Ports required for Agent push from console

If you need to deploy the SCOM agent from your console that is in a DMZ but the server is still in the same domain as your SCOM management server and can establish Kerberos authentication then you will need to consider opening up additional ports over and above the standard port 5723

Long story short here is a small list of ports that are very helpful in order to conduct an agent push from the console. NOTE:- This is in addition to the official Microsoft document.

Bear in mind that you can close these ports after the installation, but you won’t be able to repair or upgrade (cannot remotely manage) agents from the console.

agent push ports




As a final point, each environment is different with different security settings. I highly recommend to use the official System Requirement document (http://technet.microsoft.com/en-us/library/dn249696.aspx) from Microsoft, as a starting point. It contains exactly was is needed and you cannot go wrong. Then ask your Security team if the ports mentioned above are closed, if they are, add them to your list!


This entry was posted in SCOM Agents and tagged , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s