Operations Manager 2007 can be used to monitor devices in non-trusted domains, via certificates instead of Kerberos (as is normally the case). This necessitates the use of a gateway server in the untrusted domain, and there are some very good articles about how to do this (some links below).
There are I find some things that most people (including myself) tend to forget now and then, which make for tear-your-hair-out-and-shout-to-high-heaven moments, so I thought I'd share some of them:
1) The gateway server needs to be able to resolve the FQDN of the RMS! This is especially important when that FQDN is not public, e.g serverRMS.contoso.local. One way would be to just add the record in the hosts file on the gateway server.
2) Don't forget to run the MOMCertImport.exe on the gateway server as well. The gateway server's issued cert needs to be exported to a file and imported just as it was done on the RMS with the RMS cert.
3) Cert comms is bidirectional, so ensure what whatever you use as a firewall allows for 5723 in both directions.
Most problems are related to the certificates not being handled correctly.
Links:
Stefan Stranger's Doc
Tarek has a good one too...
As always...the guys at SystemCenterForum are tops!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment