Deploy SCOM Agent to Linux Manually

There have been quite a few great posts covering the installation of SCOM agents on Linux server out there, but I wanted to post a consolidated version.  I find this condensed process very helpful, so hopefully it will assist you in your SCOM xplat adventures!


  • Verify that DNS is configured properly for the Linux host
  • Verify the server can be pinged
  • Verify that ssh is enabled and the server can be reached from the management server over port 22

Deploy Linux SCOM Agent Manually:

1.  Import the Linux MPs into SCOM:


2.  Configure the Linux Run As Accounts. I will create an account called monuser for simplicity as this is the account specified in the Microsoft configuration. If you need assistance with setting up the run as accounts, Stephan Roth does a great job explaining the steps here.

3.  Create the monuser user account on the Linux server.:

a.   Login as root user to your Linux box using Putty (or another SSH shell)

b.  Enter the following commands in the shell:               

         passwd monuser

         useradd monuser

4.  Modify the sudoers file:

a.  We will need to check the sudoers file against the proper version here. In my case, I copy the “Linux – Universal DEB (Debian,Unbuntu) section




b.  In the Linux shell, enter the following to access the sudoers file:

sudo visudo

c.  Copy the configuration from the Microsoft site to the sudoers file:


5.  Manually sign the sxc certificate on the Management server.

a.  Open WINSCP to copy the PEM file to the Management server.  The PEM file is located in the /etc/opt/Microsoft/sxc/ssl directory:

**NOTE:  The Microsoft directory will not exist unless you have installed the scx package**


**NOTE: You may need to unlock the root account to login via WINSCP and remove the PEM file**

Steps to unlock the Root account (DO THIS AT YOUR OWN RISK):

      1. Unlock the Root account using the following command to allow for copying .pem file
      2. Execute the following command in the terminal:

                           sudo passwd root

iii. Then execute the following:

                             sudo passwd -u root

            iv. Enter sudo nano /etc/ssh/sshd_config and comment out permitrootlogin without-password. You may have to add the flowing entry on the line below:  permitrootlogin yes



     b.  Open a command prompt and cd to the directory where the PEM file was copied.  Run the following command to create a new certificate signed by the management server:scxcertconfig -sign scx-host-[hostname].pem [hostname].pemIn my case the command will be as follows:

           scxcertconfig -sign scx-host-ubuntu01.pem ubuntu01.pem

c.  In the /etc/opt/Microsoft/scx/ssl directory, delete the original PEM file

d.  Rename the new PEM file using the same name as the original file.  In my case, I would rename my new file from ubuntu01.pem to scx-host-ubuntu01.pem

e.  Copy the new PEM file to the /etc/opt/Microsoft/scx/ssl directory

f.  Restart the SCOM agent on the Linux server by running the following command in the shell:

Sxcadmin –restart


g.  You should now be able to successfully discover the Linux agent using the SCOM Agent Discovery Wizard!

If you still have issues discovering the agent using the discovery wizard, use the following site to troubleshoot: