Scribd
Upload
1K views49 pages

Step by Step Gateway Server Installation - SCOM 2016

The document provides step-by-step instructions for installing a gateway server in System Center Operations Manager (SCOM) 2016. It describes how to request and install certificates on the SCOM management server and gateway server to enable secure communication. Key steps include downloading the SCOM management server certificate, requesting and installing certificates on the management server and gateway server, exporting the certificates, and importing the management server certificate onto the SCOM management server using the MOMCertImport tool. The gateway server helps reduce administrative overhead and latency when monitoring many workgroup servers or servers with high latency to the management server.

Uploaded by

Horatiu Bradea
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views49 pages

Step by Step Gateway Server Installation - SCOM 2016

The document provides step-by-step instructions for installing a gateway server in System Center Operations Manager (SCOM) 2016. It describes how to request and install certificates on the SCOM management server and gateway server to enable secure communication. Key steps include downloading the SCOM management server certificate, requesting and installing certificates on the management server and gateway server, exporting the certificates, and importing the management server certificate onto the SCOM management server using the MOMCertImport tool. The gateway server helps reduce administrative overhead and latency when monitoring many workgroup servers or servers with high latency to the management server.

Uploaded by

Horatiu Bradea
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 49

SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

Step by Step Gateway Server Installation – SCOM 2016

In our previous article, we have learnt how to discover and monitor Workgroup / DMZ servers in SCOM
using certificate authentication. However, imagine yourself in a situation wherein you have many
Workgroup / DMS servers to be monitored or you have high latency between your Management Server
and the Agent Managed Servers. What will you do?

To reduce this administrative overhead and to avoid this latency situation, Operations Manager has a
server role called the Gateway Server. Gateway servers are located within the trust boundary of the
agents and can participate in the mandatory mutual authentication. Because they lie within the same
trust boundary as the agents, the Kerberos V5 protocol for Active Directory is used between the agents
and the Gateway Server. Each agent then communicates only with the gateway servers that it is aware
of and the Gateway Servers communicate with the management servers.

The following illustration shows the authentication relationships in a management group using a
Gateway Server.

Note: We can install a Gateway Server within trusted boundary of Management Sever as well. Mostly
we choose this option if there’s a network bandwidth issue between Agents and the Management
Server.

In our demo, we will make a cross-domain server (testdomain.com) running on Windows Server 2012 R2
the Gateway Server. Our SCOM Management Server has SCMVP.COM domain.
SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

So, let’s start…

1: Login on to the SCOM Management Server and open Certificate Server Web site.

2: Click on Download a CA certificate, certificate chain, or CRL option.


SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

3: Click Yes button if you get Web Access Confirmation message.


SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

4: Click on Download CA certificate chain option.


SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

5: Provide the certificate an appropriate name and save the certificate.

TIP: Create a folder on the computer and save all the certificates in that folder.
SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

Now, we need to request two certificates for:

• SCOM Management Server.


• Gateway Server.

NOTE: Requesting a certificate for SCOM Management Server will be one time task. That means, you
don’t need to request the certificate for SCOM Management Server every time you are configuring
Gateway Server or discovering a Workgroup / cross-domain server. You just need to request one
certificate for the Gateway Server.

Requesting Certificate for SCOM Management Server

1: Click Home button and click on Request a certificate option.


SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

2: Click on advanced certificate request option.


SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

3: Click on Create and submit a request to this CA option.


SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

Now here, it’s important. Provide required detail in the fields.

4: Select SCOM Template under Certificate Template field.

5: Provide SCOM Management Server FQDN under Name field.

6: Make sure Mark keys as exportable option is checked.

7: Provide SCOM Management Server FQDN under Friendly Name field.

8: Click Submit button.

Note: If you provide server hostname instead of FQDN, authentication will not happen and the
certificate will be useless. So, provide only full computer name of the target server for which you are
requesting the certificate.
SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/
SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

9: Click Yes button.


SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

10: Click on Install this certificate option.


SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

11: You should get Certificate Installed message.

The certificate will be installed under user personal store.


SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

Now, we need to request the certificate for the Gateway Server.

Requesting certificate for Gateway Server.

1: Click Home button and click on Request a certificate option.


SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

2: Click on advanced certificate request option.


SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

3: Click on Create and submit a request to this CA option.


SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

Provide required detail in the fields.

4: Select SCOM Template under Certificate Template field.

5: Provide Gateway Server FQDN under Name field.

6: Make sure Mark keys as exportable option is checked.

7: Provide Gateway Server FQDN under Friendly Name field.

8: Click Submit button.


SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/
SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

9: Click on Install this certificate option.


SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

10: You should get Certificate Installed message.

The certificate will be installed under user personal store.


SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

Now, we need to export the certificate from user personal store to the Certificate folder we created.

Exporting certificates

1: Login on to SCOM Management Server and open MMC (Microsoft Management Console).

2: Click File and click on Add/Remove Snap-in…


SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

3: Select Certificates and click Add button.

4: Select My user account and click Finish.


SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

5: Click OK button.
SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

6: Expand Certificates – Current User, Personal and click on Certificates folder.

Here you will find both the installed certificates. We need to export both the certificates from there to
the Certificate folder we created.
SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

7: Right click the SCOM Management Server certificate, click All Tasks and click Export.
SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

8: Click Next.
SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

9: Select Yes, export the private key option and click Next.
SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

10: Select Export all extended properties option and click Next.
SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

11: Set password and click Next.


SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

12: Provide a suitable name to the certificate and click Save button by selecting the preferred location.
SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

13: Click Next button.


SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

14: Click Finish button.

The export was successful message should be displayed.

15: Click OK button.


SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

Now, follow the same process to export the second certificate we installed for Gateway Server.

The exported certificates should be visible under the destination folder we selected while exporting the
certificate.
SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

Installing the Certificate on SCOM Management Server

Now since we have got the certificates for both our SCOM Management Server and the Gateway Server,
it’s time to install them.

Note: Requesting and installing the certificate on SCOM Management server is a one time task. So, you
don’t need to install the certificate on SCOM Management server if you have already installed it before.

1: Login on to SCOM Management Server.

2: Copy the MOMCertImport application to the same location where we saved the certificates.
SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

You can find MOMCertImport application under Supported Tools in SCOM installation media.
SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

3: Open Command prompt with elevated privileges.

4: Navigate to the Certificates folder where we placed MOMCertImport application and SCOM
Management server certificate.

5: Execute below command:

MOMCertImport.exe <certificatename.pfx>

6: Enter certificate password.

You should get Successfully installed the certificate message.


SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

Certificate installation on SCOM Management Server is done. Let’s run Gateway Approval Tool on SCOM
Management Server.

Run Gateway Approval Tool

1: Navigate to SupportTools folder under SCOM Installation Media.

2: Copy below files from AMD64 folder:

• Microsoft.EnterpriseManagement.GatewayApprovalTool
• Microsoft.EnterpriseManagement.GatewayApprovalTool.exe
SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

3: Paste both the files under below location on SCOM Management Server:

%SystemDrive%\Program Files\Microsoft System Center 2016\Operations Manager\Server


SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

4: Launch Command Prompt with elevated privileges.

5: Navigate to the Server folder. (Where we copied the Gateway Approval Tool).

6: Run below command:

Microsoft.EnterpriseManagement.gatewayApprovalTool.exe
/ManagementServerName=<managementserverFQDN> /GatewayName=<GatewayFQDN>
/Action=Create

After running the command, you should get The approval of the server <GatewayFQDN> completed
successfully message.
SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

The Gateway Server should reflect under Management Servers tab with Not monitored state in SCOM
console.
SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

Now let’s move to Gateway Server and perform required tasks on the server.

Before we start, move the cert chain, Client Server certificate and MOMCertImport application to the
Gateway Server.

Import cert chain

1: Open PowerShell with elevated privileges.

2: Run below cmdlet:

Import-Certificate -FilePath C:\Certs\certchain.p7b -CertStoreLocation Cert:\LocalMachine\Root

In our case, we have saved the certificate file certchain.p7b under C:\Certs\
SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

After running it, you can see the cert appear in the MMC within Trusted Root Certification Authorities.
SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

Run the Gateway Installation

Once the cert chain import is done. It’s time to install the Gateway Server role on the server.

Gateway Server role installation is almost same as the SCOM Agent installation, you just need to select
below option to perform the installation trough GUI.
SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

We will perform the Gateway Server role installation through Command Prompt.

1.Log on to the Gateway Server with Administrator rights.

2.Open the Command Prompt window with elevated privileges.

3.Run the following command, where path\Directory is the location of the Momgateway.msi, and
path\Logs is the location where you want to save the log file. Momgateway.msi can be found in the
Operations Manager installation media.

msiexec.exe /i path\Directory\MOMGateway.msi /l*v path\Logs\GatewayInstall.log


ADDLOCAL=MOMGateway MANAGEMENT_GROUP="<Management Group Name>"
IS_ROOT_HEALTH_SERVER=0 ROOT_MANAGEMENT_SERVER_AD=<Management Server FQDN>
ROOT_MANAGEMENT_SERVER_DNS=< Management Server FQDN>
ACTIONS_USE_COMPUTER_ACCOUNT=1 ROOT_MANAGEMENT_SERVER_PORT=5723
AcceptEndUserLicenseAgreement=1
SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

The installation may take few seconds to complete, you can check the GatewayInstall logs for successful
installation.

Also, you can check if the System Center 2016 – Operations Manager Gateway is reflecting under
Program and Features on Gateway Sever.

The service name for Gateway Server will be same as SCOM Agent: Microsoft Monitoring Agent
(HealthService).
SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

Installing Certificate on Gateway Server

1: Open Command prompt with elevated privileges.

2: Navigate to the Certificates folder where we placed MOMCertImport application and Gateway Server
certificate.

3: Execute below command:

MOMCertImport.exe <certificatename.pfx>

4: Enter certificate password.

You should get Successfully installed the certificate message.

5: Restart HealthService by running below command

net stop healthservice && net start healthservice


SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

6: Open SCOM console and check the Gateway Server status under Management Serves tab.

The Gateway Server should be reflecting with Healthy status.


SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

Final Step, Open Gateway Management Server Properties and enable Server Proxy option under Security
tab.

That’s it.

You can now use this Gateway Server to discover and monitor serves in your SCOM environment.
SHASHI BHUSHAN

http://systemcentermvp.com/2017/10/05/step-step-gateway-server-installation-scom-2016/

In a nutshell, Gateway Server installation consists below steps:

Steps to be performed on SCOM Management server

• Import the Certificate.


• Run the MOMCertImport tool.
• Run Gateway Approval tool.

Steps to be performed on SCOM Gateway Server

• Import the Gateway Certificate.


• Run the Gateway Installation.
• Run the MOMCertImport tool.
• Restart the HealthService.

Hope this helps.

You might also like