Jump to content
Sign in to follow this  
mashti

In the SCOM 2007 and Windows Server 2008 certificate configuration instructions

Recommended Posts

You can monitor computers in the workgroup and untrusted domains in System Center Operations Manager 2007 using the certificate.

Instructions when you use the Windows Server 2003 as a certificate server, please refer to

Hidden Content

    Give reaction to this post to see the hidden content.
.

When using Windows Server 2008 as a certificate server procedure is as follows.

You should also note that Windows Server 2003 KB 922706 when applied to the set, follow these steps.

 

-Environment

Certificate Server (Windows Server 2008 Stand-Alone CA)

SCOM management servers (Windows Server 2008)

Monitored computer (Windows Server 2003)

 

-Configuration instructions for the certificate

Both computers to install RMS and agent from following A F work to carry it out.

Carried out only on the computer to install the agent on step E.

A. import CA certificate

B. certificate request to a CA

C. approval of pending certificate requests

D. obtaining certificates and import

E. agent install (agents only)

F. import the certificate into Operations Manager

Details of each step will be listed below.

 

A. import CA certificate

=========================================================================

1. Log on with an account with administrator rights on your computer to install the certificate.

2. Start Internet Explorer, and then connect to the host computer certificate services, (http: / / < server name >/certsrv).

3. On the welcome page, click the Download CA certificate, certificate chain, or CRL.

4. By [base64] encoding in the Download CA certificate, certificate chain, or CRL page, click Download CA certificate chain.

5. In the file download dialog box, click the save, and save any file name such as "Trustedca.p7b".

6. When the download is finished, close Internet Explorer.

7. Click Start-> run "MMC" from the click Run.

8. Run a "snap-in Add / Remove" from the file menu in the menu bar.

9. Add the "certificates" snap-in. In doing so choose computer account certificates to manage. "In this snap-in, computer management" will choose the local computer.

10. Add\Remove snap-in dialog box, click OK.

11. Console 1 window, expand Certificates (local computer), the trusted root certification authority-click > [certificate].

12. [Certificates, right-click, click all tasks-click > [import].

13. Click Browse to import a certificate file in the Certificate Import Wizard, click the [next].

14. File type to the PKCS # 7 certificates (*.spc, * p7b) as a step a-5... In the click click next to open the saved file.

15. Verify that has become the following in the certificate store, and then click Next.

Place all certificates in the following store

Certificate store:

The trusted root certification authority

16. On the completing the Certificate Import Wizard page, click Finish.

17. [import was successful. , The dialog appears, click OK.

 

B. certificate request to a CA

=========================================================================

1. Log on with an account with administrator rights on your computer to install the certificate.

2. Create a file with Notepad with the following description. <> is not required.

[NewRequest]

Subject = "CN = < certificate requesting computer FQDN name >"

Exportable = TRUE

KeyLength = 2048

KeySpec = 1

KeyUsage = 0xf0

MachineKeySet = TRUE

[EnhancedKeyUsageExtension]

OID=1.3.6.1.5.5.7.3.1

OID=1.3.6.1.5.5.7.3.2

3. Save the file as an.inf extension. Here the file name "RequestConfig.inf".

•Email to create and run the following command at the command prompt

4. next.

CertReq - New - f RequestConfig.inf CertRequest.req

5. Creating the request file ( CertRequest.req) open in Notepad and copy to the Clipboard, select all content.

6. Start Internet Explorer, and then connect to the host computer certificate services, (http: / / < server name >/certsrv).

7. On the welcome page, click request a certificate under the select a task.

8. Certificate request page, click send the advanced certificate request.

5. On the advanced certificate request page, [by using Base 64-encoded CMC or PKCS # 10 file to send the certificate request, or

To send a renewal request by using base 64-encoded PKCS # 7 file. Then, click.

6. Send a certificate request or renewal request page, [saved request:] of text box in step b-5. In the paste the copy, and then click submit.

7. Close the browser when, in the certificate pending page appears.

 

C. approval of pending certificate requests

=========================================================================

※ If configured to approve automatic certificate certificate services proceed to certificate retrieval procedures.

You must publish the certificate the CA administrator otherwise,. CA administrator issues certificate by following these steps.

1. As a Certification Authority Administrator, log on to the host computer certificate services.

2. On your Windows desktop, click the Start button, programs, point to administrative tools, and then click certification authority.

3. Expand the node of the certification authority, the applicable certificate authority name pending requests.

4. Results window, right-click the step B pending certificate, point to all tasks and click Publish click.

5. Verify the certificate and then click the issued certificates now issued you.

6. Close the certification authority.

 

D. obtaining certificates and import

=========================================================================

1. Log on with an account with administrator rights on your computer to install the certificate.

2. Start Internet Explorer, and then connect to the host computer certificate services, (http: / / < server name >/certsrv).

3. On the welcome page, click status in the pending certificate request.

4. Click the certificate you requested in the status of a pending certificate request page.

5. On the certificate issued page, select the Base 64 encoded, and then click Download CA certificate.

6. Save the file with any file name such as "NewCertificate.cer" in the file download dialog box, click the [save].

Import the certificate you saved and run the following command at a command prompt 7 following.

CertReq - Accept NewCertificate.cer

 

E. agent install (agents only)

=========================================================================

1. Log on with an account with administrator rights on the computer.

2. Run the Operations Manager 2007 installation CD-ROM \Agent\ < applicable platform > \MOMAgent.msi.

3. Installation Wizard starts, so enter necessary information such as the management group name and the action account.

 

F. import the certificate into Operations Manager

=========================================================================

1. Log on with an account with administrator rights on your computer to install the certificate

2. Click Windows on the desktop, click Start, click Run.

3. In the dialog box, enter "cmd" and click OK.

4. At the command prompt "<drive_letter>:" (<drive_letter> is the installation of Operations Manager 2007

Drive name media is located) and then press ENTER.

5. type cd \SupportTools\i386 and then press Enter.

Note: 64-bit computer, type cd \SupportTools\amd64.

6. Type the following:

MOMCertImport /SubjectName < certificate subject name >

< certificate subject name > and the b-2, as well as means of certificate requestor computer FQDN name.

<> is not required.

7. Press the Enter key.

Note: you may have different certificate that you specify in the command FindExistingCertBySubjectName failed "error occurs if the SubjectName.

In that case, see the certificate SubjectName.

8. Restart the OpsMgr Health Service.

Procedure is over.

Verify on both RMS and agent work above after the management console "pending management" agent is displayed.

 

Reference documents:

So as the information below will introduce a conjunction.

Any information in English.

 

-How to Obtain a Certificate Using Windows Server 2008 Stand-Alone CA in Operations Manager 2007

Hidden Content

    Give reaction to this post to see the hidden content.
).aspx

 

-How to Obtain a Certificate Using Windows Server 2008 Enterprise CA in Operations Manager 2007

Hidden Content

    Give reaction to this post to see the hidden content.

Edited by mashti

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...