Solved

SCOM Gateway Server

Posted on 2010-09-20
2
933 Views
Last Modified: 2012-05-10
I have a scenario wherein I am monitoring 70 domain controllers using SCOM 2007 R2. We have a Microsoft CA installed in our LAN and out of 70 domain controllers 65 DC's are in LAN and are getting monitored using SCOM which is implemented in LAN zone. 5 DC's are in DMZ zone and have no connection to SCOM server or CA server. But those DC's have connectivity with PDC and one more member server. I want to monitor the DMZ servers also but not able to do so.

If I go ahead and install the member server as Gateway server then I need certificate for the DMZ servers from the LAN CA server which is not conneted from DMZ servers.

Please suggest how can I implement monitoring of DMZ servers through SCOM.
0
Comment
Question by:Neo_78
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 

Author Comment

by:Neo_78
ID: 33722928
Please provide some suggestion to the above question.
0
 
LVL 1

Accepted Solution

by:
Larsjh earned 250 total points
ID: 33747658
Certificate authentication is only required when Kerberos will not work. From your description, it seems your DMZ SCOM gateway server will be able to use Kerberos authentication to your DMZ DCs, so you should not have to put Certificates on any of your DMZ DCs.  ( I am assuming all DCs are members of the same forest...as well as your member server in the DMZ for the Gateway)

Your firewall will probably not allow Kerberos authentication from you DMZ SCOM gateway to  SCOM management server in your LAN, so you will need a cert on your DMZ Gateway and your SCOM Management Server. You will also need TCP port 5723 open both ways from your DMZ SCOM Gateway to your SCOM Management Server.

After your certs are installed run the momcertimport utility on both your Gateway and your SCOM MS. Install the SCOM Gateway, then run the command on your SCOM RMS to approve the gateway. (GatewayApprovalTool.exe)

Manually install the SCOM agent on your DCs, use the name of the gateway server as the SCOM management server in the install wizard. Then approve the manually installed clients in SCOM under Administration | Pending Management.

0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn about cloud computing and its benefits for small business owners.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
The viewer will learn how to use a discrete random variable to simulate the return on an investment over a period of years, create a Monte Carlo simulation using the discrete random variable, and create a graph to represent the possible returns over…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question