Using Certificates with ACS in Operations Manager 2007
Applies To: Operations Manager 2007 R2, Operations Manager 2007 SP1
When the Audit Collection Service (ACS) Forwarder is located in a domain separate from the domain where the ACS Collector is located, and no two-way trust exists between the two domains, certificates must be used so that authentication can take place between the ACS Forwarder and the ACS Collector.
It is assumed that the following events have already taken place on the computer hosting the ACS Forwarder before setting up certificates for ACS:
An agent has been installed on the computer that will serve as the ACS Forwarder. For more information, see the topic How to Deploy the Operations Manager 2007 Agent Using the Agent Setup Wizard (https://go.microsoft.com/fwlink/?LinkId=91128).
A certificate (and certification authority [CA] certificate) has been installed on the computer hosting the agent. For more information, see the topic Certificates in Operations Manager 2007 (https://go.microsoft.com/fwlink/?LinkId=91129).
On the computer hosting the ACS Collector, it is assumed that the following has been performed before setting up certificates for ACS.
A certificate (and CA certificate) has been installed on the management server hosting the ACS Collector. For more information, see the topic Certificates in Operations Manager 2007 (https://go.microsoft.com/fwlink/?LinkId=91129).
The pending agent has been approved and communication between the agent and the management server is operating properly (the agent appears as Healthy in the Operations Manager Console and Management Packs have been deployed to the agent). For more information, see the topic How to Approve an Operations Manager 2007 Agent Installed for a Management Group Using MOMAgent.msi (https://go.microsoft.com/fwlink/?LinkId=91130).
The ACS Collector and Database has been installed. For more information, see the topic How to Install an ACS Collector and Database (https://go.microsoft.com/fwlink/?LinkId=91142).
The following is a high-level overview of the steps that need to be performed to use certificates with ACS.
Note
Certificates used on various components in Operations Manager 2007 (for example, ACS Collector, ACS Forwarder, agent, gateway server, management server, or root management server) must be issued by the same CA.
On the computer hosting the ACS Collector:
Run ADTServer -c.
Map the ACS Forwarder Certificate in Active Directory.
In the Operations Manager Console, enable ACS.
On the computer hosting the ACS Forwarder:
Export the certificate to a disk, USB flash drive, or network share.
Run ADTAgent -c.
See Also
Tasks
How to Configure Certificates on the ACS Collector in Operations Manager 2007
How to Configure Certificates on the ACS Forwarder in Operations Manager 2007