There seem to be many undocumented ports that need to be opened for SCOM to install an agent. For example, we find that we need ports opened in the range of 5001 to 49152, a range which is not mentioned in any guide that I can find.
http://www.systemcentercentral.com/scom-2012-ports-restricted-environment-open-ports-really-need/
http://technet.microsoft.com/en-us/library/dn249696.aspx
But if they are not opened, a SCOM agent will not always install.....but, sometimes it will !! And that is the part my security guys cannot understand.
The agent seems to install sometimes with 5723 etc open (i.e. the documented ports) and on other servers it tries randomly to use ports like 7009 or 6xxx or 12xxx and so on, i.e. UNdocumented ports.
Are others finding this to be an issue?Thx,
John Bradshaw