Hi all,
I have an untrusted domain which I am deploying Gateway Servers into. I have built two servers so that I have Gateway failover for Agents. One of the gateways is working just fine but the other is refusing to accept the certificates and keeps trying to use Kerberos authentication to authenticate to the MS which isn't ever going to work.
I've got the SCOM MS and the PKI in Domain A, Gateway Server in Domain B.
1. Created SCOM Certificate Template in Domain A PKI.
2. Created Certificates using Certreq for the Domain B Gateways.
3. Installed Root CA .cer and Issued Certificate .pfx Files on Domain B Gateways.
4. Ran Gateway Approval Tool on Domain A SCOM MS.
5. Installed Gateway Software on Gateways in Domain B.
As I say, one of the two is working just fine and I have agents reporting through it, but the second will not work. I have tried unapproving the Gateway and reapproving it, deleting all the certificates and re-creating them from the template fresh and as a last resort, I have deleted the second Gateway VM and re-created it.
The errors in the Operations Manager log are as follows:
Could not connect to MSOMHSvc/MSNAME.domaina.com because mutual authentication failed.
The OpsMgr Connector connected to MSNAME.domaina.com but the connection was closed immeadiately without authentication taking place.
Anyone have any ideas because as you can see, I've gone as far as to delete the VM and start everything again to no avail and given that I've built these two side-by-side and one is working and the other is not, it's clear that I know it does work and it's not ju