Monitoring Workgroup Computers with OpsMgr 2007 and Certificates
-
Friday, June 15, 2012 4:21 PM
I'm having trouble getting OpsMgr 2007 to monitor a workgroup computer, ip number 192.168.175.10, the management server is getting this error
Log Name: Operations Manager
Source: OpsMgr Connector
Date: 6/15/2012 8:25:14 AM
Event ID: 21010
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MOMMS1.mydomain.com
Description:
The OpsMgr Connector negotiated the use of mutual authentication with 192.168.175.10:51941, but Active Directory is not available and no certificate is installed. A connection cannot be established.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="OpsMgr Connector" />
<EventID Qualifiers="49152">21010</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-06-15T15:25:14.000000000Z" />
<EventRecordID>18096</EventRecordID>
<Channel>Operations Manager</Channel>
<Computer>MOMMS1.mydomain.com</Computer>
<Security />
</System>
<EventData>
<Data>192.168.175.10:51941</Data>
</EventData>
</Event>The server, MOMMS1.mydomain.com, is a Management Server that's connected to our RMS with a single Management Group. Both OpsMgr servers are in our AD domain and have our Root CA cert. I've added the Root CA cert to the Workgroup computer.
I did create a OpsMgr 2007 Cert Template for Client and Server authorization and then generated a cert from that for use on the Workgroup computer. I imported it with MOMCertImport.
Do I need to create and import a cert from that template to be imported into the RMS and MS too?
Orange County District Attorney
All Replies
-
Friday, June 15, 2012 4:54 PM
Hi Sandy,
Take a look at these links,
http://technet.microsoft.com/en-us/library/bb735413.aspx - For a 2003 Enterprise CA
http://technet.microsoft.com/en-us/library/bb735417 - For a 2003 Stand alone CA
http://technet.microsoft.com/en-us/library/dd362553 - For a 2008 Enterprise CA
http://technet.microsoft.com/en-us/library/dd362655 - For a 2008 Stand Alone CA\
Additionally, check if you have allowed for agents to be approved,
Go to Administration -> Settings -> Security
Here click the radio button for "Review new manual installations in pending management view"
Let us know if this works.
Regards, Dhanraj
-
Friday, June 15, 2012 6:03 PM
Thanks for the info Dhanraj. I'll take a look at the 2003 Enterprise CA link, that's what we have.
The other issue I've had is when I try to request a cert, from a Windows 2008 R2 system, it doesn't allow the request to go through, saying it needs https to complete. Our current 2003 Enterprise CA is only http. Is there a way around this?
Orange County District Attorney
-
Saturday, June 16, 2012 1:56 AMModerator
Hi Sandy,
You may want to read this: http://en-us.sysadmins.lv/Lists/Posts/Post.aspx?ID=5
http://OpsMgr.ru/
-
Saturday, June 16, 2012 10:12 AM
AFAIK Win 2003 CA authority won't support issuing certificate to windows 2008 r2 server, need to double check..
Thanks,
Varun
-
Saturday, June 16, 2012 11:04 AMModeratorWindows Server 2008 R2 server can use a certificate issued by a Windows Server 2003 CA. Windows Server 2003 servers can use a certificates issued by a Windows Server 2008 R2 CA only if CNG (Cryptography Next Generation) were not enabled.
http://OpsMgr.ru/
-
Sunday, June 17, 2012 12:34 AM
Do I need to create and import a cert from that template to be imported into the RMS and MS too?
Hi,
Yes, you have to create and import a certificate for the MS that the agent will connect to..
So, If you have MS1 and Agent1, then you need 2 certificates and a new certificate for each new Workgroup Agent you need to monitor..Hope this helps..
Regards, Mazen Ahmed
-
Monday, June 18, 2012 2:10 PM
Mazen,
That was the missing piece for me. I forgot to MOMCertimport.exe on the newly addedd MS. Once I did that all worked as expected.
Orange County District Attorney
- Proposed As Answer by IcI Monday, June 18, 2012 11:36 PM
- Marked As Answer by Graham DaviesMVP, Moderator Sunday, June 24, 2012 8:35 AM
.png)
