Jump to content


  • 0
toratb

How to install a monitor agent on a server in workgroup/domain in DMZ

Question

Same procedure for a gateway server in DMZ

 

1.1 - Generating the certificate

 

RDP to your Operations Manager (it's a good idea to have all the certificates at one server)
Start Internet Explorer and navigate to: https://yourCAserver/certsrv

 

post-17845-0-03898200-1481014327.png

 

post-17845-0-53010200-1481014327.png

 

post-17845-0-93371400-1481014327.png

 

post-17845-0-42781600-1481014328.png

If the server in DMZ is in a domain, you need the FQDN (for example servername.domainindmz.local)

If the server is in workgroup, the servername is sufficient

 

post-17845-0-95931600-1481014328_thumb.png

 

post-17845-0-46956000-1481014330.png

 

post-17845-0-97595500-1481014330.png

 

Export the Company Root Chain Certificate also! You need both installed on the server in workgroup/domain in DMZ in order for it to communicate with our servers.

 

1.2 - Exporting the certificate to file

 

Start – run – mmc.exe
Add snap-in – Certificate – My User Account
Find the Certificate we Generated and installed, right click and choose Export

 

post-17845-0-49773400-1481014331.png

 

post-17845-0-98739400-1481014331.png

 

post-17845-0-12005800-1481014332.png

 

post-17845-0-47493100-1481014338.png

 

post-17845-0-94663300-1481014338.png

 

 

Use a password (you will need it later)

 

2 - Install agent and certificate

 

Log on to the server in DMZ (remember to map local drive for copying files over)

 

2.1 - Install agent

 

2.1.1 - Uninstall the SCOM2007 agent if present

 

post-17845-0-47172300-1481014339.png

 

2.1.2 - Copy folders/files needed for install to server C:\temp

\\tsclient\D\Backup\Setup\System Center 2012\SCOM\SW_DVD5_Sys_Ctr_Ops_Mgr_Svr_2012_English_MLF_X17-95297\
AGENT
SUPPORTTOOLS
ServerName for scom2012.pfx

 

post-17845-0-61472000-1481014339.png

 

2.1.3 - Install SCOM2012 agent

 

Use momagent.msi : (here C:\temp\AGENT\I386\MOMAGENT.MSI)

 

post-17845-0-73012600-1481014339.png

 

post-17845-0-85673100-1481014339.png

 

NB! All certificates use FQDN, so your servers in DMZ need to have a reference to YourManagementServer.yourdomain.com in their HOSTS file
Using the IP here will not work, you NEED the FQDN!

 

post-17845-0-97144000-1481014339.png

 

2.1.4 - Import Certificate

 

Start – Run – cmd
C:\temp\SUPPORTTOOLS\I386\MOMCERTIMPORT.EXE "C:\temp\ServerName for scom2012.pfx"

 

post-17845-0-11208100-1481014340.png

Update! Import the Root chain certificate on the server in workgroup/domain in DMZ also.

 

post-17845-0-22750000-1481014340.png

 

2.1.5 - Approve the manual agent in SCOM 2012 console

 

post-17845-0-37494900-1481014340.png

 

 

 

Error handling!

Common mistakes is network equipment blocking ports for communication. A quick test it to use telnet on port to see if it can connect or not.

 

Don't forget to use the eventlog!

 

post-17845-0-33510300-1481014344.png

 

-Tor

Share this post


Link to post
Share on other sites

0 answers to this question

Recommended Posts

There have been no answers to this question yet

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.