Hi guys, I'm having troubles with the certificate based authentication on my non-domain joined server. The certificate (client and server authenticaion) is installed with momcertimport.exe. The root-ca is trusted on my workgroup server, tcp port 5723 to the opsmgr server is open, and still I get the error OpsMgr was unable to set up a communications channel to server.domain.tld and there are no failover hosts. Communication will resume when server.domain.tld is available and communication from this computer is allowed. The agent is able to communiate with the second management group (where the gateway server is in the same subnet as the agent). What am I missing? Cheers Sebastian Sebastian Bammer

Hi If I understand correctly, you have multihomed the agent that has the certificate? In the Management Group 1, have you allowed manual agent installs and approved the agent? The health service can only load one certificate so have you used the same CA \ certificate for each management group? This is sort of explained here (albeit with a different slant): http://blogs.technet.com/b/momteam/archive/2009/12/08/how-to-link-multiple-gateway-servers-together.aspx - "A healthservice can only load and use a single auth certificate" Cheers GrahamRegards Graham New System Center 2012 Blog! - http://www.systemcentersolutions.co.uk View OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/

Hi Sebatian As Graham said please check you have approved the agent in SCOM . The above said error will normally appear when the agent is not approved. In case still you have issues restart the system center management service then if you see any error send us the error that will help to troubleshot further.Donald D'souza (http://donald-scom.blogspot.com/)

Hi guys, I'm using the same certificate for both MGs (the root-ca is trusted on both of the RMS servers). The problem is that in my MG I cannot approve the agent because it does not show under pending management (my MG is configured to review new manual agent installations. They are not approved autimatically). In the event log of my RMS server I can see the following event: The OpsMgr Connector negotiated the use of mutual authentication with 195.64.1.2:43767, but Active Directory is not available and no certificate is installed. A connection cannot be established I don't get why it's saying that no certificate is installed. It is clearly working with my second MG :( Cheers SebastianSebastian Bammer

You just need to install certificates on all management servers which will be to monitor your Work Group servers.

I'll just quickly check with my network guy as I can see that the agent is showing up with its public IP and I don't know if the route back to the agent could be a problem...Sebastian Bammer

Hi Sebastian If you are able to, can you restart the health service on the agent and check for the following informational events (they aren't warnings ro critical although 20052 should be!) : 1) Event id 20052 on the agent stating that the Specified certificate could not be loaded because the subject name on the certificate does not match the local computer name. Or 2) Event id 20053 after running MomCertImport this indicates the cert was loaded properly. As you say, routing and also DNS could also be the issue. Cheers GrahamRegards Graham New System Center 2012 Blog! - http://www.systemcentersolutions.co.uk View OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/