Announcement

Collapse
No announcement yet.

Forest Trust and SCOM

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Forest Trust and SCOM

    Hi,

    I have 2 domains (Windows 2003 R2 and Windows 2008 R2) each one is a forest
    I created a Two way Forest Transitive trust

    I've checked with NLtest to see if I get errors - seems to be working fine
    I can add users from the other Forest to the local groups and access via share

    When I install Scom client I get the following event (21001,20057,21016):

    The OpsMgr Connector could not connect to MSOMHSvc/<servername> because mutual authentication failed. Verify the SPN is properly registered on the server and that, if the server is in a separate domain, there is a full-trust relationship between the two domains.

    When I try to check the SPN on the domain seems to work but on the other forest I get

    FindDomainForAccount: Call to DsGetDcNameWithAccountW failed with return value 0x00000525
    Could not find account <servername>

    I tought is might have something to do with DNS, both DNS servers secondary zone of the other forest

    ideas???

  • #2
    Re: Forest Trust and SCOM

    Originally posted by XtaZee View Post
    Hi,

    I have 2 domains (Windows 2003 R2 and Windows 2008 R2) each one is a forest
    I created a Two way Forest Transitive trust

    I've checked with NLtest to see if I get errors - seems to be working fine
    I can add users from the other Forest to the local groups and access via share

    When I install Scom client I get the following event (21001,20057,21016):

    The OpsMgr Connector could not connect to MSOMHSvc/<servername> because mutual authentication failed. Verify the SPN is properly registered on the server and that, if the server is in a separate domain, there is a full-trust relationship between the two domains.

    When I try to check the SPN on the domain seems to work but on the other forest I get

    FindDomainForAccount: Call to DsGetDcNameWithAccountW failed with return value 0x00000525
    Could not find account <servername>

    I tought is might have something to do with DNS, both DNS servers secondary zone of the other forest

    ideas???
    Checked the SPN from domain 2
    the result seems to be fine:

    C:\Users\Administrator>setspn -L domain1\Computer1
    Registered ServicePrincipalNames for CN=Computer1,CN=Computers,DC=domain1,DC=test:
    MSOMHSvc/Computer1
    MSOMHSvc/Computer1.domain1.test
    MSOMSdkSvc/Computer1
    MSOMSdkSvc/Computer1.domain1.test
    MSSQLSvc/Computer1.domain1.test:1433
    MSSQLSvc/Computer1.domain1.test
    WSMAN/Computer1
    WSMAN/Computer1.domain1.test
    TERMSRV/Computer1
    TERMSRV/Computer1.domain1.test
    RestrictedKrbHost/Computer1
    HOST/Computer1
    RestrictedKrbHost/Computer1.domain1.test
    HOST/Computer1.domain1.test


    now I even more confused...

    Comment


    • #3
      Re: Forest Trust and SCOM

      Hi XtaZee

      Is the managements servers OpsMgr Health Service logon account set as a user?

      If so check the HealthService SPN is registered with the user account.


      Comment

      Working...
      X