Automatically deploy and configure the SCOM agent.

Peter Manton



1,067 latest version

3.9 quality score

Version information

  • 0.2.0 (latest)
  • 0.1.0
released Nov 19th 2019
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
  • Puppet >= 4.10.0 < 7.0.0
  • CentOS

Start using this module


petermanton/scom — version 0.2.0 Nov 19th 2019


Table of Contents

  1. Description
  2. Setup - The basics of getting started with scom
  3. Usage - Configuration options and additional functionality
  4. Reference - An under-the-hood peek at what the module is doing and how
  5. Limitations - OS compatibility, etc.
  6. Development - Guide for contributing to the module


Automates the installation and configuration of the SCOM SCX client on RHEL / CentOS.



The general process flow of the module is as follows:

  • Install SCX Agent on linux box -- Copies generated signing request to SCOM machine --- SCOM machine signs the certificate ---- The signed certificate is sent back to linux box ----- The SCX service is restarted ------ The SCOM machine then performs a discovery (This part needs to be manually performed from the SCOM console!)

So we'll get started by preparing our SCOM host by firstly enabling WinRM: (we'll need this for signing of client certificates later):

WinRM quickconfig

(or alternatively via Group Policy)

Since we'll be using WinRM over HTTP we'll need to generate / setup our WinRM listener manually (as the above command only creates an HTTP listener)

We'll use a self-signed certificate here - however in a production envrinoment we'd obviously want it signed by a CA:

New-SelfSignedCertificate -DnsName "" -CertStoreLocation Cert:\LocalMachine\My

We'll then create our listener:

winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=""; CertificateThumbprint=""}'

You should see something like:

ResourceCreated Address = ReferenceParameters ResourceURI = SelectorSet Selector: Address = *, Transport = HTTPS

We'll also need to ensure that the SCOM directory is added to windows path vairable:

setx /M PATH "%PATH%;C:\Program Files\Microsoft System Center\Operations Manager\Server"

Ensure our Puppet host can communicate with WinRM:

netsh advfirewall firewall add rule name="Windows Remote Management (HTTPS-In)" dir=in action=allow protocol=TCP localport=5986 remoteip=

Confirm the listener is present with:

WinRM e winrm/config/listener

We can now validate the new listener from the Puppet host - we need 'puppet bolt' (a tool that provides clientless administration of Windows and Linux systems):

sudo rpm -Uvh sudo yum install puppet-bolt

Note: The Puppet module should perform this automatically for you providing you have the Puppet RHEL 7 repository configured.

and then upload a test file to test it with:

echo 'testfile' > test.txt bolt file upload test.txt 'C:\temp' --nodes winrm:// --user --password --no-ssl-verify

Create a server mount point for Puppet to store the SCX binaries:

cat <> /etc/puppetlabs/puppet/fileserver.conf [installer_files] path /etc/puppetlabs/puppet/installer_files allow * EOT

You can now copy all of the SCX client installation files to the mount point - the typical location is: 'C:\Program Files\Microsoft System Center\Operations Manager\Server\AgentManagement\UnixAgents\DownloadedKits\'

Now on the SCOM host we'll create a dedicated shared folder for signing requests:

mkdir C:\temp\scx_signing_requests

net share scx_signing_requests=C:\temp\scx_signing_requests /GRANT:,FULL

Beginning with scom

Please refer to examples folder.


Please refer to examples folders.



String $service_user, # Service username to connect to SCOM server via WinRM

String $service_password, # Server password to connect to SCOM server via WinRM

String $scom_server, # SCOM server DNS name / IP address

String $installer_package, # Path to SRX agent installation file

String $scom_certificate_path, # Directory where signing requests are stored on SCOM server

String $certificate_issuer, # Usually hostname of the SCOM server (it's case sensitive!)

Optional[Boolean] $winrm_ssl # Optionally disable SSL with WinRM (not currently implemented)


This only currently works with RHEL 7 / CentOS. Future support for more operating systems may be added if there is popular demand.