SCOM 2012 agent or gateway certificate issue

NOTE: while I’m still keeping the current posts live as they still seem to help, currently my focus has changed and new activity moved to the new site

After we were stuck for several weeks, the resolution to this problem was actually found by my colleague Jens Van Hove, so all credit goes to him 😉

Special thanks to Kurt Van Hoecke for providing a wall to bounce some ideas off

To start from the beginning: we had a problem adding a Windows Server 2012 machine to our SCOM 2012 SP1 monitoring environment when using a certificate based trust. Whether as an agent-monitored machine or a SCOM gateway, if the managed server is located in a different domain than the management server, the problem was identical in both cases. Deploying the agent and installing the SCOM agent certificate goes well but when you try to add the server to the environment to effectively start monitoring, you get an error stating that the certificate is not trusted. Using a browser to verify the certificate trusts reveals no issues. The chain is trusted and all root and intermediary certificates are in place. After we tried re-installation, renewing certificate templates and even temporarily bypassing the Cisco firewall between both machines, we still came no closer to a solution.

But by accident when searching on the different event id’s in the event logs, we came across a Read more of this post