It turns out that I had the firewall enabled (like a good boy) but hadn't set the exceptions for Orchestrator (SCO).
For reference I thought I'd post some of the common firewall changes and ports:
Remote Computer with Runbook Designer
- Open a port to SQL (Default TCP:1433)
- Allow ManagementService.exe through the firewall
64-bit: %Program Files (x86)%\Microsoft System Center 2012\Orchestrator\Management Server\ManagementService.exe
32-bit: %Program Files%\Microsoft System Center 2012\Orchestrator\Management Server\ManagementService.exe - Allow OrchestratorRemotingService.exe through the firewall for Deployment Manager to access it
64-bit: %SystemRoot%\SysWOW64\OrchestratorRemotingService.exe
32-bit: %SystemRoot%\System32\OrchestratorRemotingService.exe - Any activities that use WMI, enable the following rules:
Windows Management Instrumentation (Async-In)
Windows Management Instrumentation (DCOM-In)
Windows Management Instrumentation (WMI-In)
Source | Target | Default Port |
Runbook Designer | Management server | 125, 1024-65535 |
Management server runbook server Web service | Orchestration Database | 1433 |
Client browser | Orchestrator REST-based web service | 81 |
Orchestration console | 82 |
For more detailed information, refer to the TechNet documentation:
Orchestrator Security Planning
http://technet.microsoft.com/en-us/library/hh420367.aspx
TCP Port Requirements
http://technet.microsoft.com/en-us/library/hh420382.aspx