SCOM Console deployed in an untrusted domain and through a firewall.
I have a client that has a SCOM console thick client in another domain, and he cannot connect to the RMS getting the error: <!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-alt:"Calisto MT"; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:-1610611985 1107304683 0 0 159 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-alt:"Times New Roman"; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-1610611985 1073750139 0 0 159 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman","serif"; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin;} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; font-size:10.0pt; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt;} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.WordSection1 {page:WordSection1;} --> Date: 10/5/2010 1:36:27 PM Application: System Center Operations Manager 2007 R2 Application Version: 6.1.7221.0 Severity: Warning Message: Failed to connect to server 'xxxxxxxxxxx'. Insufficient privileges Microsoft.EnterpriseManagement.Common.UnauthorizedAccessMonitoringException: The user does not have sufficient permission to perform the operation. ---> System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service. ---> System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed. at System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target) at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState) --- End of inner exception stack trace --- He is a member of Operations Manager Operators. Not sure what else to do..
October 5th, 2010 9:15pm

The other user cannot use windows integrated authentication because it is another domain. When he opens the console he needs to enter the user name and password and domain information. These credentials should be of the domain where SCOM is. Also, in the console - administration --> Security --> User roles - the specified account should be part of one of the profiles listed. Based on the privileges you want to provide that user. -- Regards, Vik Singh -------------------------------------------------------------------------------- Please remember to click ??Mark as Answer? on the post that helps you, and to click ??Unmark as Answer? if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. "bryanburns" wrote in message news:e305b4ff-db51-4459-9a76-44cf65f42a5f@communitybridge.codeplex.com... I have a client that has a SCOM console thick client in another domain, and he cannot connect to the RMS getting the error: <!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-alt:"Calisto MT"; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:-1610611985 1107304683 0 0 159 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-alt:"Times New Roman"; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-1610611985 1073750139 0 0 159 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman","serif"; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin;} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; font-size:10.0pt; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt;} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.WordSection1 {page:WordSection1;} --> Date: 10/5/2010 1:36:27 PM Application: System Center Operations Manager 2007 R2 Application Version: 6.1.7221.0 Severity: Warning Message: Failed to connect to server 'xxxxxxxxxxx'. Insufficient privileges Microsoft.EnterpriseManagement.Common.UnauthorizedAccessMonitoringException: The user does not have sufficient permission to perform the operation. ---> System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service. ---> System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed. at System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target) at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState) --- End of inner exception stack trace --- He is a member of Operations Manager Operators. Not sure what else to do..
Free Windows Admin Tool Kit Click here and download it now
October 5th, 2010 9:48pm

Do you have a gateway server? Or have you configured certificates? http://technet.microsoft.com/en-us/library/bb735408.aspxCheers Graham View OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/
October 5th, 2010 10:15pm

Graham - as far as I know, we don??t need certificates for remote console access. Only if a client is untrusted we need it. if we are just using the console and we use the appropriate credentials, it should work. If not, let me know. -- Regards, Vik Singh -------------------------------------------------------------------------------- Please remember to click ??Mark as Answer? on the post that helps you, and to click ??Unmark as Answer? if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. "Graham Davies [MVP]" wrote in message news:45058534-b8e2-4c67-945b-7a3643228799@communitybridge.codeplex.com... Do you have a gateway server? Or have you configured certificates? http://technet.microsoft.com/en-us/library/bb735408.aspx Cheers Graham View OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/
Free Windows Admin Tool Kit Click here and download it now
October 5th, 2010 10:17pm

Hi Sorry - my mistake totally - I thought you \ they were looking to deploy agents from the console. Classic case of not reading closely enough. For use of the console then you are correct. The user needs rights in that domain which they don't appear to have. Cheers Graham Cheers Graham View OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/
October 5th, 2010 10:24pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics