Hi,

You need to read the SCOM deployment guide that is available from the Microsoft TechNet website: http://technet.microsoft.com/en-us/library/bb310604.aspx

SCOM 2007 requires mutual authentication between clients and the management server. That can be via Kerberos or certificates. If you are installing an agent to a client in a domain on the other side of an *external* trust, then Kerberos authentication is not possible over that trust. You need to have a Forest trust.

So:

a)      As mentioned before, please go and look on the client as to why it’s not able to connect to your management server. The reason should be in the Event Logs (either the Ops Manager log or the Application log)

b)      As mentioned before, Kerberos mutual authentication is not possible over an external trust (hint: look at the trust type column in your first screenshot). If you want to use Kerberos authN over one of those trusts it has to be a Forest trust. Or you can use certificates. Or you can deploy a gateway (or MS) in the other domain. Etc. Please read the deployment guide for your options

Cheers

Ken

SCOM Agent port is open from Agent to Management Server.  I confirmed it by using telnet from agent to Management server.

Many Thanks,

Narendra

.

Hi Kevin,

Thank you, I am not good to find the  trust relationship concept. Can you help me to find the trust configuration  Here I am sending the screen shots, please check and give some information about.

By using this configuration is it possible to monitor the Agent. Please let me know if any details require, suggest me to complete this task.

Many thanks,

Narendra.

Please go and look on the client to see why the client is unable to complete the installation or unable to communicate with your management server (e.g. port is blocked by firewall).

Also, if the domain is in another Forest, then you need a Forest trust between the two Forests for Kerberos authentication to work. External trust is not sufficient.

Cheers

Ken

Hi,

Ok.  I tried to install the agent through OpsMgr Console.  I have not applied any certificates and I resolved the FQDN of the host through console.

Agent Managed->Discover wizard…and installed the agent .  I got agent installation is successful.

Then, I got this server in pending list and I am not able to approve this server, because the Approve Option is disabled.

Can anybody faced this issue.  Please suggest me the step to resolve.

Many Thanks

Narendra.

I need to monitor “Full Trust Domain” to my existing domain.  I want to monitor from my existing domain.  Is there any requirement to monitor that “Full trust domain” like certificate….etc

Many Thanks

Narendra

==============
Missed an email? Check out the list archive:
http://myitforum.com/cs2/blogs/momlist/

DISCLAIMER:
This email (including any attachments) is intended for the sole use of the intended recipient/s and may contain material that is CONFIDENTIAL AND PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or distribution or forwarding of any or all of the contents in this message is STRICTLY PROHIBITED. If you are not the intended recipient, please contact the sender by email and delete all copies; your cooperation in this regard is appreciated.

==============
Missed an email? Check out the list archive:
http://myitforum.com/cs2/blogs/momlist/

DISCLAIMER:
This email (including any attachments) is intended for the sole use of the intended recipient/s and may contain material that is CONFIDENTIAL AND PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or distribution or forwarding of any or all of the contents in this message is STRICTLY PROHIBITED. If you are not the intended recipient, please contact the sender by email and delete all copies; your cooperation in this regard is appreciated.

==============
Missed an email? Check out the list archive:
http://myitforum.com/cs2/blogs/momlist/

==============
Missed an email? Check out the list archive:
http://myitforum.com/cs2/blogs/momlist/