Event id: 21010 OpsMgr Connector

Similar Messages

• OpsMgr Connector 20066 event on Gateway server

  Hi,
  We have one of our Gateway servers in Grey state. When i had checked the eventviewer of the server could find lots of 20066 events and 21042 OpsMgr connector errors.
  Log Name:      Operations Manager
  Source:        OpsMgr Connector
  Date:          3/30/2014 4:17:40 AM
  Event ID:      20066
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      XXXXXXXXXXXX
  Description:
  A Certificate for use with Mutual Authentication was specified, but that certificate could not be found.  The ability for this Health Service to communicate will likely be impacted.
  Log Name:      Operations Manager
  Source:        OpsMgr Connector
  Date:          3/30/2014 4:17:40 AM
  Event ID:      21042
  Task Category: None
  Level:         Information
  Keywords:      Classic
  User:          N/A
  Computer:      XXXXXXXXXXX
  Description:
  Operations Manager has discarded 4 items in management group 'MG Group Name', which came from YYYYYYYYY.  These items have been discarded because no valid route exists at this time.  This can happen when new devices are added to the topology but the
  complete topology has not been distributed yet.  The discarded items will be regenerated.
  Unable to find any articles to troubleshoot the issue. Any suggestions?
  Jesty

  Hi Saravanan,
  Please see inline my response.
  1. Was the GW server working properly before?
  Yes the GW server was fine till yestrday and all agents were healthy.
  2. Were valid certificates imported on GW and its corresponding MS
  We have not imported any GW or MS certificates in the past few days.
  3. Is there a communication issue between the GW and its MS?
  Could you help me find out how to find out as i dont find any error in the eventviewer.
  4. Do you see a value named 'ChannelCertificateSerialnumber' under "HKLM\Software\Microsoft\Microsoft Operations Manager\3.0\Machine Settings". The value you see there should be in exact reverse order of what you see as the Certificate Serial number
  in MMC Certificates snap-in (Run- MMC- Add Snap In -- Certificates -- Computer Account. Expand the personal store and there should be a certificate that scom uses for the GW server.
  I did see the
  ChannelCertificateSerialnumber in the registry entry and the certificate that scom uses and they seems to be different.
  i have 3 certificates in the personal store in which 2 are internal issuing CA ceritificates created using
  computer authentication V2 and web auth template.
  The other certificate is an invalid cerificate which has been expired exactly an year ago.
  Jesty

• Operations Manager OpsMgr Connector error [event ID21006

  Hello,
  Our office is currently successfully running SCE 2007 SP1 on one system (NEWSCE) however it had been installed previously on a different server (OLDSCE). It would appear that the previous admin had successfully uninstalled the old server and had it successfully removed from the AD however on all of our servers (and some clients) I am seeing the following OpsMgr Connector error.
  Event Type: Error
  Event Source: OpsMgr Connector
  Event Category: None
  Event ID: 21006
  Date:  2/17/2009
  Time:  1:21:36 PM
  User:  N/A
  Computer: CRITICAL_SERVER
  Description:
  The OpsMgr Connector could not connect to OLDSCE.domain.com:5723.  The error code is 10061L(No connection could be made because the target machine actively refused it.
  ).  Please verify there is network connectivity, the server is running and has registered it's listening port, and there are no firewalls blocking traffic to the destination.
  For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
  This error seems to relate to the fact that I have two copies of MonitoringHost.exe resident in memory and when I look in the registry for OLDSCE I find there are two registry key entires for management groups for OLDSCE_MG and NEWSCE_MG
  HKLM\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\
  My question is this:
  Can I simply delete the registy key for the OLDSCE_MG managment group and be done with this issue or is there more to it?
  Thanks,

  Hi , how to delete in registers readily . What is the result ?
  the result ?

• OPSMGR Connector

  I'm getting this 21006 Error.  I've checked the firewalls and there is connectivity.  Any help would be appreciated.
  The OpsMgr Connector could not connect to myserverscsm01:5723.  The error code is 10061L(No connection could be made because the target machine actively refused it.).  Please verify there is network connectivity, the server is running and has registered
  it's listening port, and there are no firewalls blocking traffic to the destination.

