Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

SCOM Gateway Server

Posted on 2010-09-20
2
Medium Priority
?
940 Views
Last Modified: 2012-05-10
I have a scenario wherein I am monitoring 70 domain controllers using SCOM 2007 R2. We have a Microsoft CA installed in our LAN and out of 70 domain controllers 65 DC's are in LAN and are getting monitored using SCOM which is implemented in LAN zone. 5 DC's are in DMZ zone and have no connection to SCOM server or CA server. But those DC's have connectivity with PDC and one more member server. I want to monitor the DMZ servers also but not able to do so.

If I go ahead and install the member server as Gateway server then I need certificate for the DMZ servers from the LAN CA server which is not conneted from DMZ servers.

Please suggest how can I implement monitoring of DMZ servers through SCOM.
0
Comment
Question by:Neo_78
2 Comments
 

Author Comment

by:Neo_78
ID: 33722928
Please provide some suggestion to the above question.
0
 
LVL 1

Accepted Solution

by:
Larsjh earned 1000 total points
ID: 33747658
Certificate authentication is only required when Kerberos will not work. From your description, it seems your DMZ SCOM gateway server will be able to use Kerberos authentication to your DMZ DCs, so you should not have to put Certificates on any of your DMZ DCs.  ( I am assuming all DCs are members of the same forest...as well as your member server in the DMZ for the Gateway)

Your firewall will probably not allow Kerberos authentication from you DMZ SCOM gateway to  SCOM management server in your LAN, so you will need a cert on your DMZ Gateway and your SCOM Management Server. You will also need TCP port 5723 open both ways from your DMZ SCOM Gateway to your SCOM Management Server.

After your certs are installed run the momcertimport utility on both your Gateway and your SCOM MS. Install the SCOM Gateway, then run the command on your SCOM RMS to approve the gateway. (GatewayApprovalTool.exe)

Manually install the SCOM agent on your DCs, use the name of the gateway server as the SCOM management server in the install wizard. Then approve the manually installed clients in SCOM under Administration | Pending Management.

0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As with any other System Center product, the installation for the Authoring Tool can be quite a pain sometimes. This article serves to help you avoid making these mistakes and hopefully save you a ton of time on troubleshooting :)  Step 1: Make sur…
Microsoft's Excel has many features that most people will never need nor take advantage of.  Conditional formatting is one feature that you may find a necessity once you start using it.
The viewer will learn how to simulate a series of coin tosses with the rand() function and learn how to make these “tosses” depend on a predetermined probability. Flipping Coins in Excel: Enter =RAND() into cell A2: Recalculate the random variable…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question