SCOM Across Trusted Domains in Multiple Forests
We don't support machines, but rather, the people who rely upon them...
Published:
Browse All Articles > SCOM Across Trusted Domains in Multiple Forests
I recently ran into a question where someone wanted to deploy SCOM in two different domains. The problem was that the two sites they used were two domains, and while they trusted each other, they were not in the same forest. The person asking the question wanted to install the remote agent at his other site, but the installation was failing.
The solution to the question was to deploy a gateway server at the remote site as described in this Technet Article:
http://technet.microsoft.com/en-us/library/bb432149.aspx
The procedural overview as laid out in that article is to:
This is actually a very good solution for conditions which require Cross Forest SCOM deployments. While my personal preference would be to bring both domains into a single forest, there are many reasons (mostly legal or political) to not do so. In the event you find yourself needing to have a single management point for multiple domains, this is the way I would go.
Here is the Experts-Exchange Question that prompted me to find this solution:
https://www.experts-exchange.com/questions/25083584/Installing-SCOM-agent-to-server-in-trusted-domain.html
Justin
The solution to the question was to deploy a gateway server at the remote site as described in this Technet Article:
http://technet.microsoft.com/en-us/library/bb432149.aspx
The procedural overview as laid out in that article is to:
Request certificates for any computer in the agent, gateway server, management server chain.
Import those certificates into the target computers by using the Operations Manager 2007 MOMCertImport.exe tool.
Distribute the Microsoft.EnterpriseManagement.gatewayApprovalTool.exe to the management server.
Run the Microsoft.EnterpriseManagement.GatewayApprovalTool.exe tool to initiate communication between the management server and the gateway.
Install the gateway server.
The detailed directions for each step are laid out there in a simple to understand fashion.
This is actually a very good solution for conditions which require Cross Forest SCOM deployments. While my personal preference would be to bring both domains into a single forest, there are many reasons (mostly legal or political) to not do so. In the event you find yourself needing to have a single management point for multiple domains, this is the way I would go.
Here is the Experts-Exchange Question that prompted me to find this solution:
https://www.experts-exchange.com/questions/25083584/Installing-SCOM-agent-to-server-in-trusted-domain.html
Justin
We don't support machines, but rather, the people who rely upon them...
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (0)