Setting up Server Certificate for System Center Operational Manager (SCOM) Authentication.

When an Operations Manager agent and management server are separated by either an untrusted forest or workgroup boundary, certificate-based authentication will need to be implemented.

This Guide provides a description of the process setting up a new server certificate for use in System Center Operational Manager (SCOM) authentication. Perform the following to setup a new server certificate.

    1.  Login to the server.

    2.  Copy the MOMCertImport.exe tool from the installation media or from the \SupportTools\<platform> (i386 or ia64) directory to the root of the target SCOM Management Servers.

    3.  Open a Command Prompt window and change the directory to the directory where MOMCertImport.exe is located, and then run MOMCertImport /Remove (if old certificate exists).

    4.  Run momcertimport.exe /SubjectName <certificate subject name>.
Results:
·        The message “Successfully installed the certificate. Please check Operations Manager log in event viewer to check channel connectivity” is received.
·        When the MOMCertImport tool has finished, the serial number of the certificate that was imported is written to the registry at the following subkey.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings


    5.  Restart the Health Service Run:
·        net stop healthservice
·        net start healthservice

    6.  Verify the certificate was properly installed via the Operations Manager event log.

Example:  Of the Operations Manager event log with certificate loaded successfully.


Comments

Post a Comment

Popular posts from this blog

SCORCH 2016 Migration issue: an error occurred saving the activity to the data store Please check the orchestrator management service trace logs

Issue  After migrating to System Center Orchestrator 2016,  you encounter this error: An error occurred saving the activity to the data store Please check the orchestrator management service trace logs  The Management Service log (C:\ProgramData\Microsoft System Center 2012\Orchestrator\ManagementService.exe\Logs) contains only thes line for every attempt 2015-10-15 12:45:02 [3752] 1 COpalisManager::ModifyObject::CheckAccess (HRESULT=0x80070005) 2015-10-15 13:16:09 [3176] 1 COpalisManager::ModifyObject::CheckAccess (HRESULT=0x80070005) 2015-10-15 13:17:21 [3176] 1 COpalisManager::ModifyObject::CheckAccess (HRESULT=0x80070005) Cause This happens because the Runbook has an Email activity with attachment. This is a known bug with System Center Orchestrator 2016. Workaround If you only have few runbooks with  Email activity with attachment .you can perfrom these 2 workarounds: 1)  You need to remove the attachements and re-add in order to ch...
Read more

Useful Orchestrator T-SQL Queries

In this article, I will share some useful T-SQL queries for Orchestrator 2012. --List all active Runbooks in your environment SELECT       [Name]       FROM [Orchestrator].[dbo].[POLICIES]   where [Deleted] = '0' --Find Runbook/Parameter GUIDs for Web Service call Select lower(POLICIES.UniqueID) as RunbookID, lower(CUSTOM_START_PARAMETERS.UniqueID) as ParameterID, CUSTOM_START_PARAMETERS.value From POLICIES INNER JOIN OBJECTS  on POLICIES.UniqueID = OBJECTS.ParentID LEFT OUTER JOIN CUSTOM_START_PARAMETERS on OBJECTS.UniqueID = CUSTOM_START_PARAMETERS.ParentID Where POLICIES.Name = 'CloseIncident' and policies.deleted = 0 --List  Runbooks are currently running SELECT J.[RunbookId], P.[Name], A.[Computer] FROM [Orchestrator].[Microsoft.SystemCenter.Orchestrator.Runtime.Internal].[Jobs] J INNER JOIN [dbo].POLICIES P ON J.RunbookId = P.UniqueID INNER JOIN [dbo].[ACTIONSERVERS] A ON J.RunbookServerId = A.UniqueID WHER...
Read more

Error in Orchestrator Web console and Web Service after moving Database

Image
I encountered these errors with Orchestrator Web console and Web Service Web console Errors: 1) Error executing the current operation [Arg_SecurityException] [ httpWebRequest_WebException_RemoteServer] Arguments: NotFound Debugging resource strings are unavailable. Often the key and arguments provide sufficient information to diagnose the problem 2) Error executing the current operation. Web Service Error: Orchestrator server encountered an error processing the request. The exception message is 'Keyword not supported: 'server'.'. See server logs for more details This happened after moving the database server. However, I have used the same process to fix issues with Web Console after a new installation. I updated the Data Store Configuration and the connection string in IIS Manager. This was recommended by this post: https://social.technet.microsoft.com/Forums/en-US/c3afc430-5811-4c8c-a797-79c98459d792/console-fails-to-open-error-executi...
Read more