Hello,
I suggest you setup a gateway server on the un-trusted domain. Without gateway server, you need to import certificate to every server you want to monitor on the untrusted domain.
Please follow the link below regarding to monitoring untrusted domain:
https://blogs.technet.microsoft.com/predrag_oparnica/2013/07/11/tech-day-2013-denmark-monitoring-untrusted-domains-with-scom-2012-sp1/
In addition, please post the error message if you have problem when you try to import cert to servers.
Here is a blog for untrusted domain monitoring, it should be also helpful for you:
https://pkjayan.wordpress.com/2010/05/17/agent-managed-untrusted-servers-step-by-step-guide/
Regards,
Yan Li
Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
