We have two agent servers that have been monitored using a one-way trust and a certificate for well over a year successfully.  Recently, both fell into a not monitored state.  We tried reinstalling the agent, including a newly generated certificate, but event 20071 comes up immediately followed by 21016 after service restart.  Thereafter we get 20071 alone every 15 minutes.  No other warnings/errors.

(Both servers are used for ADFS.)

All usual suspects have been checked.  Root cert, cert chain, management group name, registry keys for AuthenticationName and NetworkName have FQDN, we can ping and we can telnet 5723 to management server, and I've run momcertimport.exe many times.  We have a couple thousand agents, so we've picked up on the issues to watch for over the years!  But this one has us stumped.

SCOM 2007 R2 environment.

Any takers?

Thank you!

Try to check certificate.

Also you can refer to below links

https://michelkamp.wordpress.com/2012/01/05/solving-the-gateway-20071-event/

https://social.technet.microsoft.com/Forums/systemcenter/en-US/8d643f3a-8bdf-49e5-9c60-b2a798668600/scom-2012-r2-monitor-workgroup-error-event-id-20071-and-21016?forum=operationsmanagerdeployment

Thank you Mai.  I have already seen those links, and carefully checked that is all correct.

The certificate generation process is the same process we've used for thousands of agent servers.  Including other servers on this particular domain.  Only two servers on this domain (and subnet) have a problem, most do not.

I have not been able to find any special instructions for servers that run ADFS, but are not domain controllers.  If anyone knows of any, please let me know.  But it's not as if we just installed ADFS, they've been ADFS servers since day one.

The fact that it was working fine for over a year and just broke makes me consider that a March 2015 Windows Update could possibly have done this, but again I have not read anything to that effect.

Hi,

Please refer to the link below, althouh I know you have already validated most of them.

Tips and Tricks: SCOM (2012 and 2007) Gateway Server Troubleshooting Guide

http://blogs.catapultsystems.com/jcowan/archive/2012/07/03/tips-and-tricks-scom-2012-and-2007-gateway-server-troubleshooting-guide.aspx

Note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.