Fun stuff. Due to changing security team ideas, they are decommissioning our old root CA and replacing it with one that does 2048 keys. They neglected to inform me until recently so I get to re-do all my certs for all my management and gateway servers ‘soon’ myself.
From: Pete Hakesley<mailto:phakes...@sccis.net> Sent: Thursday, November 3, 2016 5:04 AM To: Steven Peck<mailto:sep...@live.com>; msmom@lists.myitforum.com<mailto:msmom@lists.myitforum.com> Subject: RE: [msmom] Chained Gateways Steven, Thanks for the information we had to resolve this by re-issuing a new Root-CA with chain and importing this to all MS, and GW servers and agent non domain joined agents. Peter Hakesley | Monitoring & Automation Technical Lead Engineer, Data Centre Services t: +44(0)845 155 6556 ext: 4006 e: phakes...@sccis.net | w: www.scc.com<http://www.scc.com/> a: SCC, CV1, Cole Valley, 20 Westwood Avenue, Tyseley, Birmingham B11 3RZ From: Steven Peck [mailto:sep...@live.com] Sent: 02/November/2016 17:51 To: Pete Hakesley <phakes...@sccis.net>; msmom@lists.myitforum.com Subject: RE: [msmom] Chained Gateways I realize this is old, but I had a certificate issue recently because we are changing root CAs internally because ‘reasons’. I had to make sure all the certificate chains from both CAs were on ALL systems. Hope that helps some. From: Pete Hakesley<mailto:phakes...@sccis.net> Sent: Wednesday, October 12, 2016 12:32 AM To: msmom@lists.myitforum.com<mailto:msmom@lists.myitforum.com> Subject: [msmom] Chained Gateways HI all, Have followed the example of chained gateways at https://blogs.technet.microsoft.com/momteam/2009/12/08/how-to-link-multiple-gateway-servers-together/ [https://msdnshared.blob.core.windows.net/media/TNBlogsFS/BlogFileStorage/blogs_technet/momteam/WindowsLiveWriter/HowtolinkmultipleGatewayServerstogether_95E6/image_26.png] I have a CA where my SCOM 2012 R2 servers site in an AD domain. Gateway 1 is in another domain and has the CA and a Ops Mgr Certificate installed and is in comms – All OK Gateway 2 has the CA certificate and a OpsMgr certificate issues by the CA. My question Is this I am getting Event 20067,21002 are being reported with suggest the OpsMgr certificate on GW1 is not trusted by GW2 even though they are both issues from the same CA. Therefore, do I need a certificate (what and where) for GW1 on GW2? Peter Hakesley | Monitoring & Automation Technical Lead Engineer, Data Centre Services t: +44(0)845 155 6556 ext: 4006 e: phakes...@sccis.net<mailto:phakes...@sccis.net> | w: www.scc.com<http://www.scc.com/> a: SCC, CV1, Cole Valley, 20 Westwood Avenue, Tyseley, Birmingham B11 3RZ