  Hi,
  This error should be caused by that the agent is unable to connect to Management Server.
  Verify agent can resolve Management Server address and FQDN by using telnet command:
  telnet myserverscsm01(FQDN) 5723
  What is your Operation Manager version?
  We may need to check certificates that used for the management server.
  Please restart the Health service on the RMS.
  In addition, hope the below article be helpful for you:
  Event ID: 21006 Source: OpsMgr Connector
  http://www.eventid.net/display-eventid-21006-source-OpsMgr%20Connector-eventno-9177-phase-1.htm
  Regards,
  Yan Li
  Regards, Yan Li

• Critical event Id 26319 OpsMgr SDK Service

  Hello,
  Every 15 minutes I see an alert 26319 appear in the event viewer on the Management Server. 
  An exception was thrown while processing GetUserRolesForOperationAndUser for session ID uuid:61430fd3-6107-1bd7-1896-3fe3d2a14a11;id=113.
   Exception message: Value does not fall within the expected range.
   Full Exception: System.ArgumentException: Value does not fall within the expected range.
     at Microsoft.Interop.Security.AzRoles.IAzApplication2.InitializeClientContextFromStringSid(String SidString, Int32 lOptions, Object varReserved)
     at Microsoft.EnterpriseManagement.Mom.Sdk.Authorization.AzManHelper.GetScopedRoleAssignmentsForUser(Int32 operationNumericId, String userName)
     at Microsoft.EnterpriseManagement.Mom.Sdk.Authorization.AuthorizationService.GetUserRolesForOperationAndUser(Guid operationId, String userName)
     at Microsoft.EnterpriseManagement.ServiceDataLayer.SecurityConfigurationService.GetUserRolesForOperationAndUser(Guid operationId, String userName)
     at Microsoft.EnterpriseManagement.Mom.ServiceDataLayer.SdkDataAccessBackCompatProxy.GetUserRolesForOperationAndUser(Guid operationId, String userName)
  Soon afterwards appears the event id 26328 with the message: 
  "The client has disconnected. 
  User name: test \ scom 
  Session ID: uuid: 61430fd3-6107-1bd7-1896-3fe3d2a14a11, id = 114 "
  and 26329 with the following message: 
  "A new client has connected. 
  User name: test \ scom 
  Session ID: uuid: 61430fd3-6107-1bd7-1896-3fe3d2a14a11, id = 115 "
  I have the SCOM 2012 R2 in Windows 2012 R2, and the database is in another server, and all windows update installed. 
  This user "test \ scom" is server and scom administrator, and administrator of the server with scom sql.
  Does anyone have an idea what could be the problem? 
  Thank you very much, 
  Rui

  Verify that The SDK and Config services should be running
  To resolve this issue, you must have populated HtmlContent elements or MamlContent elements. Additionally, you must make sure that you do this before you try to import the management pack from one application to the other.
  Also check below links
  http://support.microsoft.com/kb/980862
  http://social.technet.microsoft.com/Forums/systemcenter/en-US/cf341f81-5744-4478-808d-96dda72a37a4/event-id-26319-on-management-server?forum=operationsmanagergeneral
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Mai Ali | My blog: Technical | Twitter:
  Mai Ali

• SCOM 2012R2 – Issues with Chained Gateways

  We recently migrated from our SCOM 2012 SP1 to 2012R2.  In both versions of SCOM, we have set up designated chained gateway servers, whose sole purpose is to communicate between untrusted forests and the RMS.  It goes as follows:  Untrusted
  Forest (AD Server) -> Chained SCOM Gateway -> RMS.  For example, ACLOUD -> SCOMGW01 -> SCOM01 
  We recently added new site and duplicated the gateway installation process from our current site to our new site.  From the example above, rather than reporting upstream to the chained site gateway (SCOMGW01), ACLOUD
  attempts to reach RMS server directly (SCOM01), which it has no route to resulting to the error event below:
  “The OpsMgr Connector could not connect to [RMS Server]:5723.  The error code is 10061L (No connection could be made because the target machine actively refused it).”

  That was a great post, thanks!  Unfortunately, because we are using 2012 R2 and no longer 2012, I saw some noticeable differences in the cmdlets.  All else equal, I think this is the part of our script that is the issue.  Because this exact
  same part worked with our 2012 configurations.  Do you see anything here that may be the problem, or anything new/replaced for 2012 R2?
  $CAName = "CA01.xxxxx.LOCAL\xxxxx-ROOTCA"
  $SCOMApprovalToolPath = "C:\Program Files\Microsoft System Center 2012 R2\Operations               Manager\Server\Microsoft.EnterpriseManagement.GatewayApprovalTool.exe"
  $SCOMGatewayInstallFilesPath = "C:\SCOMGatewayInstallationFiles"
  $SCOMDefaultManagementServer = "SCOMGW01.xxxxx.LOCAL"
  $SCOMFailoverServer = ”SCOMGW02.xxxxx.LOCAL”
  Our management server (RMS) is SCOM01.xxxxx.local (xxxxx changed, of course) with SCOM02.xxxxx.local as the failover MS.  SCOMGW01 & SCOMGW02 are our chained gateways.

• SCOM Agent in Pending Management with two way trusted domain

  Hello Guys,
  I have two trusted domain abc.com & xyz.com with two-way trust forest-wise authentication enabled and my SCOM 2012 R2 Management server is part of abc.com. And there are multiple host which are part of domain xyz.com.When I am pushing agent from SCOm console
  to server then agents are getting installed with success message in task pane, but my agents are now at in pending Management.
  for this I am getting Event ID 20002 opsmgr connector with following message "A device at IP 10.1.1.6:54277 attempted to connect but could not be authenticated, and was rejected." on SCOM Server.
  And below message on the server where I am installing the agent.
  Event 20071 OpsMgr Connector
  The OpsMgr Connector connected to SCOM.abc.com, but the connection was closed immediately without authentication taking place.  The most likely cause of this error is a failure to authenticate either this agent or the server .  Check the event log
  on the server and on the agent for events which indicate a failure to authenticate.
  Event 21016 OpsMgr Connector
  OpsMgr was unable to set up a communications channel to SCOM.abc.com and there are no failover hosts.  Communication will resume when fabSCOM2.nmfab.loc is available and communication from this computer is allowed.
  Event 20070 OpsMgr Connector
  The OpsMgr Connector connected to SCOM.abc.com, but the connection was closed immediately after authentication occurred.  The most likely cause of this error is that the agent is not authorized to communicate with the server, or the server has not received
  configuration.  Check the event log on the server for the presence of 20000 events, indicating that agents which are not approved are attempting to connect.
  Need help to resolve this can any one help me.
  Thanks in Advance.
  NM-BG
  NM-BG

  Hi,
  Here i  suspect Authentication issue. 
  1.Could you please if 88, 389 & 3268 ports are opened between client domain controller and management server.
  2. if ports are already open collect netmon traces on both client and management server simultaneousely and check if there are any kerborose errors
  Kind Regards,
  Naveen Kumar B
  ~Bommi

• OIM 11g - PeopleSoft connector - Future Dated Recon Events

  Hi OIM Experts,
  I am having a problem, processing the future dated events using OIM peoplesoft connector.
  All the current dated, events are getting linked and processed.
  The future dated events in OIM are in deferred state as expected. But after running the "Run Future Dated Reconciliation Events " , the event is not linked to any user, but state changes to data received.
  The user exists in OIM.
  Any ideas on how to resolve this.
  Regards
  Vicky

  Hi Suren,
  1311 - Cause: Status of the batch is not 'Completed'.
  1311 - Event id, when i try to Re-Evaluate event.
  Regards
  Vicky
  Edited by: vicky on Jan 27, 2011 6:27 PM

