.
6. In the next box, specify the computer name or the IP address of the MOM server.
7. In the External Port number for this service box, type 1270.
8. In the Internal Port number for this service box, type 1270.
9. Click TCP, and then click OK.
10. On the Services tab, click Add.
11. In the Description of service box, type MOM 2005 UDP.
12. In the next box, specify the computer name or the IP address of the MOM server.
13. In the External Port number for this service box, type 1270.
14. In the Internal Port number for this service box, type 1270.
15. Click UDP, and then click OK.
16. Click OK two times.

Open ports and enable a program

To open the ports, and to enable a program when Windows Firewall is running on the destination agent computer, follow these steps:

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

1. Click Start, point to Control Panel, right-click Network Connections, and then click Open.
2. Right-click your local area connection, and then click Properties.
3. On the Advanced tab, click Settings.
4. On the Services tab, click Add.
5. In the Description of service box, type RPC.
6. In the next box, specify the computer name or the IP address of the MOM server.
7. In the External Port number for this service box, type 135.
8. In the Internal Port number for this service text box, type 135.
9. Click TCP, and then click OK.
10. On the Services tab, click Add.
11. In the Description of service box, type SMB over TCP.
12. In the next box, specify the computer name or the IP address of the destination agent computer.
13. In the External Port number for this service box, type 445.
14. In the Internal Port number for this service box, type 445.
15. Click TCP, and then click OK.
16. Click OK two times.
17. Click Start, click Run, type regedit, and then click OK.
18. Expand the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List sub key.
19. Right-click List, point to New, and then click String Value.
20. Type %systemdrive%\A286B00A-C3DE-414F-A96A-2BD238948D88\MsMgmtAuxiliary.exe as the name of the new string value, and then press ENTER.
21. Double-click the %systemdrive%\A286B00A-C3DE-414F-A96A-2BD238948D88\MsMgmtAuxiliary.exe value, type %systemdrive%\A286B00A-C3DE-414F-A96A-2BD238948D88\MsMgmtAuxiliary.exe:*:Enabled:MOM 2005 MsMgmtAuxiliary in the Value data box, and then click OK.
22. Close Registry Editor.

On computers that are running Windows XP with SP2, you must modify the registry to enable a program in Windows Firewall.

If the MOM server computer and the MOM agent computer are not on the same subnet, you must configure the Scope setting for each exception to Any computer. If the MOM server computer and the MOM agent computer are not on the same subnet, and the Scope setting is set to Subnet only, Windows Firewall will block communication. If all the MOM components are on the same subnet, restrict network access even more by configuring the Scope setting to Subnet only to additionally restrict network access.