I have been trying to monitor a non trusted domain from SCOM 2012 R2. All servers are running Server 2012 R2 and this is running in a home lab.
I have added the trusted root certificate to both the gateway server and the SCOM management server.
SCOM Management Server is OM01.Corp.ViaMonstra.Com.
Gateway Server is BMC-DC01.BMC.Intern.
Both of these servers have the trusted root cert for ViaMonstraRootCA.
I then created a OpsMgr certificate by copying the ipsec(offline request) and making a new template. This has server and client authentication.
I requested this on both the gateway server and the management server and exported it from the user store and into the local computer store (with the private key).
I also ran MOMCERTIMPORT on both servers, only one cert showed up on each server which was the one I created and imported into the personal area of the local computer store.
I have checked that the FQDN name of the management server appears in the required opsmanager registry keys and also the required tls2.1 keys are in place.
I have also run the gateway approval tool which can with success and installed the gateway server role using the opsmgr install media.
I see the event 20053 stating the opsmgr connector has loaded the specified authentication certificate succesfully.
Yet I will get the events 20057,21001,20071,21016
Any ideas what else I can try?