Share via

Unable to add work group server 2008 version in SCOM 2019 monitoring using certificate

AdamMohamed-3032 61 Reputation points
2024-12-22T13:59:42.64+00:00

Hello All,

I need a confirmation that is it possible to add server 2008 version work group server in SCOM monitoring using certificate. (SCOM template).

We have created a certificate template using below blakedrumm article.

https://blakedrumm.com/blog/create-operations-manager-certificate-template/

5723 port is open and able to telnet from agent server.

Post importing the .pfx certificate both in management server and agent server i have run the momcert tool.

but no luck and received below error.

Error 1 : OpsMgr was unable to set up a communications channel to MS server.com and there are no failover hosts.  Communication will resume when MS. server.com is available and communication from this computer is allowed.

error 2 : The OpsMgr Connector connected to MS. server.com, but the connection was closed immediately without authentication taking place.  The most likely cause of this error is a failure to authenticate either this agent or the server .  Check the event log on the server and on the agent for events which indicate a failure to authenticate.

Please advise how to fix this.

Thanks,

Adam

Operations Manager
Operations Manager
A family of System Center products that provide infrastructure monitoring, help ensure the predictable performance and availability of vital applications, and offer comprehensive monitoring for datacenters and cloud, both private and public.
1,515 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. XinGuo-MSFT 20,156 Reputation points
    2024-12-23T06:40:20.75+00:00

    Hi,

    It sounds like you're encountering some common issues with certificate-based authentication in SCOM.

    Here are a few steps to help troubleshoot and resolve these errors:

    1. Check Certificate Validity:
      • Ensure that the certificate is valid and not expired.
      • Verify that the certificate's subject name matches the FQDN of the server.
    2. Import Certificates Correctly:
      • Confirm that the certificate is imported into the Local Computer's Personal store on both the management server and the agent server.
      • Ensure the root CA certificate is imported into the Trusted Root Certification Authorities store.
    3. Run MOMCertImport Tool:
      • After importing the certificates, run the MOMCertImport.exe tool on both the management server and the agent server to ensure the certificates are correctly configured.
    4. Check DNS Resolution:
      • Verify that both the management server and the agent server can resolve each other's FQDNs using DNS. Use the nslookup command to check this.
    5. Review Event Logs:
      • Check the Operations Manager event logs on both the management server and the agent server for any errors related to certificate validation or connectivity issues.
    6. Clear Cache:
      • Try clearing the cache on the management server. You can do this by stopping the HealthService, deleting the Health Service State folder, and then restarting the service.

    If these steps don't resolve the issue, you might want to look into more detailed troubleshooting guides.

    https://learn.microsoft.com/en-us/troubleshoot/system-center/scom/troubleshoot-agent-connectivity-issues

    How to monitor WORKGROUP server in SCOM?

    System Center 2019 - Microsoft Monitoring Agent

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.