• Is there a way of monitoring SCSM connector failures using SCOM

  I have an environment comprising SCSM2012 SP1, SCOM2012 SP1 and SCCM2012SP1 with Orchestrator forwarding the CI data and alerts to a 3rd party CMDB/ServiceDesk system. We have SCSM connectors for AD, SCCM and SCOM CI. There was a recent issue with SCSM UR6
  where the SCCM connector stopped working. I regressed the Microsoft.EnterpriseManagement.ServiceManager.Linking.Consumer.OperationalStore.dll back to the RTM release version and it all works again.
  I want to know if there is a way of monitoring each of the connectors in SCOM to ensure I get alerted if the status of the 3 connectors is anything other than "Finished Success" - maybe only generating an alert if the status stays in a failed status
  for more than 24 hours.
  There appears to be very little documentation on how these connectors work or what errors they write into logs. Any tricks or tips would be appreciated.

  On you management server, if you open Event Viewer, the logs are keep under Application and Services Logs Operations Manager. (Yes, the Service Manager logs are keep in the Operations Manager logs folder) In this folder you should find the event logs for
  your connectors. Just search for different sources to find the connector you want to monitor. Some of the sources include Exchange Connector, OpsMgr Connector, Data Connectors (AD connector), System Center Orchestrator, and Lfx Service (SCCM
  Connector). You could easily setup SCOM or Orchestrator to monitor these logs. 
  Matthew Dowst |
  Blog | Twitter

• OpsMgr Config Service stops automatically

  There's a fresh installation of SCOM 2007 SP1, SQL database is configured on a separate server. The installation itself goes smoothly without any errors. After installation to RTS OpsMgr Config Service stops automatically, after restart it works for about a minute, then stops again. All the other OpsMgr services work correctly. OpsMgr Config Service and OpsMgr SDK Service are run from the same domain account with Domain Admin rights. OpsMgr Health Service is run from Local System account. Here's what I see in the logs:
  p.MsoNormal, li.MsoNormal, div.MsoNormal
  {margin:0cm;margin-bottom:.0001pt;font-size:11.0pt;font-family:'Calibri','sans-serif';}
  a:link, span.MsoHyperlink
  {color:blue;text-decoration:underline;text-underline:single;}
  a:visited, span.MsoHyperlinkFollowed
  {color:purple;text-decoration:underline;text-underline:single;}
  .MsoChpDefault
  {font-size:10.0pt;}
  @page Section1
  {size:612.0pt 792.0pt;margin:2.0cm 42.5pt 2.0cm 3.0cm;}
  div.Section1
  {page:Section1;}
  Application:
  Event Type:       Information
  Event Source:   OpsMgr Config Service
  Event Category:               None
  Event ID:             29000
  Date:                    11/1/2008
  Time:                    3:22:33 PM
  User:                    N/A
  Computer:         SS-MSK-A0005
  Description:
