Hi all,
I received an alert stating that my gateway/management server certs expired. I created a new cert and imported into the personal cert stores. I then deleted the old cert under operations manager and replaced it using momcertimport with the new personal cert. After which, my gateway server is no longer communicating with my management server? Not sure what to do next. Certs are setup same as prior, no change, other than new certs replacing the old.
Thanks ahead of time,
Jeremy
Do you see any error in the operations manager log on the management server and the scom server?
I had an issue where the cert did not contain the cn in the subject alternative name field.
Restart the Microsoft Monitoring Agent on the Gateway Server and check for the following INFORMATIONAL events (they are not errors \ warnings) in the Operations Manager event log:
Graham
It was a simple resolution. Our documentation for the cert name did not include the Domain name due to the gateway server being in an un-trusted DMZ with no domain. All I missed was adding the domain name on the certificate for the management servers.
This should resolve the issue - a restart of the agent is required in order for it to pick up the new certificate.
Is this still an issue or has it been resolved? The other problem you might have faced is if you have changed your Certificate Services infrastructure. I have come across a few occasions when SCOM was originally deployed with a standalone certificate server but over time the SCOM team had to fall in line with the company standards and use the Domain certificate services. This would mean updating all the certificates.