Figure 1: Disabling the Mutual Authentication authentication mechanism
A message box will appear indicating that communication will be locked between the management server and agents. Now we click OK to continue the process as shown in Figure 2.
Figure 2: Warning message displayed when disabling Mutual Authentication
Allow installing agent
Still in the MOM admin window, expand the Global Settings section, double-click Agent Install. Then go to Agent Install tab and uncheck the option 'Reject new manual agent installations', click OK to finish, you can see Figure 3 for reference.
Figure 3: Allow installing agents
At this point, we must first apply the changes (Figure 4) through the MOM administration interface.
Figure 4: Apply configuration changes after disabling
Mutual appraisal mechanism and permission to install Agent.
Then we have to restart the MOM Service in each management server, to do so, open Services.msc (by clicking the Start button> Run and entering Services.msc, then click OK), find MOM service and click Restart.
Set up ISA Server 2006
We now configure ISA Server 2006 to allow traffic to be transferred between the MOM Agent in the DMZ and the MOM Server.
If you do not install ISA Server, you must make port 1270 (UDP / TCP) open from DMZ to the local network.
Open ISA Server Management , expand the section, right-click Firewall, click New , New Access Rule . , in the Welcome to the new Access Rule Wizard screen, find the rule name and click Next , in the Rule Action select Allow and click Next. , in Protocols select Microsoft Operations Manager Agent , as shown in Figure 5.
Figure 5: Adding the Microsoft Operations Manager Agent Protocol in the Access Rule
In the Access Rule Sources section we need to create Computer Object for the Edge Transport Server and add this new object in the list, click Next . In the Destination Rule Destination , specify our MOM Server using Computer Object, click Next . In User Sets , simply click Next .
Install MOM Agent in the Edge Transport Server
We can use the MOM Remote Pre-requisite Checker tool (MOMNetChk.exe) to validate whether the server installed in the DMZ machines can receive an MOM Agent installation (Figure 6). This tool will scan the entire computer for the port status used by the MOM service and related services.
Figure 6: Running the MOM Network Check to validate whether the server is inside
Whether or not the DMZ can communicate with the MOM server.
Now we have to insert MOM into the Edge Transport Server to start the installation.
With MOM 2005, we will see a welcome screen to install the product, we must click the Manual Agent Install tab, click Install MOM 2005 Agent Install as shown in Figure 7.
Figure 7: Starting the installation of the MOM Agent
In the Welcome Screen screen , click Next . In the Destination Folder section, select the path to install the Agent and click Next . In Agent Configuration you can find information using MOM settings, such as Management Group Name , Management Server and Server Port . Select None and then click Next . (Figure 8)
Note :
When using a server name, make sure that the name is transferred from the DMZ server, we can do that by using a master file in the server or correct the DNS server.
Figure 8: Specifying the MOM configuration in Agent.
At this point, we just need to go to the next screen with the default values and click the Next button to complete the installation.
Now we return to the MOM Server, where we will see the Edge Transport Server on the Pending Actions, under Computers. We have to approve this new MOM Agent. To do so, right-click on the server and click Approve Manual Installation Agent Now, as shown in Figure 9.
Figure 9: Approval of Agent
We will receive a message box asking if we are sure about the approval, just click Yes. Then we can see the properties of the Edge Transport Server in the MOM Administrator Console, and on the Computer Groups tab, we can see its exchange roles, see Figure 10.
Figure 10: Computer Groups that the Edge Transport Server belongs to
After approving, we have to set 3 values in the One Point database for the new MOM Agent installed in the Edge Transport Server as follows:
1. Open SQL Server Enterprise Manager
2. Go to the Microsoft SQL ServersSQL Server Group (local) section (Windows NT) Databases.
3. Go to OnePoint, then click Tables.
4. Right-click Computer table, point to Open Table, and then click Return all rows.
5. Find the computer name of the Agent installed in the Edge Transport Server
6. Change the value in the DNS column to the same domain, because the Edge Transport has the same domain
7. Change the value in the HostName column to the FQDN of the Edge Transport Server
8. Change the value in the FQDN column to the FQDN of the Edge Transport Server
We can now check the Edge Transport Server to locate the location in the DMZ through the MOM Operator Console as shown in Figure 11.
Figure 11: Edge Transport Server belongs to a DMZ network in MOM Operator Console
Conclude
In the second part of this series we saw how to install MOM Agent in the Edge Transport Server. Although you don't have Exchange 2007 in the DMZ, this tutorial is also useful if you want to install MOM Agent in a DMZ environment. In the next article in this series, I will continue the discussion by showing you more details about Exchange Server 2007 and MOM 2005.
Checking Exchange Server 2007 with MOM 2005 (Part 3)