  The description for Event ID ( 29000 ) in Source ( OpsMgr Config Service ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: .
  Event Type:       Error
  Event Source:   .NET Runtime 2.0 Error Reporting
  Event Category:               None
  Event ID:             5000
  Date:                    11/1/2008
  Time:                    3:22:50 PM
  User:                    N/A
  Computer:         SS-MSK-A0005
  Description:
  EventType clr20r3, P1 microsoft.mom.configservicehost, P2 6.0.4900.0, P3 47b70fb4, P4 system, P5 2.0.0.0, P6 4889de7a, P7 382a, P8 127, P9 system.argumentexception, P10 NIL.
  For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
  Data:
  0000: 63 00 6c 00 72 00 32 00   c.l.r.2.
  0008: 30 00 72 00 33 00 2c 00   0.r.3.,.
  0010: 20 00 6d 00 69 00 63 00    .m.i.c.
  0018: 72 00 6f 00 73 00 6f 00   r.o.s.o.
  0020: 66 00 74 00 2e 00 6d 00   f.t...m.
  0028: 6f 00 6d 00 2e 00 63 00   o.m...c.
  0030: 6f 00 6e 00 66 00 69 00   o.n.f.i.
  0038: 67 00 73 00 65 00 72 00   g.s.e.r.
  0040: 76 00 69 00 63 00 65 00   v.i.c.e.
  0048: 68 00 6f 00 73 00 74 00   h.o.s.t.
  0050: 2c 00 20 00 36 00 2e 00   ,. .6...
  0058: 30 00 2e 00 34 00 39 00   0...4.9.
  0060: 30 00 30 00 2e 00 30 00   0.0...0.
  0068: 2c 00 20 00 34 00 37 00   ,. .4.7.
  0070: 62 00 37 00 30 00 66 00   b.7.0.f.
  0078: 62 00 34 00 2c 00 20 00   b.4.,. .
  0080: 73 00 79 00 73 00 74 00   s.y.s.t.
  0088: 65 00 6d 00 2c 00 20 00   e.m.,. .
  0090: 32 00 2e 00 30 00 2e 00   2...0...
  0098: 30 00 2e 00 30 00 2c 00   0...0.,.
  00a0: 20 00 34 00 38 00 38 00    .4.8.8.
  00a8: 39 00 64 00 65 00 37 00   9.d.e.7.
  00b0: 61 00 2c 00 20 00 33 00   a.,. .3.
  00b8: 38 00 32 00 61 00 2c 00   8.2.a.,.
  00c0: 20 00 31 00 32 00 37 00    .1.2.7.
  00c8: 2c 00 20 00 73 00 79 00   ,. .s.y.
  00d0: 73 00 74 00 65 00 6d 00   s.t.e.m.
  00d8: 2e 00 61 00 72 00 67 00   ..a.r.g.
  00e0: 75 00 6d 00 65 00 6e 00   u.m.e.n.
  00e8: 74 00 65 00 78 00 63 00   t.e.x.c.
  00f0: 65 00 70 00 74 00 69 00   e.p.t.i.
  00f8: 6f 00 6e 00 20 00 4e 00   o.n. .N.
  0100: 49 00 4c 00 0d 00 0a 00   I.L.....
  Operations Manager:
  Event Type:       Information
  Event Source:   OpsMgr Connector
  Event Category:               None
  Event ID:             21023
  Date:                    11/1/2008
  Time:                    3:31:10 PM
  User:                    N/A
  Computer:         SS-MSK-A0005
  Description:
  OpsMgr has no configuration for management group Euroset and is requesting new configuration from the Configuration Service.
  For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
  System:
  Event Type:       Error
  Event Source:   Service Control Manager
  Event Category:               None
  Event ID:             7034
  Date:                    11/1/2008
  Time:                    3:44:10 PM
  User:                    N/A
  Computer:         SS-MSK-A0005
  Description:
  The OpsMgr Config Service service terminated unexpectedly.  It has done this 16 time(s).
  For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
  What can the problem be here?

