Hi All,

I have the following design in our SCOM environment,

SCOM 2012 R2 Management Server belongs to Domain A, Gateway belongs to Domain B. I dont have trust between Domain A and B, hence the authentication between MS and GW is done via Certificate and MOMCertImport. It is working fine, GW is able to relay all nodes connected to it to Management Server and I am able to view status/reports of all systems whose primary management server is gateway.

I have an edge server of lync, which does not belongs to domain B. I have installed manual agent, and did the certificate stuff on edge server. After adding the certificate to edge from ops manager template, the manual agent installed appears in pending management in the SCOM, I can approve it and it goes to "Agents Managed". But no heartbeat occurs.

On the edge server I can see below events/alerts:

20067, 20071, 21002 and 21016.

20067 says :  A device with IP GW:5723 attempted to connect but the certificate presented by the device was invalid. The connection from the device has been rejected. The failure code on the certificate was 0x800B010A (A certificate chain could not be build to a trusted root authority).

I can confirm that the Domain B CA certificate is installed in the Trusted root certificate authorities under Local Computer account on edge.

one thing which is confusing to me is, MOMCertImport has to run only on the Edge Server, but not on the gateway (again?).

Because while I was integrating GW and SCOM MS, I downloaded a certificate from Domain A CA (Ops manager template), imported into gateway and did the MOMCertImport for that certificate.

If I again do MOMCertimport for the certificate from Domain B on gateway, it simply breaks the communication between SCOM MS and Gateway.

• Edited by Hasnain_Raza 20 minutes ago