Tuesday, May 24, 2011

SCOM 2007 R2 SCOM 2007 R2 Agent Proxy Issues and Concerns


Critical Error:  Agent proxying needs to be enabled for a health service to submit discovery data about other computers.
Details:       Health service (xyy) should not generate data about this managed object (xyy).

Nearly every management pack that is coming in the future will not function adequately or at all if proxy isn’t enabled.


Possible causes include:

Agent proxy needs to be enabled when health service discovers instance of some managed entity type for which management context doesn’t provide information that this exact health service will also monitor this instance.


Concerns include:

1.     Enabling proxy can potentially expose the company’s internal network to the intranet if both exist and both are essentially on the same system.
2.     Enabling proxy is an issue because of the agent’s ability to discover agentless machines such as cluster servers.
3.     Since the proxy-enabled attack is most likely to come from inside your company, you may want to put a process in place to design-check every management pack before it is ready to be used in production environments
4.     This error may be bogus and a symptom of the lack of credentials the run as account has on the agent generating the error.


Do one or more of the following:
1. Open the Operations Manager Console.
2. Click on the Administrators ribbon near the bottom left of the console.
3. Go to Agent Managed under Device Management.
4. Select the Agent requiring proxy to be enabled and right click on it.
5. Select the properties view.  After the tab dialog window is displayed, click on the security tab.
6. Check the checkbox enabling proxy.

No comments:

Post a Comment