Home > Certificates, Troubleshooting Certificates > Troubleshooting Certificate Problems

Troubleshooting Certificate Problems

A few quick pointers:

Read the documentation 😉


I have given a step by step walkthrough of a windows 2008 Stand-alone CA here. It will take some time to download as the graphics need tuning but it fits in with the documention steps above.

1) Look for event id 20052 on the agent stating that the “Specified certificate could not be loaded because the subject name on the certificate does not match the local computer name”. For a domain machine the FQDN is needed in the subjectname of the certificate. For a workgroup machine you need just the machine name. When you right click My Computer and select Properties, under the Computer Name tab it will tell you the Full Computer Name for the box, this is what goes in the subjectname for the cert. (Thanks to Lincoln Atkinson of MSFT for that information).

2) Look for event id 20053 after running MomCertImport – this indicates the cert was loaded properly.

3) Make sure you can ping the FQDN of the RMS from the agent.

4) Obviously make sure that in Operations Manager you have enabled Manual Agent Installs and Approved the agent. You can do this in Administration, Settings, Server, Security

If everything looks good yet the server still stays as Unmonitored then check permissions. A quick check on the HSLockDown tool might show that the agent action account doesn’t have rights (this is usually the case on Domain Controllers when local system is specified as the Agent Action Account) – http://support.microsoft.com/default.aspx/kb/946428

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: