Solved

SCOM Gateway Server

Posted on 2010-09-20
2
919 Views
Last Modified: 2012-05-10
I have a scenario wherein I am monitoring 70 domain controllers using SCOM 2007 R2. We have a Microsoft CA installed in our LAN and out of 70 domain controllers 65 DC's are in LAN and are getting monitored using SCOM which is implemented in LAN zone. 5 DC's are in DMZ zone and have no connection to SCOM server or CA server. But those DC's have connectivity with PDC and one more member server. I want to monitor the DMZ servers also but not able to do so.

If I go ahead and install the member server as Gateway server then I need certificate for the DMZ servers from the LAN CA server which is not conneted from DMZ servers.

Please suggest how can I implement monitoring of DMZ servers through SCOM.
0
Comment
Question by:Neo_78
2 Comments
 

Author Comment

by:Neo_78
ID: 33722928
Please provide some suggestion to the above question.
0
 
LVL 1

Accepted Solution

by:
Larsjh earned 250 total points
ID: 33747658
Certificate authentication is only required when Kerberos will not work. From your description, it seems your DMZ SCOM gateway server will be able to use Kerberos authentication to your DMZ DCs, so you should not have to put Certificates on any of your DMZ DCs.  ( I am assuming all DCs are members of the same forest...as well as your member server in the DMZ for the Gateway)

Your firewall will probably not allow Kerberos authentication from you DMZ SCOM gateway to  SCOM management server in your LAN, so you will need a cert on your DMZ Gateway and your SCOM Management Server. You will also need TCP port 5723 open both ways from your DMZ SCOM Gateway to your SCOM Management Server.

After your certs are installed run the momcertimport utility on both your Gateway and your SCOM MS. Install the SCOM Gateway, then run the command on your SCOM RMS to approve the gateway. (GatewayApprovalTool.exe)

Manually install the SCOM agent on your DCs, use the name of the gateway server as the SCOM management server in the install wizard. Then approve the manually installed clients in SCOM under Administration | Pending Management.

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The canonical version of this article is on my web site here: http://iconoun.com/articles/collisions/ A companion presentation is available here: http://iconoun.com/articles/collisions/Unicode_Presentation.pdf
We were having a lot of "Heartbeat Alerts" in our SCOM environment, now "Heartbeat" in a SCOM environment for those of you who might not be familiar with SCOM is a packet of data sent from the agent to the management server on a regular basis, basic…
The viewer will learn how to use the =DISCRINV command to create a discrete random variable, use this command to model a set of probabilities and outcomes in a Monte Carlo simulation, and learn how to find the standard deviation of a set of probabil…
The viewer will learn how to create a normally distributed random variable in Excel, use a normal distribution to simulate the return on an investment over a period of years, Create a Monte Carlo simulation using a normal random variable, and calcul…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now