Issue with SCOM agent in forest trust domain(0x80090311)


Issue with SCOM agent in forest trust domain.

 

Event ID : 20057
Failed to initialize security context for target MSOMHSvc/rms_fqdn The error returned is 0x80090311(No authority could be contacted for authentication.).  This error can apply to either the Kerberos or the SChannel package.

And also this one less frequently:
Event ID : 21016
OpsMgr was unable to set up a communications channel to rms_fqdn and there are no failover hosts.  Communication will resume when rms_fqdn is available and communication from this computer is allowed.

 

If you see these events  with code (0x80090311), that is mean (trust is corrupted) and agents can not authenticate to MS.

The most common reason is Firewall issue.

(TCP/UDP 88 port (Kerberos) and TCP/UDP 389 port (LDAP)) should be open from Agent to Management Server DCs.

 

Comments (2)

  1. PK says:

    I have resolved this issues open ports beetwen SCOM server of DMZ domain and 2 another trust domains.
    Write ip of DNS servers in network settings after that all is ok. Thanks

  2. uky says:

    Can you please tell me which ports you opened between scom and the domains

Skip to main content