  Hi,
  Since here is the forum for Exchange, we may only be expert on Exchange Monitoring by SCOM related issue. For issue on error event from SCOM 2007,we recommend you to use Newsgroup for Operation Managers 2007 to get relevant help.
  http://technet.microsoft.com/en-us/opsmgr/bb839593.aspx?lc=1033
  However, base on my experience, the below steps may helpful to you.
  1.    First please try to check whether Local System has been used as action account.You can follow the article below to change account to “Local System”.
  How to Change the SDK and Config Service Accounts in Operations Manager 2007
  http://technet.microsoft.com/en-us/library/cc540429.aspx
  2.    Then please Check Remove sub keys from
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application that refer to OpsMgr Config Service.
  3.    Please remove OpsMgr Config Service from “Sources” located at
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application.
  4.    After that please add OpsMgr Config Service to “Sources” at
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Operations Manager.
  More related information share with you:
  Account Information for Operations Manager 2007
  http://technet.microsoft.com/en-us/library/bb735419.aspx
  Hope it helps.
  Xiu

• SCSM 2012 Exchange connector 3.0 Status Never Run.

  HI ,
  SCSM exchange connector was Running for almost 8 months . all of sudden it stopped pulling email from Exchange  Server.
  I looked in to the issue and did not found any major error in the Event log “Operation Manager”
  Only event were warning, “OpsMgr Config Service failed to send the dirty state notifications to the dirty OpsMgr Health Services.  This may be happening because the Root OpsMgr Health Service is not running.”  I  did not installed SCOM at
  all. This server is not connected to any SCOM server.
  I have reinstalled the Exchange web Service API (copied file to SCSM folder)
  I have reinstalled  exchange connector 3.0  (copied files to SCSM folder and imported management packs)
  Created new Exchange connector and all test passed.
  But the connector status stays  “Never Run”
  In my regedit ,I also made the following changes
   KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\System Center Service Manager Exchange Connector
  EnableEWSTracing = 7
  LoggingLevel= 7
  I have also looked and tried every option with  “Run as Account” and also making  admin Role.
  I am not getting any error in the log apart from  following warning .
  I did not found any major error in the Event log “Operation Manager
  Only event were warning, “OpsMgr Config Service failed to send the dirty state notifications to the dirty OpsMgr Health Services.  This may be happening because the Root OpsMgr Health Service is not running.
  Can someone help me , what should be the next step.

  the reason you are seeing operations manager errors is because Service manager uses the operations manager SDK to do all of it's work. the error that you are seeing "OpsMgr Config Service failed to send the dirty state notifications to the dirty OpsMgr
  Health Services.  This may be happening because the Root OpsMgr Health Service is not running." means that the service manager configuration service can't notify the data access service that there are changes to it's MP base, for whatever reason.
  i would stop all the system center services on this server, go into the service manager folder, find the "Health state" and "Config State" folders, and move them somewhere else on the system, then restart both services. assuming your
  system isn't otherwise damaged, this will force both the config and data access services to rebuild their cache from the database, and should unstick your workflows. 

• OpsMgr's configuration may be out-of-date

  Hi I'm Receiving this error since a week:
  OpsMgr's configuration may be out-of-date for management group XXXXXX, and has requested updated configuration from the Configuration Service. The current(out-of-date) state cookie is "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
  any help
  Ahmed Ali

  This is normal
  An event that resembles the following in the Operations Manager event log on Management Server indicates that the Management Group configuration has changed because of new discovery data.
  Moreover, an event that resembles the following indicates that the Management Configuration service has finished processing the new discovery data and calculated any changes that are required to the Management Group configuration, based on the new data.
  Log Name: Operations Manager
  Source: OpsMgr Connector
  Event ID: 21025
  Level: Information
  Computer: <MS Name>
  Description:
  OpsMgr has received new configuration for management group <ManagementGroupName> from the Configuration Service. The new state cookie is "34 FA 11 61 4D B8 03 59 3D 1D 66 B7 83 F3 C0 AA 7A 6F 1A 3B "
  http://support.microsoft.com/kb/2603913
  Roger

• Event 20050: Certificate?

  Hello,
  Several times a day I have the following critical event 20050 in the Operations Manager Log
  Log Name: Operations Manager
  Source: OpsMgr Connector
  Date: 2/25/2014 7:35:04 AM
  Event ID: 20050
  Task Category: None
  Level: Error
  Keywords: Classic
  User: N/A
  Computer: OPMGRRMS1.ad
  Description:
  The specified certificate could not be loaded because the Enhanced Key Usage specified does not meet OpsMgr requirements. The certificate must have the following usage types:
  Server Authentication (1.3.6.1.5.5.7.3.1)
  Client Authentication (1.3.6.1.5.5.7.3.2)
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
  <Provider Name="OpsMgr Connector" />
  <EventID Qualifiers="49152">20050</EventID>
  <Level>2</Level>
  <Task>0</Task>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2014-02-25T15:35:04.000Z" />
  <EventRecordID>217140193</EventRecordID>
  <Channel>Operations Manager</Channel>
  <Computer>OPMGRRMS1.ad</Computer>
  <Security />
  </System>
  <EventData>
  </EventData>
  </Event>
  What should I do?
  Thanks,
  Dom
  System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

  Please refer the following
  http://social.technet.microsoft.com/Forums/en-US/f136bb41-5e4c-46f0-b49b-e2f32b149dd3/event-id-20050-scom-2007-sp1-w2k3-standalone-ca-w2k8-in-dmz?forum=operationsmanagergeneral
  http://www.systemcentercentral.com/wiki/operations-manager-wiki/operations-manager-authentication-event-reference/
  As summary, you may specific wrong OID on the certificate.
  Roger

