SCOM agent on Sun Solaris

Today finally got round to installing a SCOM agent on a Sun Solaris machine.
I first started out with reading a few technet articles at http://technet.microsoft.com/en-us/library/dd788943.aspx.
The steps there are listed as:

  1. Configure Run As Accounts and Profiles
  2. Import cross platform management packs
  3. Use discovery wizard to discover unix machine

In my case I first imported the cross platform management packs into OpsMgr.
I created a priviledged account and non-priviledged account in the SCOM GUI.
And started out with the discovery. During the discovery it will ask for credentials of a superuser or a less priviledged user to start with and passwords for it followed by a priviledged password as well.
Well the discovery did find the machine but it refused to install.
Turned out it is because root SSH access is closed on those Sun boxes and they have some other security measures.
So on to plan B, the manual route.

  1. We first created two accounts on the Solaris box. One account with priviledged rights (admin level) and one with less rights.
  2. The installation package was transferred from the SCOM Management Server to the Sun Solaris box and installed it. We ran the commands listed in this article to install the agent. But to make it easier on you I list them here:

    
    uncompress scx-<version>-<os>-<arch>.pkg.Z
    pkgadd -d scx-<version>-<os>-<arch>.pkg MSFTscx
    

  3. Ran another discovery and found the obvious note that the agent certificate was not signed by a trusted source. This is known and there is a Sign button in the discovery wizard to sign it. A manual agent installation creates a local certificate that is signed by the server the agent is running on. What SCOM wants is to use a certificate signed by the management server so both sides trust the certificate. And we found out that this remote signing did not work in this situation, probably because it needs to have those remote rights again here. So we had to follow manual steps for this one again as follows below (can be found here)
  4. On the Sun Solrais server find the following file:
    /etc/opt/microsoft/scx/ssl/scx-host-[hostname].pem
    And transfer it to the SCOM management Server.
  5. go to a command prompt and go to the directory where you copied the .pem file and use the following command:
    scxcertconfig -sign scx-host-[hostname].pem scx_new.pem
    This will create a new certificate based on the old one and signed by the management server.
  6. Move the new file to the Sun machine and replace the old .pem file with that one.
  7. Restart the agent with
    sxadmin –restart
  8. Guess what…. run the discovery wizard again… and use the machine name and the accounts with priviledges and passwords. This time it should find it again and not complain to much. Select it and start managing it.

After a minute or two the agent appeared as healthy and there were network interfaces, storage, deamons etc popping up.
Many thanks to the cross platform guys! And of course thanks to the Sun admin who helped me with this on his box.
Bob Cornelissen