Manage Azure VM’s with SCOM Server 2016

Dear friends, in my last post related to SCOM I have discussed about managing the on premise computers with the help of SCOM Server 2016 and in my today’s post I would like to focus on managing Azure ARM based computers with the help of the SCOM Server 2016 which is available at the onsite location. Please note that I have already setup the site to site VPN connection with my on premise enviroment and Azure cloud. The more details about my architecture and site to site VPN connection with Azure network, I will mention in my coming post. In this post I am only going to discuss about manging the Azure VM’s with the SCOM server.

Similar to what we have done for the on premise computer’s in the last post, here also the first step will be to start with the SCOM Computer and Device Management Wizard as you can see below.

First run the wizard and once you start the wizard you can see the following screen

In the next step choose the first option for the automatic computer discovery.

In the next step you need to select the correct account for finding the computers in the network

Here I have used the service account for finding the computer. Please note this service account should have the required permissions in the local computer. Please add the service account to the local admin group in the computer which you would like to

Once I ran the discovery I have found the VM which is available in Azure.

Since the VM has been discovered the next step will be to push the agents automatically.

Now the agents are trying to get installed in the Azure computer as you can see this screen.

However after sometime I got this below error.

The Operations Manager Server failed to open service control manager on computer WAA-FS01.whyazure.in.

Therefore, the Server cannot complete configuration of agent on the computer.

Operation: Agent Install

Install account: WHYAZURE\scomadmin

Error Code: 80070005

Error Description: Access is denied.

I have added the account in the local admin in the Azure server but I got a different error this time.

The Operations Manager Server could not execute WMI Query “Select * from Win32_OperatingSystem” on computer WAA-FS01.whyazure.in.

Operation: Agent Install

Install account: WHYAZURE\scomadmin

Error Code: 800706BA

Error Description: The RPC server is unavailable.

The above error is a firewall error so I have decided to install the agent locally.

The firewall which we need to open in windows firewall and Azure firewall is as follows:

Source IP Destination IP Protocol Port
SCOM Client IP Range SCOM Server TCP 5723 and 5724
SCOM Client IP Range SCOM Server TCP 80 and 443
SCOM Client IP Range SCOM Server TCP 135
SCOM Client IP Range SCOM Server UDP 137
SCOM Client IP Range SCOM Server UDP 138
SCOM Client IP Range SCOM Server TCP 139
SCOM Client IP Range SCOM Server TCP 445
Network  Devices SCOM Server UDP 161 and 162
Unix and Linux Computers SCOM Server TCP 1270
Unix and Linux Computers SCOM Server TCP 22

We have some restriction in Azure firewall to open all the above ports except the port number 5723 so I have decided to install the SCOM agent in the Azure VM and run the setup there. Once I ran the setup I have seen the following screen.

In the next screen you will find the below screen.

This is the next screen

The below one is one of the very important screen where we have to choose the correct agent setup option. I have selected the second option where you need to select the 2nd option connect the agent to system center operations manager.

In this screen you have to mention the Management Group Name and the Management server name, as you can see below. I have opened Management Server default port 5723.

The next step is to select the local system account which will be used to install the agent.

The system has asked me to choose the Microsoft update however I have decided to update it later.

The next step is the ready to install screen

When I have clicked on the install button, I can see the following

The next step is the Microsoft Monitoring Agent Configuration Completed Successfully.

After clicking on finish, I went to SCOM server console and it was showing the Azure VM where I have installed the SCOM agent manually.

Now the next step is to approve the computer to be monitored as you can see below.

Once it’s done click on the health state of the VM and you can see the following:

I hope you will like this post, will discuss more Azure monitoring in my coming posts. Stay tuned….

One Comment