Solved

SCOM Gateway Server

Posted on 2010-09-20
2
927 Views
Last Modified: 2012-05-10
I have a scenario wherein I am monitoring 70 domain controllers using SCOM 2007 R2. We have a Microsoft CA installed in our LAN and out of 70 domain controllers 65 DC's are in LAN and are getting monitored using SCOM which is implemented in LAN zone. 5 DC's are in DMZ zone and have no connection to SCOM server or CA server. But those DC's have connectivity with PDC and one more member server. I want to monitor the DMZ servers also but not able to do so.

If I go ahead and install the member server as Gateway server then I need certificate for the DMZ servers from the LAN CA server which is not conneted from DMZ servers.

Please suggest how can I implement monitoring of DMZ servers through SCOM.
0
Comment
Question by:Neo_78
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 

Author Comment

by:Neo_78
ID: 33722928
Please provide some suggestion to the above question.
0
 
LVL 1

Accepted Solution

by:
Larsjh earned 250 total points
ID: 33747658
Certificate authentication is only required when Kerberos will not work. From your description, it seems your DMZ SCOM gateway server will be able to use Kerberos authentication to your DMZ DCs, so you should not have to put Certificates on any of your DMZ DCs.  ( I am assuming all DCs are members of the same forest...as well as your member server in the DMZ for the Gateway)

Your firewall will probably not allow Kerberos authentication from you DMZ SCOM gateway to  SCOM management server in your LAN, so you will need a cert on your DMZ Gateway and your SCOM Management Server. You will also need TCP port 5723 open both ways from your DMZ SCOM Gateway to your SCOM Management Server.

After your certs are installed run the momcertimport utility on both your Gateway and your SCOM MS. Install the SCOM Gateway, then run the command on your SCOM RMS to approve the gateway. (GatewayApprovalTool.exe)

Manually install the SCOM agent on your DCs, use the name of the gateway server as the SCOM management server in the install wizard. Then approve the manually installed clients in SCOM under Administration | Pending Management.

0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many companies are making the switch from Microsoft to Google Apps (https://www.google.com/work/apps/business/). Use this article to learn more about what Google Apps has to offer and to help if you’re planning on migrating to Google Apps. It is …
Technology opened people to different means of presenting information, but PowerPoint remains to be above competition. Know why PPT still works today.
The viewer will learn how to use a discrete random variable to simulate the return on an investment over a period of years, create a Monte Carlo simulation using the discrete random variable, and create a graph to represent the possible returns over…
The viewer will learn how to create two correlated normally distributed random variables in Excel, use a normal distribution to simulate the return on different levels of investment in each of the two funds over a period of ten years, and, create a …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question