Issue Definition
After regsitering and deploying SCOM Integration Pack (IP) in Orchestrator, we need to configure a connection to specify link to your SCOM management server (Refer to Configure the connection).
However, when you click on the Test Connection button, you might receive the error “Failed to connect. Pleae verify your connection settings.”
Troubleshooting Tips
Verify Configurations
- Ensure the account we use for connection a member of local Administrator on the SCOM server and a member of Operations Manager Administrators user role.
-
(Only for SCOM 2012 IP) A SCOM console of the same version must be installed on the server that hosts the Runbook Designer. And we should be able to connect to SCOM server from the console with the same account.
Note: SCOM 2016 IP no longer requires SCOM console to be installed on Runbook Designer.
-
Check whether TLS 1.0 is disabled on SCOM management server and SCORCH server.
We have a known issue that connection fails with the same error in SCORCH 2016 + SCOM 2016 environment with TLS 1.0 disabled. If TLS 1.0 is disabled in your environment, try enabling it an testing the connection again.
- Ensure .Net Framwork 3.5 is installed.
Installing .Net Framework 3.5 with PowerShell
Enable .NET Framework 3.5 by using the Add Roles and Features Wizard
Network Trace
If all configurations above are verified, we can use Network Monitor to capture a network trace and see what causes the failure.
Pay attention to Kerberos records. If there is Kerberos error, check if SCOM SPN is correct: OpsMgr 2012: What should the SPN’s look like?
Here is an example of Kerberos error in network trace. The error is KererosV5:KRB_ERROR -KDC_ERR_S_PRINCIPAL_UNKNOWN(7) and indicates an SPN issue.
