Monitoring another domain using my Gateway Server (stay in DMZ) ?
Hi Graham, Please also check if the following artile will help: refer to the Troubleshooting tips section: http://technet.microsoft.com/en-us/library/bb432142.aspxPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
February 26th, 2011 8:12am
Hello, It is possible to use my Gateway Server, that are physically on the network perimeter (monitoring machines on the dmz) to monitor servers in another domain? Performed the installation of the agent as if it were a machine on the dmz (as I have no two-way trust between domains) and get the sequence of three errors in EventViewer below: Event Type: Error Event Source: OpsMgr Connector Event Category: None Event ID: 20057 Date: 2/18/2011 Time: 5:45:42 PM User: N/A Computer: serverdomain2 Description: Failed to initialize security context for target MSOMHSvc/scomdmz01 The error returned is 0x80090303(The specified target is unknown or unreachable). This error can apply to either the Kerberos or the SChannel package. Event Type: Error Event Source: OpsMgr Connector Event Category: None Event ID: 21001 Date: 2/18/2011 Time: 5:45:42 PM User: N/A Computer: serverdomain2 Description: The OpsMgr Connector could not connect to MSOMHSvc/scomdmz01 because mutual authentication failed. Verify the SPN is properly registered on the server and that, if the server is in a separate domain, there is a full-trust relationship between the two domains. Event Type: Error Event Source: OpsMgr Connector Event Category: None Event ID: 21016 Date: 2/18/2011 Time: 5:45:44 PM User: N/A Computer: serverdomain2 Description: OpsMgr was unable to set up a communications channel to scomdmz01 and there are no failover hosts. Communication will resume when scomdmz01 is available and communication from this computer is allowed. Obs.: test telnet works fine... server another domain to my scomdmz01 in port 5723Alfredo Antonacci Neto MCDST - MCSA - MCSE - MCTS - MCITP EA
February 26th, 2011 8:16am
Hi If the servers you want to monitor are in a different forest to the gateway and no forest level trust exists then you'll need to install certificates on all the servers you want to monitor: http://technet.microsoft.com/en-us/library/bb735408.aspx Cheers GrahamView OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/
February 26th, 2011 8:27am