Two-way Trusts & SCVMM | Operations Mgr 2007 Gateways – No Go

If your like me, you have a day job and that day job consists of meetings that are ramblings of this or that and sometimes even meetings that plan other meetings (oh, these are painful).  The true joy of my day is when I can close my door and just let the sunshine peak in while I “geek” out like a mad man.

Today was one of those days where I spent most of the day trying to do two things -

  1. Get an Operations Manager 2007 R2 Gateway up & configured
  2. Get SCVMM 2008 R2 integrated with this SCOM R2 gateway\RMS

Let the adventures begin…For today’s post, I just thought I would share briefly what I learned that I couldn’t find anywhere on the Web or even internally.  Though, honestly, I can’t say I spent a lot of time trying to find anything…

Why a SCOM 2007 R2 Gateway

The first question you might ask is why are you configuring a Gateway.  To simplify, there is a great deal of documentation (example 1, example 2) on this topic and so I will be brief but lets just say that I have two forests that are not bound by a two-way trust though I have an Operations Manager infrastructure for my enterprise.  I can use the gateway to monitor resources in the un-trusted domain that will push up to my enterprise RMS server.  The gateway, in this case, is just an extension of my primary monitoring server(s).

NOTE:  In a future post I will share with you exactly what I had to do and how I had to do to get OpsMgr Gateway working – I have yet to find documentation that is sound on this.

Integrating SCVMM 2008\R2 with SCOM 2007 R2

This is an adventure that could drive a man (or women) to drink.  Nonetheless, I lost a good couple of hours attempting to “tinker” and see if I could trick the OpsMgr\SCVMM integration into working.  From my brief tests, this is absolutely a no-go.

In order to setup SCVMM integration, you must have a two-way trust setup between Domain A <—> Domain B.  For example, forest must trust and be trusted by in order for SCVMM 2008 & OpsMgr integration to work. 

Broken: (Scenario A)


Working: (Scenario B)



Working: (Scenario C)



In short, if you are in Scenario A above (e.g. Broken) then don’t waste your time trying to get it to work unless you like losing a few hours of your day to geek’in but with no reward.  Don’t get me wrong, I love both of these products and I love what they do for us here at Microsoft but I hate not knowing more about the products.  I am learning everyday…


Digg This
Comments (2)

  1. ChrAd says:

    Hey Peter-

    I'm glad you reminded me of this.  I'm going to put this on my to-do list and see what I can do for you :).  It is certainly a lot of steps and it takes some patience to get it working but it can be done.  The primary part that most folks mess up is the PKI certificates required.  I can't say for sure when I will be able to do it as I will need to spin up a server to do it 🙂


  2. peter griffin says:

    can you please let me know when you post how to get OpsMgr Gateway working?  Ive been working on this for a few days and I still cant get any headway!

Skip to main content