Username: Password:
 | Register
Home
System Center Forum
  • News
  • Articles
  • How To Guides
  • Downloads
  • Frequently Asked Questions
  • Links
  • Events
  • Contact Us

Gateway Secrets Revealed: Gateway implementation the fast way



  Posted by: Pete
  Categories: News, Operations Manager 2007

This is our updated the updated order of operations for implementing the Gateway role in the most efficient way possible, taking into account the latest Operations Manager 2007 SP1 features and tricks we’ve learned – some of which are undocumented. We’ve tested this process repeatedly, and demonstrated its use at MMS 2008. These should help ensure your next Gateway implementation is successful with a minimum of effort – on the first try.

For more complete troubleshooting tips, see HERE.

On the Management Server

1.       Issue and install a certificate on the Management Server

a.       Request, approve and install certificate on the MS

b.      Run MOMCertImport tool (GUI)

2.       Run the Gateway Approval Tool

a.       Copy Gateway Approval Tool to the Opsmgr install directory

b.      Run tool to approve the gateway server

On the Gateway Server

3.       Issue and install a certificate on the Gateway Server

a.       Request, approve and install certificate on Gateway

b.      Run MOMCertImport tool (GUI)

4.       Install the Gateway Server

a.       Run Gateway installation

5.       Configure Gateway for failover to secondary mgmt server (optional).

TIPS:

Below are some tips to avoid common mistakes in implementing the Gateway server.

Step 1a & 3a

In the Certificates mmc snap-in, make sure the root CA is trusted by the server to which the certificate is issued. If not, add a copy of the root CA certificate to the Trusted Root Certification Authorities folder in the certificate store on the affected server.

Step 1b

This only works when you double-click MOMCertImport.exe to launch the GUI version of the tool. The command line version looks for the Health Service, and if not found, generates a failure message.Be sure to use the 32-bit or 64-bit version of MOMCertImport as appropriate for your operating system.

Step 2

In global settings of the management group, be sure to set agent approval to manual approval of manually installed agents. In the event you install the Gateway before the upstream management server has received word of the Gateway approval, this ensures the management server will not see the Gateway Health Service as a simple agent by mistake.

Step 5

Configuring Gateway failover can only be performed through the Powershell interface. Click HERE for instructions.

2 Responses to “Gateway Secrets Revealed: Gateway implementation the fast way”

  1. Jesse Roberts Says:
    May 20th, 2008 at 4:08 pm

    Step 4 should come before step 3. You can not use momcert import unless there is a health service running on the server.

  2. Pete Says:
    May 20th, 2008 at 9:40 pm

    Actually that is not correct Jesse. If you use the GUI version, it does not check for the Health Service. I validated this again last night.

Leave a Reply

You must be logged in to post a comment.


Privacy Policy | Terms of Use | © 2005-2007 Pete Zerger