Issue with SCOM agent in forest trust domain(0x80090311)

Issue with SCOM agent in forest trust domain.

 

Event ID : 20057
Failed to initialize security context for target MSOMHSvc/rms_fqdn The error returned is 0x80090311(No authority could be contacted for authentication.).  This error can apply to either the Kerberos or the SChannel package.

And also this one less frequently:
Event ID : 21016
OpsMgr was unable to set up a communications channel to rms_fqdn and there are no failover hosts.  Communication will resume when rms_fqdn is available and communication from this computer is allowed.

 

If you see these events  with code (0x80090311), that is mean (trust is corrupted) and agents can not authenticate to MS.

The most common reason is Firewall issue.

(TCP/UDP 88 port (Kerberos) and TCP/UDP 389 port (LDAP)) should be open from Agent to Management Server DCs.