Certificate Authentication -- Ops Mgr 2007 ACS

Published on
8,621 Points
Last Modified:
The steps below assume that SCOM monitoring communication has been established via certificate authentication.

1. At the ACS collector server, stop the AdtServer service and then run AdtServer --c from the command prompt and select the certificate already requested and in use for agent to management/gateway server communication. Restart AdtServer.

2. At the workgroup/untrusted computer use the certificates snap-in to export the agent communication certificate in .CER format.

3. Within AD Users and Computers on the domain where the Collector resides, create a Computer account for the agent in the workgroup/untrusted domain. Use the Name Mapping option to import the certificate from the above step.
     a. After creating the account, select View -> Advanced Features within Active Directory Users & Computers.
     b. Right-click the computer account you created for the untrusted computer and select Name Mappings.
     c. Add the X-509 certificate you exported from the untrusted computer in step 2.

4. In the Operations console run the Task to enable auditing on the agent.

5. On the untrusted computer, stop the AdtAgent service (net stop adtagent.exe)

6. On the untrusted computer run AdtAgent --c and select the same certificate used for agent to management server authentication. Restart the AdtAgent service

7. Runt the query SELECT * FROM dbo.dtMachine against your ACS Collector database to ensure that the untrusted computer has been added.

Featured Post

Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

Join & Write a Comment

Discover the basics of using Outlook 2016 from office 365.
See the Basics of Office 365's Note Taking app, OneNote

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month