While installing a gateway server at a high security level environment I followed my procedure carefully but bumped into a new issue I did not yet encounter. We all know it can be tricky to install a gateway server with the certificate chain and such. Kudos to everyone who does it right the first time EVERY time…
During my gateway installation processs on the targeted inside management server I used the Gatewayapprovaltool.exe to allow the gateway server access. For your reference the only and correct way to do this is in fact (source: http://technet.microsoft.com/en-us/library/hh456445.aspx):
Microsoft.EnterpriseManagement.gatewayApprovalTool.exe /ManagementServerName=<managementserverFQDN>
/GatewayName=<GatewayFQDN> /Action=Create
The approval of server <GatewayFQDN> completed successfully.
/Action=Delete
flag for the /Action=Create
flag. But after the command prompt it just stayed there. Doing nothing. No error… Just waiting…
Well I don’t like waiting so tried it a couple of times, check the eventlog, rebooted the machine,… Nothing. On to Google then! But with no error message the search was hard but I found the solution on the blog of Marnix Wolf: http://thoughtsonopsmgr.blogspot.be/2010/02/scom-gateway-approval-tool-stalls.html
Apparently the gatewayapprovaltool is just writing some info in the SQL dbase and takes the user which is logged on to the machine to try to run this query and insert. When this is not working it just times out and sit there. No error code.
Some suggest to login or run as with a domain admin account but I prefer to use the SCOM SDK account because it is guaranteed it has rights on the SQL dbase no matter what.
After opening the command prompt as the SDK user => success!
Another little bump in the road flattened on the way to a perfect SCOM world …