SCOM Across Trusted Domains in Multiple Forests

Published on
14,775 Points
Last Modified:
Justin Owens
We don't support machines, but rather, the people who rely upon them...
I recently ran into a question where someone wanted to deploy SCOM in two different domains.  The problem was that the two sites they used were two domains, and while they trusted each other, they were not in the same forest.   The person asking the question wanted to install the remote agent at his other site, but the installation was failing.

The solution to the question was to deploy a gateway server at the remote site as described in this Technet Article:


The procedural overview as laid out in that article is to:

Request certificates for any computer in the agent, gateway server, management server chain.
Import those certificates into the target computers by using the Operations Manager 2007 MOMCertImport.exe tool.
Distribute the Microsoft.EnterpriseManagement.gatewayApprovalTool.exe to the management server.
Run the Microsoft.EnterpriseManagement.GatewayApprovalTool.exe tool to initiate communication between the management server and the gateway.
Install the gateway server.
The detailed directions for each step are laid out there in a simple to understand fashion.
This is actually a very good solution for conditions which require Cross Forest SCOM deployments.  While my personal preference would be to bring both domains into a single forest, there are many reasons (mostly legal or political) to not do so.  In the event you find yourself needing to have a single management point for multiple domains, this is the way I would go.
Here is the Experts-Exchange Question that prompted me to find this solution:



Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Join & Write a Comment

This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month