We have a strange problem with a new gateway server in a domain without trust. We cannot get it to connect to the management servers  (tested With all of them). We have another GW in the same domain that worked fine, but after I flushed Health Service Cache we now have the same problem with this one. No new configuration from the config service. We have other gateway servers in 10 other domains that works fine as well, even after we flush the health service cache and they gets a new configuration.

No errors or warnings in the eventlog, but we see this one though:

EventID 21023 / source OpsMgr Connector:
OpsMgr has no configuration for management group ManagementGroupName and is requesting new configuration from the Configuration Service.

Things we have done/checked:

• Port 5723/5724 has been validated as open from GW to MS(s) w/Posh Test-netconnection ManagementServerFQDN -port 5723/5724 and telnet.
• Local FW and antivirus is turned off.
• Installed and reinstalled the GW as local Administrator and patched to SCOM 2012 R2 UR5 (KB3023138).
• Approved GW with Gateway approval tool, deleted it and recreated. if I don't approve the Gw it do not even show in pending actions for approval.
• Flushed Health Service Cache and Recycled the HealthService on all MS's and GW's.
• Restarted all servers.
• Reissued Certificate and reimported it running MOMCertImport (FQDN is used as the Friendly name and name of the certificate). Trusted Root Certificate imported as well.
• AuthenticationName and NetworkName match MS in the registry hive
  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Server Management Groups\MangementGroupName\Parent Health Services\"

EventIDs confirming that there is a Connection to the mangement server from GW:

- EventID 21031 / Source OpsMgr Connector:
OpsMgr succeeded to add socket server on port 5723.

- EventID 2002 / Source HealthService:
Management Group "ManagementGroupName" was started.

- EventID 7026 / Source HealthService:
The Health Service successfully logged on the RunAs account DOMAIN\ServiceAccountName for management group MangementGroupName

- EventID 7019 / Source HealthService:
The Health Service has validated all RunAs accounts for management group ManagementGroupName

If we shutdown the ManagementServer there is a event that it cannot connect to the management server.

any suggestions would be greatly appreciated!

Thanks,

Best regards

Trond

• Edited by trondvegardk Thursday, June 25, 2015 9:43 AM

Hi There is the MS Pingable via FQDN from gateway to the MS ? 

Also does the action account added to the local Administrators group ?

Also do you see any 2070 events stating. So and so agent communicated but the connection was closed immediately as it is not authorized to communicate or some thing ?

Hi There is the MS Pingable via FQDN from gateway to the MS ? 

Also does the action account added to the local Administrators group ?

Also do you see any 2070 events stating. So and so agent communicated but the connection was closed immediately as it is not authorized to communicate or some t

Hi Trond,

In a certificate  - check that both Server Authentication and Client Authentication exist in Enhanced Key Usage under Details. As well, under General the "You have a private key that corresponds to this certificate" words should present.

Hi Trond,

In a certificate  - check that both Server Authentication and Client Authentication exist in Enhanced Key Usage under Details. As well, under General the "You have a private key that corresponds to this certificate" words should pr