none
Adding Workgroup (Non Domain Joined) Server in SCOM RRS feed

  • Question

  • Hello,

    I have a workgroup server and I need to monitor it with SCOM. I added CA in environment. I installed self signed certificate in workgroup server. It is not communicating in SCOM. SCOM Server is rejecting the workgroup server.

    DNS is resoling

    Port 5723 is opened.

    Following errors are generating:

    The OpsMgr Connector negotiated the use of mutual authentication with 192.168.3.43:50985, but Active Directory is not available and no certificate is installed. A connection cannot be established

    Regards,

    Anees

    Wednesday, April 5, 2017 5:13 PM

Answers

  • You must issue certificate from CA to workgroup server, install root certificate on SCOM server and workgroup server, install issued certificate to workgroup server into personal computer store of workgroup computer and after that, import it with MomCertImport.
    No self-signed certificates are using.

    Monitoring non-domain members with OM 2012

    MCSAnykey


    Wednesday, April 5, 2017 5:39 PM
  • Hi Shianx,

    The same procedure which Artem S. Smirnov Mentioned, plus generate a certificate for SCOM machine from Root CA and add it in SCOM machine as well. You need to do the following procedure:

    Add following certificates in SCOM Machine:

    Root CA

    SCOM Machine's name Cert generated from Root CA

    Workgroup Machine:

    Root CA

    Workgroup machine's name certificate generated from Root CA

    Hope it'll resolve your issue.

    Regards,

    Anees

    • Marked as answer by AneesUrRehman Tuesday, December 24, 2019 6:02 AM
    Tuesday, December 24, 2019 6:01 AM

All replies

  • You must issue certificate from CA to workgroup server, install root certificate on SCOM server and workgroup server, install issued certificate to workgroup server into personal computer store of workgroup computer and after that, import it with MomCertImport.
    No self-signed certificates are using.

    Monitoring non-domain members with OM 2012

    MCSAnykey


    Wednesday, April 5, 2017 5:39 PM
  • Hello,

    We should import the Root CA certificate into the management server and also the workgroup server. And then request certificates for management server and workgroup server.

    Please refer to the article below for more details:

    https://blogs.technet.microsoft.com/momteam/2015/05/19/monitoring-opsmgr-workgroup-clients-part-2-installing-certificates-and-final-configuration/


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, April 6, 2017 12:43 AM
    Moderator
  • Hi Anees,

    Would you kind to share the procedure how you created/installed self-signed certificate?

    Thank you,


    Shianx

    • Edited by Sheksy Tuesday, November 19, 2019 2:44 PM
    Tuesday, November 19, 2019 2:44 PM
  • Hi Shianx,

    The same procedure which Artem S. Smirnov Mentioned, plus generate a certificate for SCOM machine from Root CA and add it in SCOM machine as well. You need to do the following procedure:

    Add following certificates in SCOM Machine:

    Root CA

    SCOM Machine's name Cert generated from Root CA

    Workgroup Machine:

    Root CA

    Workgroup machine's name certificate generated from Root CA

    Hope it'll resolve your issue.

    Regards,

    Anees

    • Marked as answer by AneesUrRehman Tuesday, December 24, 2019 6:02 AM
    Tuesday, December 24, 2019 6:01 AM