SCOM 2022 agents in trusted domain

Bojan Zivkovic 486 Reputation points
2024-12-01T18:22:32.18+00:00

Hi, since I have a 2-way forest trust with selective authentication between a single-domain forest hosting SCOM 2022 Management Server and a single-domain forest hosting servers I want to monitor, what are detailed steps to perform to get rid of following errors:

Failed to initialize security context for target MSOMHSvc/SCOMServerFQDN. The error returned is 0xC0000413(0xC0000413). This error can apply to either the Kerberos or the SChannel package.

OpsMgr was unable to set up a communications channel to SCOMServerFQDN and there are no failover hosts. Communication will resume when SCOMServerFQDN is available and communication from this computer is allowed.

Operations Manager
Operations Manager
A family of System Center products that provide infrastructure monitoring, help ensure the predictable performance and availability of vital applications, and offer comprehensive monitoring for datacenters and cloud, both private and public.
1,515 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. XinGuo-MSFT 20,156 Reputation points
    2024-12-02T07:54:14.49+00:00

    Hi,

    Could you please share your New Trust configuration? I'd like to test it in my lab.

    This domain: A.com
    Specified domain: B.com
    
    Direction:
    Incoming: Users in the local domain can authenticate in the specified domain.
    
    Trust type: Forest trust
    
    Transitive: Yes
    
    Outgoing trust authentication level: Selective authentication.
    
    Sides of trust: Create the trust for both this domain and the specified domain.
    

    Capture.PNG

    0 comments No comments

  2. AlexZhu-MSFT 6,036 Reputation points Microsoft Vendor
    2024-12-02T08:17:14.1966667+00:00

    Hi,

    Other than sticking on the authentication, if possible, we may consider bypassing it, regarding the agent as that in the untrusted domain (workgroup) and install the agent via the certificate. Here's two guides that we can follow:

    Monitoring non-domain members with OM 2012

    Monitoring untrusted servers using SCOM, a step-by-step guide

    Regards,

    Alex Zhu

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.