Implementing SCOM Monitoring on DMZ servers

Every Orginization has Production Network and DMZ Network.  DMZ Network will have lots of servers. This servers also needs to be monitored and it can be monitored with the help of SCOM server in production. We need make use of certificate for this purpose

  1. Export Root Certificate from CA and install on all the SCOM RMS and MS into Computer Account
  2. Create Custom Certificate from the Certificate Authority OpsManagerCert by Duplicating IPSec(Offline Request) Certificate with all the Required parameter and with Setting key as exportable
  3. From RMS open CA Web enrollment Request Page and Request the Certificate with the Custom Created Template OpsManagerCert and and install the same
  4. Export the newly Installed Certicate from “Current User –Personal Certificate”  in PFX form with password and import into to Certificate – Local computer – Personal store
  5. Access Web Enrollment page from All Management Servers in the production domain and  and follow step 3 and 4 to install OpsManagerCert
  6. Loging to Servers in DMZ and and open Certificate webenrollment page in domain and request OpsMansgerCert Custom certificate with DMZ server name
  7. Follow Step 4 and export and import to the personal Store
  8. Install Root Certificate on all the Serves in DMZ
  9. Install the Agent on Servers
  10. Import PFX file using MoMCertimport.exe  C:\cert.pfx  Cert which is exported on all the DMZ servers
  11. Loging to the Scom Server and Approve

Note : TCP ports 5723 and 5724 Must be open between DMZ and Interal Network

Below Article helps to Request certificate for all the DMZ servers in the given input text file