We received the following alert in System Center Operations Manager 2007 R2 on our RMS and gateway servers:

The certificate used for mutual authentication is expiring on 6/25/2012 1:19:33 PM GMT. If this certificate is not updated by this time, this Health Service will not be able to communicate with other Health Services.

Solution:

Renew the certificate for the RMS and then do the same for the gateways as per the steps below:

  1. Request a certificate from your certificate authority using the Ops Mgr template, and install it on the RMS server. (How to request a certificate Technet Article)
  2. Confirm in the MMC console that the newly installed certificate has Server Authentication and Client Authentication specified in Properties > Details > Enhanced Key Usage.
  3. Export the newly-generated certificate from the Certificates console and select “Yes, export the private key” on the first page of the wizard.
  4. Save the exported certificate as .PFX file, and specify any password for it.
  5. Remove the previously installed SCOM certificate by running MOMCertImport.exe /Remove in a command prompt.
  6. Install the new certificate with the following command:

    MOMCertImport.exe C:certificate.pfx /Password Password1
  7. Verify if the registry value (HKEY_LOCAL_MACHINESOFTWAREMicrosoftMicrosoft Operations Manager3.0MachineSettingsChannelCertificateSerialNumber) of Serial Number matches that you see in the Properties page of the certificate (The strings are in reverse order).
  8. Restart the Health Service and confirm there are no errors in the Ops Mgr Event Log

About the author