Monitoring another domain using my Gateway Server (stay in DMZ) ?
Hi Graham,
Please also check if the following artile will help:
refer to the Troubleshooting tips section:
http://technet.microsoft.com/en-us/library/bb432142.aspxPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
February 26th, 2011 8:12am
Hello,
It is possible to use my Gateway Server, that are physically on the network perimeter (monitoring machines on the dmz) to monitor servers in another domain? Performed the installation of the agent as if it were a machine on the dmz (as I have no two-way trust
between domains) and get the sequence of three errors in EventViewer below:
Event Type: Error
Event Source: OpsMgr Connector
Event Category: None
Event ID: 20057
Date: 2/18/2011
Time: 5:45:42 PM
User: N/A
Computer: serverdomain2
Description:
Failed to initialize security context for target MSOMHSvc/scomdmz01 The error returned is 0x80090303(The specified target is unknown or unreachable). This error can apply to either the Kerberos or the SChannel package.
Event Type: Error
Event Source: OpsMgr Connector
Event Category: None
Event ID: 21001
Date: 2/18/2011
Time: 5:45:42 PM
User: N/A
Computer: serverdomain2
Description:
The OpsMgr Connector could not connect to MSOMHSvc/scomdmz01 because mutual authentication failed. Verify the SPN is properly registered on the server and that, if the server is in a separate domain, there is a full-trust relationship between the two
domains.
Event Type: Error
Event Source: OpsMgr Connector
Event Category: None
Event ID: 21016
Date: 2/18/2011
Time: 5:45:44 PM
User: N/A
Computer: serverdomain2
Description:
OpsMgr was unable to set up a communications channel to scomdmz01 and there are no failover hosts. Communication will resume when scomdmz01 is available and communication from this computer is allowed.
Obs.: test telnet works fine... server another domain to my scomdmz01 in port 5723Alfredo Antonacci Neto MCDST - MCSA - MCSE - MCTS - MCITP EA
Free Windows Admin Tool Kit Click here and download it now
February 26th, 2011 8:16am
Hi
If the servers you want to monitor are in a different forest to the gateway and no forest level trust exists then you'll need to install certificates on all the servers you want to monitor:
http://technet.microsoft.com/en-us/library/bb735408.aspx
Cheers
GrahamView OpsMgr tips and tricks at
http://systemcentersolutions.wordpress.com/
February 26th, 2011 8:27am