I received an alert stating that my gateway/management server certs expired. I created a new cert and imported into the personal cert stores. I then deleted the old cert under operations manager and replaced it using momcertimport with the new personal cert. After which, my gateway server is no longer communicating with my management server? Not sure what to do next. Certs are setup same as prior, no change, other than new certs replacing the old.
Thanks ahead of time,
Do you see any error in the operations manager log on the management server and the scom server?
I had an issue where the cert did not contain the cn in the subject alternative name field.
Restart the Microsoft Monitoring Agent on the Gateway Server and check for the following INFORMATIONAL events (they are not errors \ warnings) in the Operations Manager event log:
- Look for event id 20052 on the agent stating that the “Specified certificate could not be loaded because the subject name on the certificate does not match the local computer name”.
- It might be that you have a typo in one of the configuration settings.
- It might be that the registry didn’t update correctly with the certificate thumbprint (cross reference this to the certificate although note that it will be “back to front” in the certificate:
- Look for event id 20053 after running MomCertImport – this indicates the cert was loaded properly.
It was a simple resolution. Our documentation for the cert name did not include the Domain name due to the gateway server being in an un-trusted DMZ with no domain. All I missed was adding the domain name on the certificate for the management servers.