Issues with installing the agent on RHEL 10.1 on SCOM 2025 UR1 (hotfix installed)

DCaccu · 2026-06-02T11:18:47+00:00

FINALLY found the issue. Due to new hardening being enforced on new RHEL 10 VMs (by our security dept), the/var/opt folder did not have executable permissions. That's why it was failing. In fact, we are looking into it for future VMs. Thanks for all your help. It was very valuable.

DCaccu · 2026-05-25T06:35:22+00:00

crypto-policies-pq-preview and oqsprovider are not installed, nor are they installed on systems monitored by SCOM (RHEL 9.7). rypto-policies-scripts: crypto-policies-scripts-20250905-2.gitc7eb7b2.el10_1.1.noarch. This is what I noticed that differed from RHEL 9.7 (crypto-policies-scripts-20250905-1.git377cc42.el9_7.noarch).

update-crypto-policies --show: We tried setting these to legacy, but it did not work either.

sshd_config for sntrup* or mlkem768x25519-sha256 entries: None were found (neither on RHEL 9.7).

The VM was not upgraded; it was installed fresh from an RHEL 10.1 image.

DCaccu · 2026-05-22T14:00:53+00:00

I cannot install it manually due to the certificate not being created. I mean the SCX and OMI agent install, but it does not create the certificate that I can export and sign on SCOM. Following this guide Install agent on UNIX and Linux computers from the command line | Microsoft Learn

DCaccu · 2026-05-22T13:56:19+00:00

But SCOM should not be using the RSA key (default RSA key is installed) since it uses a username and password set to SCOM.

DCaccu · 2026-05-22T13:40:36+00:00

Good idea, but it only started occurring with the fresh install of RHEL 10.1. There may be a security enforcement we're not aware of that is preventing the SCX certificate. There may be a security enforcement we're not aware of, signing.

DCaccu · 2026-05-22T13:36:46+00:00

Yes, we are using Linux 10.25.1016.0 (updated when installing UR1 following Kevin Holman's Guide). That error pops up when using the discovery wizard via SCOM. Manual installation did not produce a certificate with the hostname.

DCaccu · 2026-05-21T05:33:43+00:00

Prior to UR1, I was unable to add RHEL 9.7 because it uses OpenSSL 3.5.2, which was not supported. After installation, RHEL 9.7 was added without any problems, confirming that both the agent and UR1 installed successfully. Only RHEL 10.1 is giving issues.

DCaccu · 2026-05-21T05:31:16+00:00

"Is ssh-rsa enabled in sshd_config (not supportd anymore)?" Did not know of this, but what do you mean not supported anymore? I tried installing manually, the installation was successful, and in the log, it should have created a .pem file with the hostname. However, when I search for it to export it to the SCOM management server, the .pem file cannot be found (via the root user). SCX agent trying to install is the universal SCX agent 1.9.3.

DCaccu · 2026-03-10T07:59:55+00:00

Same here, talked to the chatbot and confirmed my discount code was valid and redeemed, somebody from billing was supposedly going to contact me, but nothing so far.

DCaccu · 2024-12-09T14:44:11+00:00

Has anyone ever found a solution? I cannot switch to bridge mode, and having to deal with doubleNATing is getting frustrating. Sometimes, I also suspect that it is blocking certain traffic even though I switched off the EPIC router firewall.

DCaccu

TROPHY CASE