SCOM 2019 UNIX Two State Monitoring Shell Command not working

javad 1 Reputation point


I am having a lot of difficulty in getting this UNIX Shell Command Monitor to work.

I setup the Two State Monitor like this:

Shell Command
/bin/awk '{print $4}' /backup/scripts/backupcheck.txt (Linux Admin added this command to the Sudoers file for the Action Account)

Error Expression
//[local-name()="StdOut"] Contains failed
[local-name()="ReturnCode"] Equals 0

Healthy Expression
//[local-name()="StdOut"] Contains successful
[local-name()="ReturnCode"] Equals 0

I targeted to All UNIX Computers and disabled the Monitor. Then Enabled only for one UNIX device with an Over-ride. In health explorer the Monitor has a Green tick and state is uninitialized.

The text file has the word failed in it, but no alerts generated and nothing related in the Operations Manager logs.

Testing done so far. I ran the below command from the SCOM server and it worked.

winrm enumerate -username:SCOMUSER -password:******* -r:https://UNIXServer:1270/wsman -auth:basic -encoding:utf-8

I followed the below steps from the article and ran the winrm command but it failed with an Access Denied.

<p:ExecuteShellCommand_INPUT xmlns:p=>
/bin/awk '{print $4}' /backup/scripts/backupcheck.txt
exit 0

SAVED AS c:\temp\shellCmd.xml

winrm invoke ExecuteShellCommand -remote:https://UNIXserver:1270 -auth:basic -username:SCOMUSER -password:****** -skipCAcheck -skipCNcheck -skiprevocationcheck -encoding:utf-8 -file:c:\temp\shellCmd.xml

Output below:

The WinRM client cannot process the request. The authentication mechanism requested by the client is not supported by the server or unencrypted traffic is disabled in the service configuration. Verify the unencrypted traffic setting in the service configuration or specify one of the authentication mechanisms supported by the server. To use Kerberos, specify the computer name as the remote destination. Also verify that the client computer and the destination computer are joined to a domain. To use Basic, specify the computer name as the remote destination, specify Basic authentication and provide user name and password. Possible authentication mechanisms reported by server: Error number: -2147024891 0x80070005 Access is denied

I ran a TRACE on the UNIX agent and there is nothing related in the scx.log

I checked the /var/opt/microsoft/scx/log/omiserver.log which has hundreds of lines of;

2022/11/09 09:16:20: WARNING: wsman: get-instance: instance name parameter is missing
2022/11/09 09:16:20: WARNING: wsman: get-instance: instance name parameter is missing

Operations Manager
Operations Manager
A family of System Center products that provide infrastructure monitoring, help ensure the predictable performance and availability of vital applications, and offer comprehensive monitoring for datacenters and cloud, both private and public.
1,445 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. SChalakov 10,371 Reputation points MVP

    Hi @javad ,

    I had to deal with this before and I that the troubleshooting is particularly hard.
    Nice jobh with the "winrm invoke ExecuteShellCommand" test, but what bothers me is the error:

    Error number: -2147024891 0x80070005 Access is denied

    Are you sure the account has sufficient permissions? Please try to maake a test of the config with a highly privileged user first and then, after you are sure that the configuration is correct, you can configure another account, put it in the respective profile and run with it..


    0 comments No comments