We received the following alert in System Center Operations Manager 2007 R2 on our RMS and gateway servers:
The certificate used for mutual authentication is expiring on 6/25/2012 1:19:33 PM GMT. If this certificate is not updated by this time, this Health Service will not be able to communicate with other Health Services.
Solution:
Renew the certificate for the RMS and then do the same for the gateways as per the steps below:
- Request a certificate from your certificate authority using the Ops Mgr template, and install it on the RMS server. (How to request a certificate Technet Article)
- Confirm in the MMC console that the newly installed certificate has Server Authentication and Client Authentication specified in Properties > Details > Enhanced Key Usage.
- Export the newly-generated certificate from the Certificates console and select “Yes, export the private key” on the first page of the wizard.
- Save the exported certificate as .PFX file, and specify any password for it.
- Remove the previously installed SCOM certificate by running MOMCertImport.exe /Remove in a command prompt.
- Install the new certificate with the following command:
MOMCertImport.exe C:certificate.pfx /Password Password1 - Verify if the registry value (HKEY_LOCAL_MACHINESOFTWAREMicrosoftMicrosoft Operations Manager3.0MachineSettingsChannelCertificateSerialNumber) of Serial Number matches that you see in the Properties page of the certificate (The strings are in reverse order).
- Restart the Health Service and confirm there are no errors in the Ops Mgr Event Log