Gateway Scenario in Ops Mgr 2007 - Things to know

We noticed that the Ops Mgr Gateway Server Role would not install on a stand-alone server. Turns out this is by design. Per a post from the test team, the Ops Mgr Gateway Server Role has a dependency on access to Active Directory, so stand-alone servers cannot function in gateway role. The OpsMgr agent is the only component that doesn't have the AD dependency. So as an alternative where your environment cannot meet that requirement, you can install certificates on the machines with a manually-installed agent to allow certificate-based authorization. Also of note: I also had asked the question "What does the MOMCertImport tool actually do anyway?" The answer: In summary, it just puts the serial # of the certificate into the registry and stops/starts the HealthService’ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings] "ChannelCertificateSerialNumber"