• SCOM 2012 SP1- Getting Event ID 20070 on some agents and Event ID 200000 on management servers

  On a significant number of my 2012 SP1 Agents, I am getting the following Event IDs in my OperationsManager event log:
  20070
  The OpsMgr Connector connected to XXXXXX.domain.net, but the connection was closed immediately after authentication occurred.  The most likely
  cause of this error is that the agent is not authorized to communicate with the server, or the server has not received configuration.
  21006
  The OpsMgr Connector could not connect to XXXXXX.domain.net:5723.  The error code is 10060L(A connection attempt failed because the connected
  party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.). 
  21015
  OpsMgr was unable to set up a communications channel to XXXXXX.domain.net.  Communication will resume when XXXXXX.domain.net is available and
  communication from this computer is allowed. 
  On my various 2012 SP1 Management Servers, I am getting the following Event IDs in my OperationsManager event logs:
  20000
  A device which is not part of this management group has attempted to access this Health Service.
  Requesting Device Name: servername.domain.com
  Here are my settings and what I have tried:
  We have agents assigned by AD-integration, and they are receiving their proper assignment
  Agents are manually installed with SCCM 2012
  “Automatically approve new manually installed agents” is selected
  I have rebuilt the Health Service State folder and rebooted the service on the agent server
  I have rebuilt the Health Service State folder on my management server and rebooted it to reset all services
  On several agent servers that I am experiencing this issue, they are on the same network as their assigned management server, so there is no firewall issue.

  Hi,
  Here is a KB for your reference.
  Troubleshooting gray agent states in System Center Operations Manager
  http://support.microsoft.com/kb/2288515
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• SCOM 2012 Event ID 21006 and 21016

  I'm having a connection issue with a newly created gateway server to my management server, that sits in an untrusted DMZ. I have been able to get one gateway working from the DMZ but the one in question is receiving;
  Event ID 21006 :  The OpsMgr Connector could not connect to frw0725.gecio.corp.net:5723.  The error code is 11004L(The requested
  name is valid, but no data of the requested type was found.).  Please verify there is network connectivity, the server is running and has registered it's listening port, and there are no firewalls blocking traffic to the destination.
  Event ID 21016 : OpsMgr was unable to set up a communications channel to frw0725.gecio.corp.net and there are no failover hosts. 
  Communication will resume when frw0725.gecio.corp.net is available and communication from this computer is allowed.
  I have performed the following actions and verifications;
  Services have been restarted on both servers
  certimport has been completed and gatewayapproval has been completed.
  I was able to telnet from MS to GW and from GW to MS, so connection through the firewall is ok.
  DNS appears to be ok, ping’s issued from both servers and they resolve to the correct IP address, however they timeout which is expected
  Event ID 20053 is being received stating that the OpsMgr Connector has loaded the specified authentication certificate successfully.
  I checked the serial number for the personal certificate against what is listed in the registry (reversed) and it matches.
  The Private Key is in place and the cert path is correct
  I also verified in HKLM\Software\Microsoft\Microsoft Operations manager\3.0\Agent Management Groups\" that the correct configuration is being picked up
  I'm looking for some additional guidance or suggestions on what else I can check to get this gateway to show monitored from teh console. Thanks for the help.

  Please check if the certificate was stored in the GW server Computer Personal Store when you first installed it.
  Asuming that the certificate is ok since it is actually working in another GW, perhaps the certificate is in the wrong store (Current User Personal store instead of
  Computer's personal store). In that case you only need to move the certificate to the right store and run momcertimport.exe again. Check Link Below for a detailed step-by-step
  If you still want to clear certificates from the server's personal store, you can do it through both certificates mmc snap-in or certutil.exe -delstore command line
  Also you may want to check this great Step by Step article about installing an OpsMgr GW server:
  http://blogs.technet.com/b/pfesweplat/archive/2012/10/15/step-by-step-walkthrough-installing-an-operations-manager-2012-gateway.aspx 
    Regards