install SCOM 2007 SP1 agent / monitor on a standalone server
the CEO wanted their web server be monitored. that web server is a standalone server.
to get standalone server working with SCOM 2007 SP1 ... certificate communication is key.
CA need be setup in your domain, then a particular certificate need be issued to the SCOM server and the standalone server.
then on both the SCOM server and the standalone server (or workgroup server if you like), run MOMcertimport, there are 32 /64 bits of this util s/w.
next, you can manually install the agent on the standalone server.
it may take a while before the communication established, watch the opmgr log for details.
the certificate must match the server FQDN name, otherwise you will get errors.
in my case , the CA is windows 2008 R2 STD, the workgroup server is windows 2008
to generate certs, first get the CA web interface going like http://myboomer/certsrv
then in certificate MMC, duplicate a template to be issued , it should do client and server authentication
then in CA website, you can generate and download and install the scom cert.
the interesting is in the workgroup server , I can't do that directly, the error is something like I should use https rather than http. the trick is add the CA site to the trusted site and enable "ignore active x scripts signing" ; another problem is that I can't change trusted site default settings coz it is all greyed out. the solution is right-click on IE, then select run as administrator, then you should be able to change it
now the links
http://technet.microsoft.com/en-us/library/bb735413.aspx
and I copy some here
here is another one which got the cmd line , to generate request , and accept certs
http://blogs.technet.com/b/momteam/archive/2008/06/02/obtaining-certificates-for-ops-mgr.aspx
the CEO wanted their web server be monitored. that web server is a standalone server.
to get standalone server working with SCOM 2007 SP1 ... certificate communication is key.
CA need be setup in your domain, then a particular certificate need be issued to the SCOM server and the standalone server.
then on both the SCOM server and the standalone server (or workgroup server if you like), run MOMcertimport, there are 32 /64 bits of this util s/w.
next, you can manually install the agent on the standalone server.
it may take a while before the communication established, watch the opmgr log for details.
the certificate must match the server FQDN name, otherwise you will get errors.
in my case , the CA is windows 2008 R2 STD, the workgroup server is windows 2008
to generate certs, first get the CA web interface going like http://myboomer/certsrv
then in certificate MMC, duplicate a template to be issued , it should do client and server authentication
then in CA website, you can generate and download and install the scom cert.
the interesting is in the workgroup server , I can't do that directly, the error is something like I should use https rather than http. the trick is add the CA site to the trusted site and enable "ignore active x scripts signing" ; another problem is that I can't change trusted site default settings coz it is all greyed out. the solution is right-click on IE, then select run as administrator, then you should be able to change it
now the links
http://technet.microsoft.com/en-us/library/bb735413.aspx
and I copy some here
To create a certificate template
- On the computer that is hosting your enterprise CA, on the Windows desktop, click Start, point to Programs, point to Administrative Tools, and then click Certification Authority.
- In the navigation pane, expand the CA name, right-click Certificate Templates, and then click Manage.
- In the Certificate Templates console, in the results pane, right-click IPSec (Offline request), and then click Duplicate Template.
- In the Properties of New Template dialog box, on the General tab, in the Template display name text box, type a new name for this template (for example, OperationsManagerCert).
- On the Request Handling tab, select Allow private key to be exported, and then click CSPs.
- In the CSP Selection dialog box, select the cryptographic service provider that best suits your business needs, and then click OK.
here is another one which got the cmd line , to generate request , and accept certs
http://blogs.technet.com/b/momteam/archive/2008/06/02/obtaining-certificates-for-ops-mgr.aspx
No comments:
Post a Comment