Certificates. Fairly easy to setup if you do it from scratch, but if something fails at some point, it can be a little tricky to troubleshoot. Today, I had one of the moments. At a customer we had a running OpsMgr environment with three gateway servers in the DMZ and some agents also in the DMZ, everything running smooth for a couple of months. Now, all of a sudden, no gateway servers could authenticate. We had changed nothing, we could telnet, the certificates weren’t expired etc. Weird!

 

On the management server I then noticed this error:

Source: OpsMgr Connector

Type: Error

Event ID: 21036

The certificate specified in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings cannot be used for authentication. The error is The credentials supplied to the package were not recognized(0x8009030D).

 

I went to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings and confirmed the ChannelCertificateSerialNumber matched the SerialNumber of the certificate. I also ran MOMCertimport.exe on all servers to confirm they all still had the server certificate.

Resolution:

The only thing I didn’t do was re-importing the management server certificate, so I went to my management server and executed:

MOMCertImport.exe OM01.hq.com.pfx

In a matter of seconds all gateway servers started communicating with the management server! Honestly, im not sure why this was necessary as it wasn’t expired and it was still registrered in MOMCertImport.

 

Happy re-MOMCertImport-ing!