If you want to monitor a server which does not belong to a domain you need to use a certificate, which has special requirements. You will find many posts how to handle SCOM certificates using a Microsoft PKI on the internet. An example is the detailed post from Tyson Paul. One of the essential requirements for the certificates is to provide the Enhanced Key Usage properties for Client Authentication (OID 1.3.6.1.5.5.7.3.2) and Server Authentication (OID 1.3.6.1.5.5.7.3.1). If you do not provide these properties you will receive an error in the Operations Manager event log…
A problem you could face in the real world is, that some customers won’t allow you to create the certificates for SCOM and they might have “generic” certificates for other use cases. Usually YOU provide the request file and provide the configuration for the certificates. Under certain circumstances this might not be the case. This means, that you might certain properties will be missing on the certificate itself. In case of SCOM, you can add the missing properties on the certificate. Just go to the Details of the certificate after you imported it into your computer. Click Edit Properties and select the purpose in the dialog, like this…
Having this option in place, let’s you successfully monitor the workgroup servers.
This will probably save you some headache 🙂 .
Thank you for a good comparison. Your advice helped me a lot.