locked
SCOM (Certificate Installation) RRS feed

  • Question

  •  

    I'm currently at a loss as to what is happening & I've read several documents as to how the certificates are to be imported & everything appeared to be successful the first couple of times but the event log is showing that I'm missing one of the Usages below:

     

    Enhanced Key Usage: Client Authentication (1.3.6.1.5.5.7.3.2), Server Authentication (1.3.6.1.5.5.7.3.1)

     

    * I also read that I need to export the authority certificate but I'm not seeing where or how this is done so can you tell me if this is the correct method?

    1. On the Advanced Certificate Request page, do the following:
    2. Under Identifying Information, in the Name field, enter the fully qualified domain name (FQDN) of the computer you are requesting the certificate for. For the remaining fields, enter the appropriate information.

    Note

    Event ID 20052 of type Error is generated if the FQDN entered into the Name field does not match the computer name.

    1. Under Type of Certificate Needed, click the list and select Other. In the OID field, enter 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2.
    2. Under Key Options, click Create a new key set; in the CSP field, select Microsoft Enhanced Cryptographic Provider v1.0; under Key Usage, select Both; under Key Size, select 1024; select Automatic key container name; select Mark keys as exportable; clear Export keys to file; clear Enable strong private key protection; and then click Store certificate in the local computer certificate store.
    3. Under Additional Options, under Request Format, select CMC; in the Hash Algorithm list, select SHA-1; clear Save request to a file; and then in the Friendly Name field, enter the fully qualified domain name (FQDN) of the computer that you are requesting the certificate for.
    4. Click Submit.
    5. If a Potential Security Violation dialog box is displayed, click Yes

    * From this point the certificates need to be imported at SCOM, Essentials & Gateways residing between?                                                                                

                                                                      

    Friday, May 23, 2008 12:13 AM

Answers

All replies

  • I think all is well with the certificates but am recieving a new managment error:

     

    Error:

    Microsoft.EnterpriseManagement.Common.LocationMonitoringObjectNotManagedException: The location monitoring object is not managed.

       at Microsoft.EnterpriseManagement.DataAbstractionLayer.SdkDataAbstractionLayer.HandleSubmitTaskIndigoExceptions(Exception ex)

       at Microsoft.EnterpriseManagement.DataAbstractionLayer.AdministrationOperations.LaunchDiscovery(Guid batchId, List`1 jobDefinitions)

       at Microsoft.EnterpriseManagement.Administration.ManagementServer.BeginExecuteWindowsDiscovery(IList`1 discoveryConfigurations, AsyncCallback callback, Object state)

       at Microsoft.EnterpriseManagement.Mom.Internal.UI.Administration.DiscoveryProgress.<>c__DisplayClass7.<SubmitTask>b__3(Object , ConsoleJobEventArgs )

       at Microsoft.EnterpriseManagement.Mom.Internal.UI.Console.ConsoleJobExceptionHandler.ExecuteJob(IComponent component, EventHandler`1 job, Object sender, ConsoleJobEventArgs args)

     

    Any Ideas?

     

    - Xing

     

    Friday, May 23, 2008 11:55 PM
  • Nevermind,

     

    I believe the awnser lies here: http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=2247163&SiteID=17

     

    However, if someone believes this to be an alternate case let me know?

     

    Thanks & Good Work Justin!!!

     

    - Xing

    Saturday, May 24, 2008 12:09 AM