In this blog post, I will go into deeper detail around the steps required to get this working. If you are reading this and feel that at times I am explaining some of the steps at too basic a level, then apologies but - believe me when I say this - 'It is VERY easy to make a mistake in this process!'
Initial SCOM Server Configuration
- Ensure that TCP Port 5723 is allowed from the DMZ / Untrusted Domain to both the RMS and MS servers
- From the 'Administration' tab in the SCOM Console Wunderbar, select 'Setttings' and then 'Security' and then select 'Review new manual agent installations in pending management' and click 'OK' (See Below)
Manual SCOM Agent Installation
Run the SCOM installer on each untrusted server or client and select 'Install Operations Manager 2007 R2 Agent' from the startup splash screen
Click 'Next' from the first window that pops up
Accept the default installation path and click 'Next' again
Ensure 'Specify Management Group information' is selected, then click 'Next' again
In this next window, it is VERY important that you get the information here correct. You must input in your SCOM Management Group Name, Management Server name and Management Server Port number. The key here is to ensure that you input in the FQDN of your Management Server and not just the NETBIOS name.
Leave 'Local System' selected in the next window, then click 'Next'
From the next window, verify that all of your settings are correct, and then select 'Install'
Finally, when the wizard is completed, click on 'Finish' to close the Agent installation.
This completes the manual SCOM agent installation onto your DMZ / untrusted based servers and clients.
In part 3 of this series, I will demonstrate how to build a certificate template to create and approve the Public 3rd Party certificate using the 'CertReq.exe' utility and to then bring the new agent into your SCOM Management Console.