While installing a gateway server at a high security level environment I followed my procedure carefully but bumped into a new issue I did not yet encounter. We all know it can be tricky to install a gateway server with the certificate chain and such. Kudos to everyone who does it right the first time EVERY time…
During my gateway installation processs on the targeted inside management server I used the Gatewayapprovaltool.exe to allow the gateway server access. For your reference the only and correct way to do this is in fact (source: http://technet.microsoft.com/en-us/library/hh456445.aspx):
To run the gateway Approval tool
- On the management server that was targeted during the gateway server installation, log on with the Operations Manager Administrator account.
- Open a command prompt, and navigate to the Operations Manager installation directory or to the directory that you copied the Microsoft.EnterpriseManagement.gatewayApprovalTool.exe to.
- At the command prompt, run
- If the approval is successful, you will see
The approval of server <GatewayFQDN> completed successfully.
- If you need to remove the gateway server from the management group, run the same command, but substitute the
/Action=Deleteflag for the
- Open the Operations console to the Monitoring view. Select the Discovered Inventory view to see that the gateway server is present
But after the command prompt it just stayed there. Doing nothing. No error… Just waiting…
Well I don’t like waiting so tried it a couple of times, check the eventlog, rebooted the machine,… Nothing. On to Google then! But with no error message the search was hard but I found the solution on the blog of Marnix Wolf: http://thoughtsonopsmgr.blogspot.be/2010/02/scom-gateway-approval-tool-stalls.html
Apparently the gatewayapprovaltool is just writing some info in the SQL dbase and takes the user which is logged on to the machine to try to run this query and insert. When this is not working it just times out and sit there. No error code.
Some suggest to login or run as with a domain admin account but I prefer to use the SCOM SDK account because it is guaranteed it has rights on the SQL dbase no matter what.
After opening the command prompt as the SDK user => success!
Another little bump in the road flattened on the way to a perfect SCOM world …