procedure to install the SCOM agent on Workgroup Server

 

To install a SCOM agent on a workgroup server, we need to follow three steps

  1. Manual SCOM agent installation
  2. Certificate installation steps
  3. Bind the certificate with healthservice using Momcertimport.exe tool

 

  1. Manual SCOM agent installation
  1. Logon to the Workgroup Server with administrative privileges
  2. Copy the MomAgent.msi file from the SCOM management server

(Default location: location D:\Program Files\Microsoft System Center 2012 R2\Operations Manager\Server\AgentManagement\AMD64)

  1. Copy the entire folder AMD64 to the Workgroup server
  2. Click on MOMAgent.msi
  3. On the Welcome page, click “Next”
  4. Click on I Agree
  5. Click “Next”.
  6. Click “Next”.
  7. On the Management Group Configuration page, do the following:
    1. Type the Management Group Name
    2. Type the Management Server name with FQDN.
    3. Leave the default 5273.
    4. Click Next.
  8. When the Agent Action Account page displays leave it set to the default of Local System and then click Next.
  9. On the Ready to Install page, review the settings and then click Install to display the Installing Systems Center Operations Manager Agent page.
  10. When the Completing the Systems Center Operations Manager Agent Setup Wizard page displays, click Finish.

 

2. Certificate installation steps

 

We need to generate the certificate for the server. We need to generate two certificates, one is trusted root (CA) certificate and another one is server certificate.

 

https://blogs.msdn.microsoft.com/tysonpaul/2016/05/24/certificate-request-from-standalone-ca-certificate-authority-for-operations-manager-scom-2012r2/

https://blogs.technet.microsoft.com/denisrougeau/2014/09/02/operations-manager-certificates-from-concept-to-deployment/

 

Once we have both the certificate, we need to follow the below steps to import the certificate on the workgroup server.

 

3. How to import Server certificate on Workgroup server

 

  1. On the computer hosting the Operations Manager role for which you are configuring the certificate, click Start, and then click Run.
  2. In the Run dialog box, type mmc, and then click OK.
  3. In the Console1 window, click File, and then click Add/Remove Snap-in .In the Add/Remove Snap-in dialog box, click Add.
  4. In the Add Standalone Snap-in dialog box, click Certificates, and then click Add.
  5. In the Certificates snap-in dialog box, select Computer account, and then click Next.
  6. In the Select Computer dialog box, ensure that Local computer: (the computer this console is running on) is selected, and then click Finish.
  7. In the Add Standalone Snap-in dialog box, click Close.
  8. In the Add/Remove Snap-in dialog box, click OK.
  9. In the Console1 window, expand Certificates (Local Computer), expand Personal, and then click Certificates.
  10. Right-click Certificates, select All Tasks, and then click Import.
  11. In the Certificate Import Wizard, click Next.
  12. On the File to Import page, click Browse and select the location where you downloaded the CA certificate file, for example: Server1.cer, select the file, and then click Open.
  13. On the File to Import page, select Place all certificates in the following store and ensure that Personal appears in the Certificate store box, and then click Next.
  14. On the Completing the Certificate Import Wizard page, click Finish.

 

4. To import the Trusted Root (CA) certificate

 

  1. Logon to the workgroup server you want to import the Root CA. 
  2. Click Start, and then click Run.
  3. In the Run dialog box, type mmc, and then click OK.
  4. In the Console1 window, click File, and then click Add/Remove Snap-in.
  5. In the Add/Remove Snap-in dialog box, click Add.
  6. In the Add Standalone Snap-in dialog box, click Certificates, and then click Add.
  7. In the Certificates snap-in dialog box, select Computer account, and then click Next.
  8. In the Select Computer dialog box, ensure that Local computer: (the computer this console is running on) is selected, and then click Finish.
  9. In the Add Standalone Snap-in dialog box, click Close.
  10. In the Add/Remove Snap-in dialog box, click OK.
  11. In the Console1 window, expand Certificates (Local Computer), expand Trusted Root Certification Authorities, and then click Certificates.
  12. Right-click Certificates, select All Tasks, and then click Import.
  13. In the Certificate Import Wizard, click Next.
  14. On the File to Import page, click Browse and select the location where you downloaded the CA certificate file, for example: TrustedRootCA.p7b, select the file, and then click Open.
  15. On the File to Import page, select Place all certificates in the following store and ensure that Trusted Root Certification Authorities appears in the Certificate store box, and then click Next.
  16. On the Completing the Certificate Import Wizard page, click Finish.

 

 

5. Bind the certificate with healthservice using Momcertimport.exe tool

 

This must be done on all servers.  Also make sure the exe which you use is of the same version (for 32-bit and 64 bit we have separate exe’s) and also make sure the files from the same version dump of the SCOM server \ agent you are running on the system):

  1. On the start menu kill “Start” and “Run”
  2. Type “cmd” and open with admin privilege
  3. Navigate to where you have copied certificate and momcertimport.exe tool
  4. Type >MOMcertimport.exe and click enter.
  5. Select the server certificate which has imported in the previous steps and click OK
  6. The certificate is now imported in OpsMgr 2012.
  7. Restart the “OpsMgr Health Service” on the server.

 

6. Approve agent:

 

In the System Center Operations Manager Console, after every manual agent installation the new agent must be approved in the operations Console:

  1. Open the Operations console as an OpsMgr Admin member.
  2. Navigate to “Administration => Pending Management”
  3. Right-click “Approve”
  4. Click “Approve”

 

To check if the agent is successfully approved look in the “Agent Managed” folder for the approved agent to see if the agent is there.

 

https://blogs.technet.microsoft.com/operationsmgr/2009/09/10/step-by-step-for-using-certificates-to-communicate-between-agents-and-the-opsmgr-2007-server/

 

ADDITIONAL INFORMATION

 

Please find the below link for more information.

 

https://blogs.technet.microsoft.com/operationsmgr/2009/09/10/step-by-step-for-using-certificates-to-communicate-between-agents-and-the-opsmgr-2007-server/

 

https://blogs.msdn.microsoft.com/tysonpaul/2016/05/24/certificate-request-from-standalone-ca-certificate-authority-for-operations-manager-scom-2012r2/

 

https://blogs.technet.microsoft.com/denisrougeau/2014/09/02/operations-manager-certificates-from-concept-to-deployment/

 

https://blogs.technet.microsoft.com/operationsmgr/2009/09/10/step-by-step-for-using-certificates-to-communicate-between-agents-and-the-opsmgr-2007-server/

 

http://www.entrust.net/knowledge-base/technote.cfm?tn=7905