I have installed my Gateway server and it is saying 'not monitored' in the Operations Console. The only error I have is the 20070 error which you say is generic on the gateway server.

I only have ports open from the Gateway in the DMZ on 5723 to the RMS on the internal LAN, as per the documentation on MS Technet, however I have seen a number of posts and blogs that say I need to open access in both directions.

Can someone confirm this please?

Regards,
Michael



Pete Zerger (MVP) wrote:

Hello adsukhai,the 20070 and 21016 are generic error you see in every failure
13-Jan-09

Hello adsukhai

the 20070 and 21016 are generic error you see in every failure and will not
help you much. The error of interest in your case is this on

20067 - The failure code on the certificate was 0x800B010A (A certificate
chain could not be built to a trusted root authority).

Make sure the CA chain that issued the certificates for both parties (even
if these are different CAs) is listed in the "Trusted Root Certificate Authorities"
store on the Gateway server. Mutual authentication will fail for any computer
that does not trust the issuer of the certificates

Regards

Pete Zerger, MCSE(Messaging) | MCTS(SQL 2005) | MCTS(Opsmgr) | MVP - Opsmg
URL:http://www.systemcenterforum.or
User Group: http://www.systemcenterusergroup.co
MP Catalog: http://www.systemcenterforum.org/mp
Tools: http://www.systemcenterforum.org/tools/

Previous Posts In This Thread:

On Monday, January 12, 2009 4:06 AM
adsukha wrote:

My SCOM cannot monitor a Gateway Server
Hello,

I installed my SCOM 2007 successfully and that works fine. Now I want to
monito
via SCOM 2007 servers and workgroups in un-trusted domains. But I see the
gateway serve
is not monitored in SCOM 2007.

I followed the guide of System Center Forum (Gateway Server and
Certificate-base
Authorization Scenarios in Operations Manager 2007) and I don't understand
why I am seeing
issues. I tried many different things to solve those issues by following the
website of Wolzak.
(http://www2.wolzak.com/index.php?option=com_content&task=view&id=15&Itemid=9) and other websites.

Firewall Rules:
SYM-SCOM - 5723 tested via telnet and works fine.
SCOM-SYM - 5723 tested via telnet and works fine.

I get 2 errors, 2 warnings and 1 information (this is not good) on the Sym
side
Event Type: Erro
Event Source: OpsMgr Connecto
Event Category: Non
Event ID: 2007
Date: 9-1-200
Time: 14:24:2
User: N/
Computer: SYMBSXXX
Description
The OpsMgr Connector connected to opsmgr.oe.local, but the connection was
closed immediately after authentication occured. The most likely cause of
this error is that the agent is not authorized to communicate with the
server, or the server has not received configuration. Check the event log on
the server for the presence of 20000 events, indicating that agents which are
not approved are attempting to connect

Event Type: Erro
Event Source: OpsMgr Connecto
Event Category: Non
Event ID: 2101
Date: 9-1-200
Time: 14:24:2
User: N/
Computer: SYMBSXXX
Description
OpsMgr was unable to set up a communications channel to opsmgr.oe.local and
there are no failover hosts. Communication will resume when opsmgr.oe.local
is both available and allows communication from this computer

??
Event Type: Informatio
Event Source: OpsMgr Connecto
Event Category: Non
Event ID: 2102
Date: 9-1-200
Time: 14:26:0
User: N/
Computer: SYMBSXXX
Description
OpsMgr has no configuration for management group OE-MG and is requesting new
configuration from the Configuration Service

Event Type: Warnin
Event Source: OpsMgr Connecto
Event Category: Non
Event ID: 2006
Date: 9-1-200
Time: 14:06:0
User: N/
Computer: SYMBSXXX
Description
A device at IP 84.81.84.15:5723 attempted to connect but the certificate
presented by the device was invalid. The connection from the device has been
rejected. The failure code on the certificate was 0x800B010A (A certificate
chain could not be built to a trusted root authority

Event Type: Warnin
Event Source: OpsMgr Connector
Event Category: None
Event ID: 21002
Date: 9-1-2009
Time: 14:06:01
User: N/A
Computer: SYMBSXXXX
Description:
The OpsMgr Connector could not accept a connection from 84.81.84.15:5723
because mutual authentication failed.


How can I solve the above problems? Hopefully you can help me by solving
this difficult problem.

In advance thanks!

With regards,

A. Sukhai

On Tuesday, January 13, 2009 8:33 PM
Pete Zerger (MVP) wrote:

Hello adsukhai,the 20070 and 21016 are generic error you see in every failure
Hello adsukhai,

the 20070 and 21016 are generic error you see in every failure and will not
help you much. The error of interest in your case is this one

20067 - The failure code on the certificate was 0x800B010A (A certificate
chain could not be built to a trusted root authority).

Make sure the CA chain that issued the certificates for both parties (even
if these are different CAs) is listed in the "Trusted Root Certificate Authorities"
store on the Gateway server. Mutual authentication will fail for any computer
that does not trust the issuer of the certificates.


Regards,

Pete Zerger, MCSE(Messaging) | MCTS(SQL 2005) | MCTS(Opsmgr) | MVP - Opsmgr
URL:http://www.systemcenterforum.org
User Group: http://www.systemcenterusergroup.com
MP Catalog: http://www.systemcenterforum.org/mps
Tools: http://www.systemcenterforum.org/tools/


Submitted via EggHeadCafe - Software Developer Portal of Choice
Multicast IP Messaging Infrastructure Part I
http://www.eggheadcafe.com/tutorials/aspnet/664aa217-2a54-4d0a-b26e-c4a8285b07f4/multicast-ip-messaging-in.aspx