Deploying SCOM Gateway server
- Put a change request into the Network group to open TCP port 5723 both ways from the Gateway server to the MS server
- Certificates need to be deployed (2 types of certificates)
- The root CA needs to be installed on all management servers
- A custom cert template needs to be created on the issuing CA for OpsMGR
- The Custom OpsMgr cert needs to be installed on all management servers
- Run the momcertimport on all management server after the certs have been installed. This makes some specific registry changes for scom to help pick the correct cert.
- Approve gateway server on RMS using a approval tool.
- Manual install of agents on servers to be monitored
- Approve agents in SCOM console
Download the PDF deploying-scom-gateway-server2
Windows server 2000 and 2003: Time configuration for MaxPosPhaseCorrection and MaxNegPhaseCorrection
The Windows Time service by default in Windows 2000 and 2003 allows for a positive or negative time correction of any amount for domain controllers. This can cause serious problems in a forest should a dramatic time shift occur. This can even occur when synchronizing with other authoritative sources as hardware problems, software problems or human error can cause them to provide the wrong time. Some of the problems that can occur from a dramatic time change are Windows Server 2003 based domain controllers may be quarantined, deleted objects may be prematurely purged before end-to-end replication of the deletion is fully replicated (causing lingering objects), user and computer passwords may expire unexpectedly, and trust passwords becoming out of sync. The amount of effort to recover from a dramatic time change can be significant. The registry key(s) are different depending upon the operating system version.
< !-smartads->
GPO – Change Event Viewer Log size and retention period
The default of the event viewer log size is 512kb. As well to make this dangerous the logs will overwrite events older then 7 days only. So what happens when you logs fill up in two days from a critical error? You start loosing critical information to help trouble shoot the problem. With today’s availability of disk here is a better way to set these settings using a GPO to automate the process on all of your servers/desktops…
< !-smartads->
Read more
Force a user GPO on a computer OU in Microsoft Active Directory
I needed to apply a blank screen saver to all of our servers. Of course I wanted this to be done based on Server and not the logged in user/administrator. The location in the GPO for setting a screen saver is located in… (Click below to read the rest)
< !-smartads->
