Solved

DMZ server monitoring with SCOM

Posted on 2013-05-15
7
1,995 Views
Last Modified: 2014-03-12
Hello Experts
I have a SCOM 2012 and want to monitor DMZ servers. I have used the link below
http://blogs.technet.com/b/stefan_stranger/archive/2012/04/17/monitoring-non-domain-members-with-om-2012.aspx

and now agen from the dmz computer can not connect to scom rms server.

hear are my log from dmz computer

Log Name:      Operations Manager
Source:        OpsMgr Connector
Date:          5/15/2013 3:09:48 PM
Event ID:      21007
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SRV-AB-WWW1
Description:
The OpsMgr Connector cannot create a mutually authenticated connection to scom2012.ameriabank.local because it is not in a trusted domain.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="OpsMgr Connector" />
    <EventID Qualifiers="49152">21007</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-05-15T11:09:48.000000000Z" />
    <EventRecordID>2799</EventRecordID>
    <Channel>Operations Manager</Channel>
    <Computer>SRV-AB-WWW1</Computer>
    <Security />
  </System>
  <EventData>
    <Data>scom2012.ameriabank.local</Data>
  </EventData>
</Event>
0
Comment
Question by:ameriaadmin
  • 5
7 Comments
 

Author Comment

by:ameriaadmin
ID: 39177178
Examining cert - Serial number 642103125E6A6F9A47194E172512F933
---------------------------------------------------
Cert subjectname
        The SubjectName of this cert does not match the FQDN of this machine.
        Actual - CN=WMSvc-SRV-AB-WWW1
        Expected (case insensitive)- CN=SRV-AB-WWW1
Private key
Expiration
Enhanced Key Usage Extension
        Enhanced key usage extension does not meet requirements.
        Required EKUs are 1.3.6.1.5.5.7.3.1 and 1.3.6.1.5.5.7.3.2
        EKUs found on this cert are:
        1.3.6.1.5.5.7.3.1
Key Usage Extensions
KeySpec
Serial number written to registry
        The serial number written to the registry does not match this certificate
        Expected registry entry: 33F91225174E19479A6F
        Actual registry entry:   33F91225174E19479A6F6A5E12032164
Certification chain
        There is a valid certification chain installed for this cert,
        but the remote machines' certificates could potentially be issued from
        different CAs.  Make sure the proper CA certificates are installed
        for these CAs.

Examining cert - Serial number 1B23DA660000000021BE
---------------------------------------------------
Cert subjectname
        The SubjectName of this cert does not match the FQDN of this machine.
        Actual - CN="<SRV-AB-WWW1>"
        Expected (case insensitive)- CN=SRV-AB-WWW1
Private key
Expiration
Enhanced Key Usage Extension
Key Usage Extensions
KeySpec
Serial number written to registry
        The serial number written to the registry does not match this certificate
        Expected registry entry: BE210000000066DA231B
        Actual registry entry:   33F91225174E19479A6F6A5E12032164
Certification chain
        There is a valid certification chain installed for this cert,
        but the remote machines' certificates could potentially be issued from
        different CAs.  Make sure the proper CA certificates are installed
        for these CAs.
PS C:\Users\Administrator>
0
 

Author Comment

by:ameriaadmin
ID: 39177183
results from SCOM RMS server

Examining cert - Serial number 6315095F000000001FEC
---------------------------------------------------
Cert subjectname
        The SubjectName of this cert does not match the FQDN of this machine.
        Actual - CN=scom.ameriabank.am, OU=IT, O=Ameriabank CJSC, L=Yerevan, S=Armenia, C=AM
        Expected (case insensitive)- CN=SCOM2012.ameriabank.local
Private key
Expiration
Enhanced Key Usage Extension
        Enhanced key usage extension does not meet requirements.
        Required EKUs are 1.3.6.1.5.5.7.3.1 and 1.3.6.1.5.5.7.3.2
        EKUs found on this cert are:
        1.3.6.1.5.5.7.3.1
Key Usage Extensions
KeySpec
Serial number written to registry
        The serial number written to the registry does not match this certificate
        Expected registry entry: EC1F000000005F091563
        Actual registry entry:   BA2100000000EE9FA61A
Certification chain
        There is a valid certification chain installed for this cert,
        but the remote machines' certificates could potentially be issued from
        different CAs.  Make sure the proper CA certificates are installed
        for these CAs.

Examining cert - Serial number 1AA69FEE0000000021BA
---------------------------------------------------
Cert subjectname
        The SubjectName of this cert does not match the FQDN of this machine.
        Actual - CN="<scom2012.ameriabank.local>"
        Expected (case insensitive)- CN=SCOM2012.ameriabank.local
Private key
Expiration
Enhanced Key Usage Extension
Key Usage Extensions
KeySpec
Serial number written to registry
Certification chain
        There is a valid certification chain installed for this cert,
        but the remote machines' certificates could potentially be issued from
        different CAs.  Make sure the proper CA certificates are installed
        for these CAs.

Examining cert - Serial number 2C472DF53281849348E2F90321216DA2
---------------------------------------------------
Cert subjectname
Private key
Expiration
Enhanced Key Usage Extension
        Enhanced key usage extension does not meet requirements.
        Required EKUs are 1.3.6.1.5.5.7.3.1 and 1.3.6.1.5.5.7.3.2
        EKUs found on this cert are:
        1.3.6.1.5.5.7.3.1
Key Usage Extensions
        Key usage extension exists but does not meet requirements.
        A KeyUsage extension matching 0xA0 (Digital Signature, Key Encipherment)
        or better is required.
        KeyUsage found on this cert matches:
        DataEncipherment, KeyEncipherment
KeySpec
Serial number written to registry
        The serial number written to the registry does not match this certificate
        Expected registry entry: A26D212103F9E2489384
        Actual registry entry:   BA2100000000EE9FA61A
Certification chain
        The following error occurred building a certification chain with this cert:
        A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

        This is an error if the certificates on the remote machines are issued
        from this same CA - CN=scom2012.ameriabank.local
        Please ensure the certificates for the CAs which issued the certificates configured
        on the remote machines is installed to the Local Machine Trusted Root Authorities
        store on this machine.
PS C:\Users\administrator.AMERIABANK>
0
 

Author Comment

by:ameriaadmin
ID: 39778482
i will install new ca and than try to solve the issue
0
 

Accepted Solution

by:
ameriaadmin earned 0 total points
ID: 39925616
the monitoring server out from domain it is not possible without enterprise ca.
0
 

Author Closing Comment

by:ameriaadmin
ID: 39925619
i have install the new ca server, becose with olde one it was not possible to monitor non domain servers. with enterprise ca now it is possible.
i have used the guide
http://blogs.technet.com/b/stefan_stranger/archive/2012/04/17/monitoring-non-domain-members-with-om-2012.aspx
all is ok.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
How to record audio from input sources to your PC – connected devices, connected preamp to record vinyl discs, streaming media, that play through your audio card: Vista, Windows 7, Windows 8, Windows 8.1 and Windows 10 – both 32 bit & 64.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

775 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question