It’s interesting that I have developed what has become almost a level of dread when it comes to installation of gateway servers in OpsMgr. This is due to the fact that my percentage of failed initial installations for a gateway has been pretty darn high (kinda like installing reporting in the old days). For background on why you might want to use a Gateway server within the same forest check out Andy Dominey’s article on Deploying OpsMgr 2007 in Highly Available and Distributed Enterprise Environments. It wasn’t until recently that I performed some installations of Gateway servers in the forest that I realized that the Gateways themselves are not the issue.
Let me explain with an example below where I was working to install three Gateway servers in the same forest as the OpsMgr environment. Here’s the steps that were required:
1) Validate that the gateway server can ping the Management Server that it will need to communicate with and can telnet to port 5723. Also validate that the OpsMgr Management Server can ping the Gateway server. If traffic doesn’t route between these systems, or they cannot resolve each others names, or they cannot communicate on port 5723 the Gateway will not function.
2) Install the gateway server from the OpsMgr media (Gateway management server highlighted below).
When installing, choose the Management Server that we have determined will be the primary Management Server for gateway servers in the environment and configure the gateway to run as local system.
3) Next if required in the OpsMgr console we delete the agent from pending management if it appears in that view.
4) Perform the approval of the gateway by transferring the Microsoft.EnterpriseManagement.GatewayApprovalTool.exe from the installation media to the appropriate path to run it from (c:\program files\System Center Operations Manager 2012\Server is the default location) and running the approval program as shown below (the note in the link below estimates time required to less than 15 seconds for a successful Gateway approval which I have seen as well):
Please note: We do have to have sufficient privileges to approve the Gateway including those required on SQL (http://pingbin.com/2011/02/scom-gateway-approval-tool-hangs/)
5) Once the Gateway appears as green in the Administration / Management Servers view this Gateway should now be functional! (Please note it will appear after being approved but it will show as not monitored until the Gateway is successfully communicating).
Summary: Installation of gateways in OpsMgr aren’t really that difficult especially if they are in the same forest as your OpsMgr environment. Installing gateways in DMZ’s and non-trusted environments are a different game but this is generally around issues with the certs versus the process to install a gateway which is not that complicated.