RDP to your Operations Manager (it's a good idea to have all the certificates at one server) Start Internet Explorer and navigate to: https://yourCAserver/certsrv
If the server in DMZ is in a domain, you need the FQDN (for example servername.domainindmz.local)
If the server is in workgroup, the servername is sufficient
Export the Company Root Chain Certificate also! You need both installed on the server in workgroup/domain in DMZ in order for it to communicate with our servers.
1.2 - Exporting the certificate to file
Start – run – mmc.exe Add snap-in – Certificate – My User Account Find the Certificate we Generated and installed, right click and choose Export
Use a password (you will need it later)
2 - Install agent and certificate
Log on to the server in DMZ (remember to map local drive for copying files over)
2.1 - Install agent
2.1.1 - Uninstall the SCOM2007 agent if present
2.1.2 - Copy folders/files needed for install to server C:\temp
\\tsclient\D\Backup\Setup\System Center 2012\SCOM\SW_DVD5_Sys_Ctr_Ops_Mgr_Svr_2012_English_MLF_X17-95297\ AGENT SUPPORTTOOLS ServerName for scom2012.pfx
2.1.3 - Install SCOM2012 agent
Use momagent.msi : (here C:\temp\AGENT\I386\MOMAGENT.MSI)
NB! All certificates use FQDN, so your servers in DMZ need to have a reference to YourManagementServer.yourdomain.com in their HOSTS file Using the IP here will not work, you NEED the FQDN!
2.1.4 - Import Certificate
Start – Run – cmd C:\temp\SUPPORTTOOLS\I386\MOMCERTIMPORT.EXE "C:\temp\ServerName for scom2012.pfx"
Update! Import the Root chain certificate on the server in workgroup/domain in DMZ also.
2.1.5 - Approve the manual agent in SCOM 2012 console
Error handling!
Common mistakes is network equipment blocking ports for communication. A quick test it to use telnet on port to see if it can connect or not.
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
Same procedure for a gateway server in DMZ
1.1 - Generating the certificate
RDP to your Operations Manager (it's a good idea to have all the certificates at one server)
Start Internet Explorer and navigate to: https://yourCAserver/certsrv
If the server in DMZ is in a domain, you need the FQDN (for example servername.domainindmz.local)
If the server is in workgroup, the servername is sufficient
Export the Company Root Chain Certificate also! You need both installed on the server in workgroup/domain in DMZ in order for it to communicate with our servers.
1.2 - Exporting the certificate to file
Start – run – mmc.exe
Add snap-in – Certificate – My User Account
Find the Certificate we Generated and installed, right click and choose Export
Use a password (you will need it later)
2 - Install agent and certificate
Log on to the server in DMZ (remember to map local drive for copying files over)
2.1 - Install agent
2.1.1 - Uninstall the SCOM2007 agent if present
2.1.2 - Copy folders/files needed for install to server C:\temp
\\tsclient\D\Backup\Setup\System Center 2012\SCOM\SW_DVD5_Sys_Ctr_Ops_Mgr_Svr_2012_English_MLF_X17-95297\
AGENT
SUPPORTTOOLS
ServerName for scom2012.pfx
2.1.3 - Install SCOM2012 agent
Use momagent.msi : (here C:\temp\AGENT\I386\MOMAGENT.MSI)
NB! All certificates use FQDN, so your servers in DMZ need to have a reference to YourManagementServer.yourdomain.com in their HOSTS file
Using the IP here will not work, you NEED the FQDN!
2.1.4 - Import Certificate
Start – Run – cmd
C:\temp\SUPPORTTOOLS\I386\MOMCERTIMPORT.EXE "C:\temp\ServerName for scom2012.pfx"
Update! Import the Root chain certificate on the server in workgroup/domain in DMZ also.
2.1.5 - Approve the manual agent in SCOM 2012 console
Error handling!
Common mistakes is network equipment blocking ports for communication. A quick test it to use telnet on port to see if it can connect or not.
Don't forget to use the eventlog!
-Tor
Share this post
Link to post
Share on other sites