- Copy GatewayApproval from SCOM support tools folder to setup folder on Management Server e.g. C:\Program Files\Microsoft System Center\Operations Manager\setup
"C:\Program Files\Microsoft System Center\Operations Manager\setup\Microsoft.EnterpriseManagement.GatewayApprovalTool.exe" /ManagementServerName=<managementserverFQDN> /GatewayName=<GatewayFQDN> /ManagementServerInitiatesConnection=True /Action=Create
-
Ensure Gateway appears in the SCOM console
-
Install SCOM Gateway on Gateway Server
%WinDir%\System32\msiexec.exe /i path\Directory\MOMGateway.msi /qn /l*v C:\Logs\GatewayInstall.log
ADDLOCAL=MOMGateway
MANAGEMENT_GROUP="<ManagementGroupName>"
IS_ROOT_HEALTH_SERVER=0
ROOT_MANAGEMENT_SERVER_AD=<ParentMSFQDN>
ROOT_MANAGEMENT_SERVER_DNS=<ParentMSFQDN>
ACTIONS_USE_COMPUTER_ACCOUNT=0
ACTIONSDOMAIN=<DomainName>
ACTIONSUSER=<ActionAccountName>
ACTIONSPASSWORD=<Password>
ROOT_MANAGEMENT_SERVER_PORT=5723
[INSTALLDIR=<path\Directory>]
-
Ensure SCOM Gateway Server goes healthy
-
Apply cumulative update
-
Configure certificates if going to be connecting to agents \ gateways outside of kerberos realm
- 20052 -> Certificate Error
- 20053 -> Certificate Loaded Succesfully
-
The Health Service can only load and use a single certificate. Therefore, the same certificate is used by the parent and child of the gateway in the chain.
-
Run Gateway Approval Tool on Management Server at the end of the chain.
-
Install Gateway at the other end of the chain and specify the gateway in the middle as the management server