OpsMgr Connector cannot create a mutually authenticated connection

I have a client with lots of servers in the DMZ (part are domain members, others on workgroup). We have installed a SCOM Gateway server in the DMZ, created the Certificate Templates and issued Certificates to every server in the DMZ. Everything was working pretty well.

The someday I noticed that two of the servers became grey in the SCOM Console – not monitored. There was and alert about that issue, but I’m not looking on the alerts view.

I have immediately investigated and found that the servers are online and responsive. Network was also fine – I was able to telnet the SCOM GW server on port 5723.

I the noticed the following error in the ‘Operations Manager’ log:

The OpsMgr Connector cannot create a mutually authenticated connection to SCOM_GW because it is not in a trusted domain.

Not in a trusted domain? Duh, it’s on workgroup…

I suspected that something is wrong with the Certificate I have issue and installed on the server, but I remember for certain that the server was monitored and everything was ok. In spite that, I have decided to run the MOMCERTIMPORT tool once again:

MOMCERTIMPORT.exe /SubjectName Cert’s_CN

Once I ran the command I looked in the ‘Operations Manager’ log and noticed and error about the certificate:

Certificate issue to a wrong name

Certificate issue to a wrong name

There is a mismatch between the computer name and the Subject Name of the Certificate? But that was working… did someone changed the computer name and said nothing to me?

Looking a bit further in the event viewer I’ve noticed the following event:

Computer Name change event

Computer Name change event

So someone did change the computer name…

I issued a new Certificate for the server and after about 10 seconds it appeared in the SCOM console as ‘Pending Management’. Approved it, now everything is back to normal!

What do you think about this post?