Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 20071 Source: OpsMgrConnector

Level
Description
The OpsMgr Connector connected to <management server> but the connection was closed immediately without authentication taking place. The most likely cause of this error is a failure to authenticate either this agent or the server. Check the event log on the server and on the agent for events which indicate a failure to authenticate.
Comments
 
Step 1 (healthcheck) – make sure your management server is registered correctly

On the agent/gateway the following registry keys have to contain the SCOM management server:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\<SCOM management group>\Parent Health Services

SCOM management server registry keys

Step 2 (healthcheck) – open firewall port 5723

If there are any firewalls between them check that port 5723 is open between the management server and the server you want to join to the SCOM environment.

Step 3 (healthcheck) – run momcertimport and check certificate thumbprint

SCOM comes with the tool “momcertimport”. Run it (elevated! as admin) and register the certificate. Eventid 20053 should show up in the event viewer.

SCOM certificate error – momcertimport

And if you check the following registry key and compare it to the thumbprint of the certificate in your certificate store then it has to match.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings

SCOM certificate thumbprint

Step 4 (resolution) – TLS registry keys

For some strange reason the TLS 1.2 used for secure communication by Windows Server 2012 seems to be disabled by default. You need to make sure the following keys are present on the SCOM management server(s):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server

SCOM – Windows TLS registry keys

Step 5 (resolution) – IE 10 security settings

Open the Internet settings on the SCOM management server(s) and make sure all TLS-related options are unchecked

SCOM – Internet settings – TLS

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...