I have a client with lots of servers in the DMZ (part are domain members, others on workgroup). We have installed a SCOM Gateway server in the DMZ, created the Certificate Templates and issued Certificates to every server in the DMZ. Everything was working pretty well.
The someday I noticed that two of the servers became grey in the SCOM Console – not monitored. There was and alert about that issue, but I’m not looking on the alerts view.
I have immediately investigated and found that the servers are online and responsive. Network was also fine – I was able to telnet the SCOM GW server on port 5723.
I the noticed the following error in the ‘Operations Manager’ log:
The OpsMgr Connector cannot create a mutually authenticated connection to SCOM_GW because it is not in a trusted domain.
Not in a trusted domain? Duh, it’s on workgroup…
I suspected that something is wrong with the Certificate I have issue and installed on the server, but I remember for certain that the server was monitored and everything was ok. In spite that, I have decided to run the MOMCERTIMPORT tool once again:
MOMCERTIMPORT.exe /SubjectName Cert’s_CN
Once I ran the command I looked in the ‘Operations Manager’ log and noticed and error about the certificate:
There is a mismatch between the computer name and the Subject Name of the Certificate? But that was working… did someone changed the computer name and said nothing to me?
Looking a bit further in the event viewer I’ve noticed the following event:
So someone did change the computer name…
I issued a new Certificate for the server and after about 10 seconds it appeared in the SCOM console as ‘Pending Management’. Approved it, now everything is back to normal!