Hi, I have SCOM 2007 R2. RMS is in child domain domain.company.com (we dont have enterprise admin) and all monitored agents are in this child domain. Now we need to monitor servers from second child domain child.domain.company.com. There are two-way transitive trusts (by default) between these child and 2ndChild domains. I have two accounts. One in RMS domain (domain admin, action account) and second in child domain (domain admin). Agent discovery and push technology doesnt work. No agent is found. When I run discovery wizzard I choose server from child domain and put credentials of domain admin for 2nd child domain. No object is discovered. I think It should work. (Warning alert is generated after discovery with 0x80070005. Access denied) I dont want to manually install agents (it works) or deploy GW role. Thanks for idea. Jan Jan Matejka

The error is pretty much what you should solve (access denied). So basically it says, we can discover the servers, but we're not allowed to... Are you sure the account is local admin on the servers you are trying to discover (domain admin doesn't mean it is local admin)?Rob Korving http://jama00.wordpress.com/

Thanks rob1974, discovered server is domain controller for child domain so I have right priviledge. I tested another member server with the same issue. I did many multidomain environments, but RMS was placed in root domain so Action Account could be enterprise admin and there was not problem. In this case I am in lower lever. From one child domain to another child domain:-) But I think It should work. JanJan Matejka

Hi Jan, >Warning alert is generated after discovery with 0x80070005. Access denied Have you tried to connect to this server with WBEMTEST(from RMS) and check wmi-connectivity? It can be a firewall issues also. Check your agent install logs, what do you see?http://OpsMgr.ru/

Hi, Regarding the issue, I would like to share the following with you. Please try the methods referring to the following articles: Agent discovery and push troubleshooting in OpsMgr 2007 http://blogs.technet.com/b/kevinholman/archive/2007/12/12/agent-discovery-and-push-troubleshooting-in-opsmgr-2007.aspx Console based Agent Deployment Troubleshooting table http://blogs.technet.com/b/kevinholman/archive/2009/01/27/console-based-agent-deployment-troubleshooting-table.aspx If the issue persists, please also check the Event Log and let us know the details if there are any related errors. Hope this helps. Thanks.Nicholas Li - MSFT Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Alexey, WBEMTEST is good idea. Connect to remote server looks good, but Enum Classes end with error Access Denied. There must be some firewall issue. I delegate this to FW admins. No Log for agent installation is created, because discovery is not succesful. On RMS just Event ID 11551 is logged (Computer verification failure). Thanks to all. JanJan Matejka

Jan, BTW, have you tested WMI locally (and from machine in the same domain) on the server you are trying to discover? With WBEMTEST and WMIDiag. I'd seen 'access denied' that wasn't actually security issue, but wmi issue (broken repository, memory issues and other problems). If WMI is accessible from machine in the same domain it's likely a firewall config issue, if isn't accessible - there is nothing to do with firewall. Just thoughts :) http://OpsMgr.ru/