SCOM gateway and servers in another Network
Thanks for your replies. The two sites are not in the same domain. And the SCOM server is on a totally different domain that the two sites. Site 1 is .site1.local, Site2 is site2.local and thr SCOM server is site3.local. The GW is installed on Site1 and all servers on Site1 are discovered in the SCOM. Now i need to monitor Site2, Is it possible to monitor it through the Gateway installed in Site1? Thanks in advance. Thanks for clarification. You will have to use certificates to communicate from the Site3 which is where your RMS and MSs sit to site1 and site2. In addition to this a Gateway will need to be deployed to site1(you already have one here) and site2. Since you have no Kerberos trust between the domains this is the only way it will function. Which brings me to another point, have considered if you need to separate the data? If so you would need to deploy multiple Management Groups which isn't hard but it sounds like you may be a service company monitoring client environments. The following articles should help you http://systemcentering.blogspot.com/2011/11/steps-for-deploying-scom-to-untrusted.html http://technet.microsoft.com/en-us/library/dd362553.aspx
November 30th, 2011 5:13pm

Hi, I have a SCOM server 2007 R2 as well as a costumer that is having two sites (Site1 and Site2). I have installed SCOM GW on one server located in Site1 and discovered all servers in site1. I opened port 5723 from Site2 to Site1 but when i run Dicovery from SCOM i cannot see servers on Site2. What is required so that i will be able to use the SCOM GW in Site1 to monitor servers on Sites 2. Thanks in advance. On Are these sites in the same domain? If so check the Operations Manager log on the Gateway server. Filter it to look for errors and you will probably find OpsMgr Connector errors as the source if there is a communication problem. The details should help us troubleshoot the issue. If they aren't in the same domain then obviously you need certificates.
Free Windows Admin Tool Kit Click here and download it now
December 10th, 2011 8:26am

If the site 2 domain is in a trusted domain, you'll only need certs on the gateway but should be able to push the client using the discovery wizard by adding the fqdn of the clients. You'll need to be able to resolve the names of the clients, and use an account with admin rights on the client. If site 2 is in a workgroup or in an untrusted domain, you'll need certs on the clients as well. You'll be able to use the discovery wizard IF the server name can be resolved, and you are using an account that has admin rights. In both cases a manual install of the client will work. The client just has to be able to resolve and connect to the gateway. The gateway has to be able to connect to a management server.
December 10th, 2011 8:54am

If the site 2 domain is in a trusted domain, you'll only need certs on the gateway but should be able to push the client using the discovery wizard by adding the fqdn of the clients. You'll need to be able to resolve the names of the clients, and use an account with admin rights on the client. If site 2 is in a workgroup or in an untrusted domain, you'll need certs on the clients as well. You'll be able to use the discovery wizard IF the server name can be resolved, and you are using an account that has admin rights. In both cases a manual install of the client will work. The client just has to be able to resolve and connect to the gateway. The gateway has to be able to connect to a management server. Why would you need certificates if the Gateway is in a trusted domain? For the original poster, where is the RMS in all of this? Is it located in Site 1 or off premise, in neither site? Please provide some more details so we can provide the correct answer
Free Windows Admin Tool Kit Click here and download it now
December 10th, 2011 9:31am

to actually push the agents from the console you will need more ports open than just the one scom port. See Kevin Holman's article on trouble shooting push installs. http://blogs.technet.com/b/kevinholman/archive/2007/12/12/agent-discovery-and-push-troubleshooting-in-opsmgr-2007.aspx yes we will need more details on the setup like what domain is in which site, what domain the scom install is on, what domain the gateway is on etc.Scott Moss MVP (Operations Manager) | President - System Center Virtual Users Group | Vice President - Atlanta Southeast Management Users Group (ATL SMUG) Please remember to click Mark as Answer on the post that helps you!
December 10th, 2011 11:30am

