I am getting the below errors on the Gateways servers (123.abc.com) and 456.def.com
890.xyz.com is the management server of the SCOM Mgmt Group –XYZ
My Envmt : windows 2012, sCOM 2012 SP1
Error ID :20057 : Failed to initialize security context for target MSOMHSvc/890.xyz.comThe error returned is 0x80090303(The specified target is unknown or unreachable). This error can apply to either the Kerberos or the SChannel package
Error ID : 21001: The OpsMgr Connector could not connect to MSOMHSvc/890.xyz.combecause mutual authentication failed. Verify the SPN is properly registered on the server and that, if the server is in a separate domain, there is a full-trust relationship between the two domains.
Error ID: 20071 : The OpsMgr Connector connected to890.xyz.com, but the connection was closed immediately without authentication taking place. The most likely cause of this error is a failure to authenticate either this agent or the server . Check the event log on the server and on the agent for events which indicate a failure to authenticate.
Error ID : 21016 : OpsMgr was unable to set up a communications channel to890.xyz.com and there are no failover hosts. Communication will resume when890.xyz.com is available and communication from this computer is allowed.
I have ensured the below
Connectivity between the servers (Mgmt. to Gateways) : Able to ping by name and IP, telnet on 5723 was successful.
Certificates were issued from the same root CA, the template numbers are the same. They were successfully imported using momcertimport.exe. The Cert serial # matches with the reg key HKLM\Software\Microsoft\Microsoft Operation Manager\Machine Settings\ChannelCertificateSerialNumber (only that it appears reverse , not sure if that is the problem) This is the case in both the gateway servers.
Verified that HKLM\Software\ Microsoft\Microsoft Operation Manager\Server Management Group\XYZ\Parent Health Services\0 the AuthenticationName and the NetworkName match and is 890.xyz.com
I did go thorough the previous postings as well with title SCOM 2012 Gateway Server issues (20057, 21001, 20071 ids) :did not help. With respect to the LPD mentioned in that article, I was not able to run that tool on windows server 2012.
I am currently out of options.
The 456.def.com was working fine until 9/9/2013 (we had a DC issue, which was then rebooted, it stopped completely reporting today, at around the same time I was implementing the new gateway server 123.abc.com)
Any pointers of where to look can be really helpful