A blog by Ryan Barlow, Support Engineer at virtualDCS.
I was tasked with installing Microsoft SCOM agents on some Linux servers that we have. They were sat behind a gateway server. This is not as straight forward as I originally thought. I decided to put down the method that worked for me into this step by step guide for you.
To install the SCOM agent
1. Transfer the agent (scx-<version>-<os>-<arch>.rpm) to the Linux server (using WINSCP) This can be found on the gateway server.
2. To install the package, type: rpm -i scx-<version>-<os>-<arch>.rpm
3. To verify that the package is installed, type: rpm -q scx
4. To verify that the Microsoft SCX CIM Server is running, type: service omiserver status
This process will change depending on the version you are installing. The installer package will change between .rpm/.deb
Signing Agent Certificates
1. On the computer that is running the UNIX or Linux operating system, locate the file /etc/opt/microsoft/scx/ssl/scx-host-<hostname>.pem and securely copy or transfer it to any location on the computer that is the gateway server. The best place ot copy this is the SCOM Gateway install location e.g. C:Program FilesMicrosoft System Center 2012 R2Operations ManagerServer
2. On the computer that is the gateway server, on the Windows desktop, click Start, and then click Run.
3. In the Run dialog box, type cmd or use SCOM PowerShell if available. And then press Enter.
4. Change directories to the location where you copied the pem file.
5. Type the command scxcertconfig -sign scx-host-<hostname>.pem scx_new.pem, and then press Enter. This command will self-sign your certificate (scx-host-<hostname>.pem) and then save the new certificate.
6. Rename the certificate to the exact same name as the one you copied off.
7. Copy the new certificate into the same location as the one you copied off.
8. Run the scxadmin –restart then scxadmin –status and make sure it is running.
Discovering the Computers after agent installation
1. Ping the server from the Gateway server and make sure it resolves it.
2. If it resolves it move to step 3. If it doesn’t add an entry into the host file and that should force it to resolve it.
3. Go to the Linux server and run the following commands:
a. iptables –L this will shows you the current list of allowed ports into the Linux server. Check for 1270. If it is there go to Step 4.
b. If it is not there run the following command: iptables -A INPUT -p tcp –dport 1270 -j ACCEPT this will allow port 1270 to communicate.
4. Now go into the SCOM admin page and select Resource Pools.
5. If this is an external server using and external Gateway select create new Resource Pool and add in the Gateway server. If it is internal use the Internal Linux Servers Resource Pool and if it is external but use the Linux Servers Resource Pool.
6. Now select Discovery Wizard
7. Select UNIX/Linux Computers. Click next and then add. Once the next page opens up press the notepad icon and select IP Address. Fill in the IP Address and press save.
8. Leave the Discovery type to be All Computers.
9. Then select Set Credentials, select the Username and Password field.
10. Fill the details in with the username you log on to the Linux Box with. Leave this account has privileged access. Press ok.
11. Select the Resource pool at the bottom of the page. Set this to the one you either created or was created already.
12. Press Discover.
13. This will then discover the server and will place it in the UNIX/Linux Computers section.
The agent has now been installed.
