HI, I have Domain A, Domain B and Domain C under same forest. I have 2 management groups each at A and B, I have AD integration for management groups at A and B. Created a policy for C to get the MG information. Deployed the agent on C through Grp policy. But i get the error message on moth the MS of both the domain as below, ================================================= Log Name: Operations Manager Source: Health Service Modules Date: 3/13/2011 4:24:08 PM Event ID: 11463 Task Category: None Level: Error Keywords: Classic User: N/A Computer: CHBH2205518.dc220551t1.local Description: OperationsManager container doesnt exist in domain dc220551t3.local or the Run As Account associated with the AD based agent assignment rule does not have access to the container. Please run MomADAdmin before configuring agent assignment rules and make sure the associated Run As Account is the member of the Operations Manager Administrator role. Workflow name: _DC220551T1_CHBH2205518_dc220551t3.local Instance name: CHBH2205518.dc220551t1.local Instance ID: {D9481549-1C40-F810-DF69-BAA7D6EF3D23} Management group: mgmt18 Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> ======================================================= and below, ====================================================== Log Name: Operations Manager Source: OpsMgr Connector Date: 3/13/2011 4:34:40 PM Event ID: 20002 Task Category: None Level: Error Keywords: Classic User: N/A Computer: CHBH2205518.dc220551t1.local Description: A device at IP [fe80::99df:154a:781a:c146%10]:62428 attempted to connect but could not be authenticated, and was rejected. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> ========================================================== On agents of Domain C, i get error messege as below (A device at IP [fe80::99df:154a:781a:c146%10]:62622 attempted to connect but could not be authenticated, and was rejected.) with event ID 20002 Also that, i get the event as waiting for the policy as it has not reached.. Assessment: ========= -I have created a group with members including domain Admins of all 3 domains, also added the comp name. =Added the grp as Ops manager admin on both the MS Please let me know where i am getting wrong **** Also please let me know if the policy gets applied, which MG will this agent will report to.

Hi, Please check if any information as below will help: Active Directory (AD) Integration: When to use it and when NOT to use it and how to get rid of EventID 11463… http://thoughtsonopsmgr.blogspot.com/2010/07/active-directory-ad-integration-when-to.html [OpsMgr] Port requirements for SCOM agents in a DMZ: http://wmug.co.uk/blogs/cliffs_blog/archive/2009/02/18/opsmgr-port-requirements-for-scom-agents-in-a-dmz.aspx Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Vivian, my AD integration doesnt work, the agent in 3rd domain is not able to pick up the policy. So with the 1st link, if i make the change in the MP, it will actually remove the alert but will it will not solve the problem.

Hi, I would like to verify if the event 20002 was resolved. Please let me know if this error occurs on all of the domains. Please check if any information as below will help: http://www.winserverkb.com/Uwe/Forum.aspx/mom/9174/SCOM-2007-agent-communication-issues http://www.ms-news.net/f2395/opsmgr-agents-get-rejected-5618679.htmlPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Chand, Have you run MomADAdmin in Domain C and created the OperationsManager container? You should see it in the root of the domain if you have View --> Advanced Features enabled in Active Directory Users & Computers. You'll also want to make sure that the AD Agent Based Assignment profile is configured with an account that will have the appropriate access to that container to create the Service Connection Points. http://blogs.msdn.com/b/steverac/archive/2008/03/20/opsmgr-ad-integration-how-it-works.aspx Neil

HI, Yes its still occuring in all the domain. I checked the links you sent me. It seems there is some issue with the permission. However i have assigned all the permission in all the domain. I dont have too many accounts, its just the builtin admin. which has rights in all the domain computers. Still issue persists

Thats a good point. No, in Domain C, i have not run momadmin.exe. But if i run it, i ll have to mention the management server and managemetn group name. like in "MomADAdmin.exe <mgmtgroupname> domain\OpsMgrAdminsSecurityGroup domain\managementservername domain" Which management server name should i mention. I have two management group here in domain A and B. -Chandan

Any one??============================================================ Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.