Search the Community

Same procedure for a gateway server in DMZ 1.1 - Generating the certificate RDP to your Operations Manager (it's a good idea to have all the certificates at one server) Start Internet Explorer and navigate to: https://yourCAserver/certsrv If the server in DMZ is in a domain, you need the FQDN (for example servername.domainindmz.local) If the server is in workgroup, the servername is sufficient Export the Company Root Chain Certificate also! You need both installed on the server in workgroup/domain in DMZ in order for it to communicate with our servers. 1.2 - Exporting the certificate to file Start – run – mmc.exe Add snap-in – Certificate – My User Account Find the Certificate we Generated and installed, right click and choose Export Use a password (you will need it later) 2 - Install agent and certificate Log on to the server in DMZ (remember to map local drive for copying files over) 2.1 - Install agent 2.1.1 - Uninstall the SCOM2007 agent if present 2.1.2 - Copy folders/files needed for install to server C:\temp \\tsclient\D\Backup\Setup\System Center 2012\SCOM\SW_DVD5_Sys_Ctr_Ops_Mgr_Svr_2012_English_MLF_X17-95297\ AGENT SUPPORTTOOLS ServerName for scom2012.pfx 2.1.3 - Install SCOM2012 agent Use momagent.msi : (here C:\temp\AGENT\I386\MOMAGENT.MSI) NB! All certificates use FQDN, so your servers in DMZ need to have a reference to YourManagementServer.yourdomain.com in their HOSTS file Using the IP here will not work, you NEED the FQDN! 2.1.4 - Import Certificate Start – Run – cmd C:\temp\SUPPORTTOOLS\I386\MOMCERTIMPORT.EXE "C:\temp\ServerName for scom2012.pfx" Update! Import the Root chain certificate on the server in workgroup/domain in DMZ also. 2.1.5 - Approve the manual agent in SCOM 2012 console Error handling! Common mistakes is network equipment blocking ports for communication. A quick test it to use telnet on port to see if it can connect or not. Don't forget to use the eventlog! -Tor