Home » System Center Operations Manager 2007 » Multi-home X-plat machine

Contoso.se

Welcome to contoso.se! My name is Anders Bengtsson and this is my blog about Microsoft infrastructure and system management. I am a principal engineer in the FastTrack for Azure team, part of Azure CXP, at Microsoft. Contoso.se has two main purposes, first as a platform to share information with the community and the second as a notebook for myself.

Everything you read here is my own personal opinion and any code is provided "AS-IS" with no warranties.

Anders Bengtsson

MVP
MVP awarded 2007,2008,2009,2010

My Books
Service Manager Unleashed
Service Manager Unleashed
Orchestrator Unleashed
Orchestrator 2012 Unleashed
OMS
Inside the Microsoft Operations Management Suite

Contoso.se

Welcome to contoso.se! My name is Anders Bengtsson and this is my blog about Azure infrastructure and system management. I am a senior engineer in the FastTrack for Azure team, part of Azure Engineering, at Microsoft.  Contoso.se has two main purposes, first as a platform to share information with the community and the second as a notebook for myself.

Everything you read here is my own personal opinion and any code is provided "AS-IS" with no warranties.



MVP awarded 2007,2008,2009,2010

My Books

Service Manager Unleashed


Orchestrator 2012 Unleashed


Inside the Microsoft Operations Management Suite

Multi-home X-plat machine

If you want to multi-home a X plat machine (configure  it to report to multiple management groups) there are a couple of steps you need to take. You can not simple discover it from different management groups as we do with Windows agents.

1. Discover your Linux machine from management group 1
2. Export the certificate from the management server which discovered the Linux box in management group 1. The SCX-agent certificates are signed by a key on the management server that has discovered them, and that machine needs to be a trusted root CA on the management server in management group 2
3. Copy the root CA certificate from the management server in management group 1 to the management server in management group 2
4. Import the certificate as a trusted root CA on the management server in management group 2
5. Run discovery wizard in management group 2 and discover the Linux machine

In this scenario it is very important that both management servers communicate with the Linux machine with the same FQDN.


5 Comments

  1. Thanks Anders,

    the link helped me indeed. I forgot to use the scxcertconfig tool to export and import certificates.

  2. Hi,

    Do you have a detailed procedure (maybe with screenshots)?
    Because I followed this and the discovery in Management Group 2 still fails.
    The agent is discovered, then it asks me to sign and then the sign failed.

    My steps:
    – discovered the agent in management group 1: successful
    – exported the personal certificate from management server 1 to a CER file
    – imported the CER into the Trusted Root Certificates of management server 2
    – restarted the health service on management server 2
    – tried the discovery in management group 2.

    Both management servers are in the same domain.

    Thanks,
    Peter

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.