Source

Level

Description

The OpsMgr Connector connected to <management server> but the connection was closed immediately without authentication taking place. The most likely cause of this error is a failure to authenticate either this agent or the server. Check the event log on the server and on the agent for events which indicate a failure to authenticate.

Comments

 

Step 1 (healthcheck) – make sure your management server is registered correctly

On the agent/gateway the following registry keys have to contain the SCOM management server:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\<SCOM management group>\Parent Health Services

SCOM management server registry keys

Step 2 (healthcheck) – open firewall port 5723

If there are any firewalls between them check that port 5723 is open between the management server and the server you want to join to the SCOM environment.

Step 3 (healthcheck) – run momcertimport and check certificate thumbprint

SCOM comes with the tool “momcertimport”. Run it (elevated! as admin) and register the certificate. Eventid 20053 should show up in the event viewer.

SCOM certificate error – momcertimport

And if you check the following registry key and compare it to the thumbprint of the certificate in your certificate store then it has to match.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings

SCOM certificate thumbprint

Step 4 (resolution) – TLS registry keys

For some strange reason the TLS 1.2 used for secure communication by Windows Server 2012 seems to be disabled by default. You need to make sure the following keys are present on the SCOM management server(s):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server

SCOM – Windows TLS registry keys

Step 5 (resolution) – IE 10 security settings

Open the Internet settings on the SCOM management server(s) and make sure all TLS-related options are unchecked

SCOM – Internet settings – TLS