Hi, I have a bit odd situation on a SCOM 2012R2 deployment.
I have a MS on the internal network, and a Gateway Server on the perimeter network. Each server is connected to different Active Directory Forests and there are no trust relationships between them. I configured the communication between the two using certificates.
I have already connected some servers through the Gateway using certificates because there are on Workgroups, they are already approved on the MS and reporting their status.
However, I have some servers that are member servers of the internal AD domain but are located on the perimeter network.
So I've tried to configure one of them for testing to connect to the Gateway Server using a certificate using manual agent installation. Initially it didn't report on the SCOM, but then I ran the get-scompendingmanagement and saw that it showed there, so I ended up approving the agent using Powershell and then it was reported on the Console as "Not Monitored"
First the agent was running as local system and then tried using a local admin account on the server, neither options have worked.
I get the following errors:
The OpsMgr Connector connected to scomgateway.externaldomain.com, but the connection was closed immediately after authentication occurred. The most likely cause of this error is that the agent is not authorized to communicate with the server, or the server has not received configuration. Check the event log on the server for the presence of 20000 events, indicating that agents which are not approved are attempting to connect.For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. OpsMgr was unable to set up a communications channel to scomgateway.externaldomain.com and there are no failover hosts. Communication will resume when scomgateway.externaldomain.com is available and communication from this computer is allowed.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Is this configuration possible? Or do I need to open communication ports from the agents to the MS inside the corporate network and not use the Gateway?
Any ideas if someone else has done this are appreciated.
Thank you.
Regards.