Tips and Tricks: OpsMgr 2012 SP1- What Web Service URL, IP and Ports does the Management Pack Catalog web service call | Quisitive
Solutions
Integration & Consulting
Help you move, operate, innnovate and thrive within the Microsoft clouds.
Application Development
Data & Analytics
Artificial Intelligence
Business Applications
Security
Digital Workplace
Infrastructure
Product Development
Technology
Explore the full list of technologies that our expert consultants can support.
Azure
Microsoft Teams
Azure Synapse
Microsoft Viva
System Center
Windows
SQL Server
Power Platform
Microsoft Sentinel
Power BI
Azure Virtual Desktop
Power Apps
Microsoft 365
Dynamics 365
Sharepoint
ERP Technologies
Business Needs
Departmental solutions to ensure cloud and technology enablement across every area of your business.
Sales & Marketing
Operations
Human Resources
Payments
Finance & Accounting
Customer Service
Payment Solutions
Use the power of the cloud to bring value back to the archaic payment processing industry.
Payment Products
Processing
Localization Services
Help you translate software so you can capture new business worldwide.
Language Engineering & NLP
Translations & Localization
Licensing
Experts in Microsoft cloud licensing and optimizing costs for your business.
Products
EmPerform
Provide people managers with flexible employee performance management software.
Velocity Insights
Monitor, analyze, and prioritize .NET, JavaScript or Node JS errors – all on one dashboard.
AgeChecker.net
Ensure local and federal compliance with our age verification tool for retail.
PowerGov
Engage citizens with a community development app for city maintenance and management.
PayiQ
Transform everday payment processing data into seamless customer engagement.
AMS
Deliver on your cloud strategy with a team that continuously monitors, improves, and optimizes your Azure environment.
MazikCare
Embrace patient-centered, collaborative care with our suite of real-time health solutions.
Care Path
Care Provider Link
Care Supply
Payer Matrix
Data Fusion
Spyglass
Take a proactive, continuous approach to optimizing your security environment and strategy.
ShopFloor
Empower production managers with cutting-edge manufacturing process management.
Managed Services
Azure Management Services
Deliver on your cloud strategy with a team that continuously monitors, improves, and optimizes your Azure environment.
App Dev Program
Ongoing enhancements, app security, DevOps and reporting for apps running in Azure.
Data Program
Operational support for running, monitoring and managing services within the Azure Data Platform.
Dynamics Program
Ensure the health of your Dynamics environments, optimize usage and encourage user adoption.
Digital Workplace Program
Optimize Microsoft 365 security, usage and user adoption with our digital workplace experts.
Security Program
Take a proactive, continuous approach to optimizing your security environment and strategy.
Power Platform Program
Get an extension of your team that ensures the health of your Power Platform.
Industries
Manufacturing
Education
Public Sector
Financial Services
Healthcare
Energy
Retail
Software
Resources
Blogs
Case Studies
Library
Newsletters
Events
News
Learning Channels
About
Investors
Leadership
Microsoft
Our Approach
Our Partners
Our Story
Awards & Recognition
Careers
Support
Contact us
Solutions
Back
Solutions
Integration & Consulting
Application Development
Data & Analytics
Artificial Intelligence
Business Applications
Security
Digital Workplace
Infrastructure
Product Development
Technology
Azure
Azure Synapse
Azure Virtual Desktop
System Center
SQL Server
Microsoft Sentinel
Microsoft 365
Sharepoint
Microsoft Teams
Microsoft Viva
Windows
Power Platform
Power BI
Power Apps
Dynamics 365
ERP Technologies
Business Needs
Sales & Marketing
Operations
Human Resources
Payments
Finance & Accounting
Customer Service
Payment Solutions
Payment Products
Processing
Localization Services
Language Engineering & NLP
Translations & Localization
Licensing
Products
Back
Products
EmPerform
AgeChecker.net
PayiQ
MazikCare
Care Path
Care Provider Link
Care Supply
Payer Matrix
Data Fusion
ShopFloor
Velocity Insights
PowerGov
AMS
Spyglass
Managed Services
Back
Managed Services
Azure Management Services
Data Program
Digital Workplace Program
Power Platform Program
App Dev Program
Dynamics Program
Security Program
Industries
Back
Industries
Manufacturing
Healthcare
Education
Energy
Public Sector
Retail
Financial Services
Software
Resources
Back
Resources
Blogs
Events
Case Studies
News
Library
Learning Channels
Newsletters
Investors
Back
Investors
Financial Reports & Results
Investor News
Earning calls
Contact
Contact us
About
Back
About
Our Story
Investors
Microsoft
Leadership
Our Partners
Awards & Recognition
Our Approach
Careers
Support
Search
Back
Terms of use
Privacy policy

A client was curious how to connect to the MP Catalog if the Server did not have Firewall ports opened for MP Catalog communication.

Connectivity Summary:

  1. When performing an MP Import via the Operations Manager Console, the web services uses a certificate to Connect to https://www.microsoft.com/mpdownload/ManagementPackCatalogWebService.asmx
  2. The Network sees an anonymous POST to the URL Above
  3. The request is directed over port 49204 to the IP 64.4.11.42 over https using the certificate
  4. The MP catalog is displayed

I was able to get to the Summary above by running ProcessMonitor during a call to the webservice (clicked on import MP from Catalog from Console) and saw this IP for the MP Catalog webservice (https://www.microsoft.com/mpdownload/ManagementPackCatalogWebService.asmx ):

Microsoft.EnterpriseManagement.Monitoring.Console.exe 18136 TCP Send Receive :49204 –> 64.4.11.42:https

Note: The IP found in whois sees this as a Microsoft “Hotmail” IP, but it is Microsoft nonetheless…

# The following results may also be obtained via:

# http://whois.arin.net/rest/nets;q=64.4.11.42?showDetails=true&showARIN=false&ext=netref2

#

NetRange: 64.4.0.0 – 64.4.63.255

CIDR: 64.4.0.0/18

OriginAS:

NetName: HOTMAIL

NetHandle: NET-64-4-0-0-1

Parent: NET-64-0-0-0-0

NetType: Direct Assignment

Comment: Abuse complaints will only be responded to if sent to

Comment: [email protected] and [email protected].

RegDate: 1999-11-24

Updated: 2006-01-23

Ref: http://whois.arin.net/rest/net/NET-64-4-0-0-1

OrgName: MS Hotmail

OrgId: MSHOTM

Address: One Microsoft Way

City: Redmond

StateProv: WA

PostalCode: 98052

Country: US

RegDate: 1999-11-24

Updated: 2004-01-14

Comment: Please contact [email protected] for all spam

Comment: issues.

Ref: http://whois.arin.net/rest/org/MSHOTM

OrgTechHandle: MSFTP-ARIN

OrgTechName: MSFT-POC

OrgTechPhone: +1-425-882-8080

OrgTechEmail: [email protected]

OrgTechRef: http://whois.arin.net/rest/poc/MSFTP-ARIN

OrgAbuseHandle: ABUSE231-ARIN

OrgAbuseName: Abuse

OrgAbusePhone: +1-425-882-8080

OrgAbuseEmail: [email protected]

OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE231-ARIN

RTechHandle: MSFTP-ARIN

RTechName: MSFT-POC

RTechPhone: +1-425-882-8080

RTechEmail: [email protected]

RTechRef: http://whois.arin.net/rest/poc/MSFTP-ARIN

#

# ARIN WHOIS data and services are subject to the Terms of Use

# available at: https://www.arin.net/whois_tou.html

#

​While pushing an Agent out from the Console, I noticed a failure with ErrorCode 80070643 and 2147944003 noted below.

The fix was easy:

  1. Ensure that the remote computer has permissions for the following location, then repush the Agent:
    • C:WINDOWSwinsxsInstalltemp
      • Full Control – Administrators
      • Full Control – System
Task Output:
 
<DataItem type=” MOM.MOMAgentManagementData “time=” 2012-08-26T13:51:49.3564866-05:00 “sourceHealthServiceId=” AA7DE142-13D5-99B4-06DC-E554C1578A8F “> <ErrorCode> 2147944003 </ErrorCode> <Operation> 1 </Operation> <Description> The Agent Management Operation Agent Install failed for remote computer SVR01.domain.local. Install account: DOMAINSCOM_ACTION Error Code: 80070643 Error Description: Fatal error during installation. Microsoft Installer Error Description: For more information, see Windows Installer log file “C:Program FilesSystem Center 2012Operations ManagerServerAgentManagementAgentLogsSVR01AgentInstall.LOG C:Program FilesSystem Center 2012Operations ManagerServerAgentManagementAgentLogsSVR01MOMAgentMgmt.log” on the Management Server. </Description> <AgentName> SVR01.domain.local </AgentName> <PrincipalName> SVR01.domain.local </PrincipalName> <SoftwareUpdateResult> 0 </SoftwareUpdateResult> <SoftwareUpdateInstalled/> <SoftwareUpdateNotInstalled/> <SoftwareUpdateFailureDesc/> </DataItem>

Operations Manager (SCOM, OpsMgr) has the ability to monitor an untrusted domains as well as highly segmented\firewalled networks. 

Gateways can be within the trusted domain as well, but are highly segmented by Firewalled VLANs.  The Gateways that are installed in the trusted domain do not actually utilize certificates, as the untrusted domain computers do.  In this case, the trusted computers utilize Kerberos (SPNs must be registered) and they may also require a Trusted Internal CA Root Cert.

The untrusted Gateway cannot properly communicate to the MS’s (EVENT ID 220071, 21016)

OpsManager Unable to set up a communication channel with MS

I validate the following:

  1. Verify Manual Agent Installs show in Pending Actions for approval
    • In the Operations Console, Administration>Settings>Security
      • Ensure ‘Review new manual agent installations in pending managmeent view’ is checked
  2. Recycle the HealthService (System Center Management Service)
  3. SPN’s registered for DB\DW and MS’s
    • Restart of Servers in this order may be necessary
      1. DB\DW Instances
      2. RMSe Management Server
      3. Other MS’s
  4. Install GW as local Administrator
    • GW Approval tool run using an account with SysAdmin privileges to SQL DB
  5. Certificates are OK
    • Trusted Root Certificates on All GW and MS
    • Ensure Full Name of Computer is used as the Friendly name and name of the certificate
    • OpsMgr Cert unique to each computer and imported
    • Using 1024 or 2048 key size (2048 adds slight CPU overhead)
      • MOMCertImport changes this to 1024
    • Expiration OK
      • MOMCertImport changes this to 1 year in the Registry
    • If you cannot request the certificate from the GW or Agent:
      • Use the web site on the MS to request a server cert
  6. Gateway approval tool is OK
    • Ensure the following files exist on the Management Server:
      • Microsoft.EnterpriseManagement.GatewayApprovalTool.exe
      • Microsoft.EnterpriseManagement.GatewayApprovalTool.config
    • Command Run successfully:
      • Microsoft.EnterpriseManagement.gatewayApprovalTool.exe /ManagementServerName=<managementserverFQDN> /GatewayName=<GatewayFQDN> /Action=Create
  7. Port 5723 has been validated as Open
    • I haven’t seen the need for 5724 in the past, although mentioned in the MS documentation
  8. Telnet to 5723 to the MS succeeds
  9. Check DNS
    • Mgmt Server name resolves to IP
    • Potential Hosts file edit or DNS entry
  10. Try re-copying the certificate out of the OperationsManager Folder into the Trusted Root store and restarting HealthService
  11. Flushing Health Service Cache
  12. Reinstalling GW and pointing to different MS
  13. Reissuing Certificates and reimporting, then running MOMCertImport
  14. Recycle the HealthService (System Center Management Service)