Troubleshooting Tips for Unix / Linux System Center Operations Manager Agents

Posted by : at

Category : troubleshooting   linux   operationsManager

This post was last updated on May 9th, 2022

Verify the versions for all prerequisite software

You can run the following command on a monitored and not monitored server to compare the software installed:

rpm -qa | egrep "^glibc|^openssl|^pam|^scx|^omi"
Agent Version Version Management Group Version Release Date
scx-1.5.1-242.e16.x86_64 7.5.1068.0 SCOM 2012 R2 UR12 01/27/2017

Working Example:

Example 2 - Prerequisite Software

Non-working Example:
Example 3 - Prerequisite Software

Tail the Logs

Secure Log

You can run the following command to show current log data pertaining to authentication and authorization privileges:

tail -f /var/log/secure

Messages Log

You can run the following command to show all the global system messages, including the messages that are logged during system startup:

tail -f /var/log/messages


Server Log

tail -f /var/opt/microsoft/scx/log/omiserver.log

Agent Log

tail -f /var/opt/microsoft/scx/log/omiagent.root.root.log


Agent Log

tail -f /var/opt/microsoft/scx/log/scx.log

Verify OpenSSL s_client

The OpenSSL s_client command is a helpful test client for troubleshooting remote SSL or TLS connections:

openssl s_client -connect
openssl s_client -connect -tls1
openssl s_client -connect -ssl3

Get MB / GB size of file

Run the following command to gather the MB / GB size of a file:

du -sh /var/opt/microsoft/scx/log/scx.log

WinRM Enumerate SCX Agent

From the Management Server(s) in the Unix/Linux Resource Pool, verify that the following command resolves correctly:

Basic Authentication

winrm enumerate -username:<username> -password:<password> -r:https://<LINUXSERVERFQDN>:1270/wsman -auth:basic -skipCACheck -skipCNCheck -skiprevocationcheck -encoding:utf-8

Kerberos Authentication

winrm enumerate -username:<username> -r:https://<LINUXSERVERFQDN>:1270/wsman -auth:Kerberos -encoding:utf-8

Example 1


You may experience an error that contains the following when running the above Commands:

    Message = The server certificate on the destination computer (<LINUXSERVERFQDN>:1270) has the following errors:
Encountered an internal error in the SSL library.
Error number:  -2147012721 0x80072F8F
A security error occurred

You could potentially import (Merge) the below known working ciphers by copying the text to a new file on your server called example.reg, right click and Merge the file into your registry:

Windows Registry Editor Version 5.00


Linux Agent Certificate Hostname Detection during initial Installation

The following steps are what happens (from a high level) during initial installation of the Linux / Unix Agent to generate a Certificate for the Agent.

  1. Try hostname -f (this will fail on some Linux systems)
  2. Attempt to obtain the domain name from /etc/resolve.conf
  3. Attempt to obtain long hostname with nslookup command

Page Views

Share on:
About Blake Drumm
Blake Drumm

I like to collaborate and work on projects. My skills with Powershell allow me to quickly develop automated solutions to suite my customers, and my own needs.

Email : [email protected]

Website :

About Blake Drumm

This is the personal technical blog for Blake Drumm. Currently primarily focused towards Microsoft System Center Enterprise Management Products. I am an Microsoft Support Engineer on the System Center North America Support Team. I am new to blogging. July 6th, 2021 marks my first day as a Microsoft FTE converting from a contractor. I had been working as a contractor since January 2020. Continue to check back for new posts or tips. I like to continually update this page as time permits.

Follow @blakedrumm
Useful Links