Certificates. Fairly easy to setup if you do it from scratch, but if something fails at some point, it can be a little tricky to troubleshoot. Today, I had one of the moments. At a customer we had a running OpsMgr environment with three gateway servers in the DMZ and some agents also in the DMZ, everything running smooth for a couple of months. Now, all of a sudden, no gateway servers could authenticate. We had changed nothing, we could telnet, the certificates weren’t expired etc. Weird!
On the management server I then noticed this error:
Source: OpsMgr Connector
Type: Error
Event ID: 21036
The certificate specified in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings cannot be used for authentication. The error is The credentials supplied to the package were not recognized(0x8009030D).
I went to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings and confirmed the ChannelCertificateSerialNumber matched the SerialNumber of the certificate. I also ran MOMCertimport.exe on all servers to confirm they all still had the server certificate.
Resolution:
The only thing I didn’t do was re-importing the management server certificate, so I went to my management server and executed:
MOMCertImport.exe OM01.hq.com.pfx
In a matter of seconds all gateway servers started communicating with the management server! Honestly, im not sure why this was necessary as it wasn’t expired and it was still registrered in MOMCertImport.
Happy re-MOMCertImport-ing!
Hi,
I am facing similar issue and this resolution doesn’t work.
Regards,
Prabhu
Hi Prabhu
Did you run the MOMCertImport with the server certificate already exported? If so, try exporting the server certificate from the mmc and reimport it.
Regards
Michael
Hi,
thanks for this post. Initially this didn’t work, but i reimported the certificate in the mmc and then ran the command. After a few seconds the gateway server appeared in SCOM!
thanks!
Hi Michael,
Nice one. I had this issue today on one of the workgroup agent. How ever as this was a production environment i just re ran the MOMCERTIMPORT.EXE only on the agent and it dint help.
I could not do it on the management server as it was a production server and many critical things were getting monitored.
What i did to solve this issues.
1. On the Agent i saw that Some one deleted the Root certificate of my CA which issued the SCOM Cert, So i got that imported
back.
2. I went to HKEY_LOCAL_MACHINESOFTWAREMicrosoftMicrosoft Operations Manager3.0Machine Settings, I deleted the folder Machine Settings its self and re-installed the agent.
3. I deleted the client cert from the personal store, Re-ran momcertimport.exe Mycert.pfx, then entered the password.
Post doing the above 3 it started reporting back healthy.
Thanks, recreating the cert and importing it with the MOMCERTIMPORT.exe on the 1 SCOM agent that was having this issue fixed this for me as well.