to actually push the agents from the console you will need more ports open than just the one scom port. See Kevin Holman's article on trouble shooting push installs. http://blogs.technet.com/b/kevinholman/archive/2007/12/12/agent-discovery-and-push-troubleshooting-in-opsmgr-2007.aspx yes we will need more details on the setup like what domain is in which site, what domain the scom install is on, what domain the gateway is on etc. Scott Moss MVP (Operations Manager) | President - System Center Virtual Users Group | Vice President - Atlanta Southeast Management Users Group (ATL SMUG) Please remember to click “Mark as Answer” on the post that helps you! Excluding local firewalls (i.e Built in Window Firewall) - My understanding is that if he is attaching the agents to the Gateway and the Gateway sits on the same side of the appliance based firewall as the agents only 5723 needs to be opened on the firewall (communication between (R)MS(s) and Gateway). The RMS will tell the Gateway to perform the deployment.
Free Windows Admin Tool Kit Click here and download it now
December 10th, 2011 12:34pm

Thanks for your replies. The two sites are not in the same domain. And the SCOM server is on a totally different domain that the two sites. Site 1 is .site1.local, Site2 is site2.local and thr SCOM server is site3.local. The GW is installed on Site1 and all servers on Site1 are discovered in the SCOM. Now i need to monitor Site2, Is it possible to monitor it through the Gateway installed in Site1? Thanks in advance.
December 11th, 2011 1:53am

Hi, please check if the following information will help: SCOM Agents Deployment in Multiple Domains http://www.eggheadcafe.com/microsoft/Ops-Manager-Setup/34165977/scom-agents-deployment-in-multiple-domains.aspxPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
December 11th, 2011 2:57am

Hello, It´s easiest to put a gateway also in site2. The gateway needs port 5723 open to the RMS or a MS server in site3 and a certificate for communication. The agents in site2 needs 5723 and some more ports open to the gateway, for agent communication, discovery and installation, see the link to Kevin:s blog. Regards, Sören S.
December 11th, 2011 3:07am

Hi, I have a SCOM server 2007 R2 as well as a costumer that is having two sites (Site1 and Site2). I have installed SCOM GW on one server located in Site1 and discovered all servers in site1. I opened port 5723 from Site2 to Site1 but when i run Dicovery from SCOM i cannot see servers on Site2. What is required so that i will be able to use the SCOM GW in Site1 to monitor servers on Sites 2. Thanks in advance. On
Free Windows Admin Tool Kit Click here and download it now
December 11th, 2011 7:13am

Thanks for your replies. The two sites are not in the same domain. And the SCOM server is on a totally different domain that the two sites. Site 1 is .site1.local, Site2 is site2.local and thr SCOM server is site3.local. The GW is installed on Site1 and all servers on Site1 are discovered in the SCOM. Now i need to monitor Site2, Is it possible to monitor it through the Gateway installed in Site1? Thanks in advance. Thanks for clarification. You will have to use certificates to communicate from the Site3 which is where your RMS and MSs sit to site1 and site2. In addition to this a Gateway will need to be deployed to site1(you already have one here) and site2. Since you have no Kerberos trust between the domains this is the only way it will function. Which brings me to another point, have considered if you need to separate the data? If so you would need to deploy multiple Management Groups which isn't hard but it sounds like you may be a service company monitoring client environments. The following articles should help you http://systemcentering.blogspot.com/2011/11/steps-for-deploying-scom-to-untrusted.html http://technet.microsoft.com/en-us/library/dd362553.aspx
December 11th, 2011 7:24am

Hi, You can find a lot of helpfull info on this link: http://systemcentercentral.com/BlogDetails/tabid/143/IndexID/90669/Default.aspx .. at the end of blog, there is lines under "To be more clear:" which can clear out doubts about certs. Also usefull blog regarding Expiration date of SCOM certificate: http://systemcentercentral.com/BlogDetails/tabid/143/IndexID/90670/Default.aspx
Free Windows Admin Tool Kit Click here and download it now
December 24th, 2011 12:37pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics