Client Security Best Practices Analyzer tool: Mutual authentication check

Applies To: Forefront Client Security

Mutual authentication in Microsoft Operations Manager (MOM) between the collection server and the MOM agent on the client computers is required.

To determine if mutual authentication is enabled, the Microsoft Forefront Client Security Best Practices Analyzer tool retrieves the following registry value:

HKLM\Software\Mission Critical Software\OnePoint\Configurations \<Config group name>\Operations\Consolidator\AuthenticatedCommunicationsOnly

If the registry value indicates that mutual authentication is enabled (0x1), then the check passes. If the registry value indicates that mutual authentication is not enabled (0x0), then the check fails. If the check fails, you should enable mutual authentication.

To enable mutual authentication

1. In the MOM Administrator console, expand Administration, and then double-click Global Settings.

2. Click the Security tab, and then select the Mutual Authentication Required check box.

3. Right-click the management pack folder, and then click Commit Configuration Change.

4. Restart the MOM Service on the collection server.