Discussion:
Clarrification: Mutual Authentication NON-trusted domains
(too old to reply)
Jamie Bakert
2005-06-20 17:55:02 UTC
Permalink
Below is an excerpt from the MOM 2005 Security Guide.
I am not quite sure what the quoted section means. If we have mutual
authentication enabled, then I am assuming that I won’t be able to monitor
agents in non trusted domains even if we perform a manual install?

Agents in a Non-Trusted Domain or a Workgroup
You can have agents in non-trusted domains or workgroups; however, mutual
authentication is not available because, by definition, no two-way trust
relationship exists between the Management Server domain and the agent
domain. “The secure channel is still available, however. You must install and
update the agents manually. If the Management Server is configured to require
mutual authentication, these agents will not be able to communicate with it.”



-Jamie
John Hopkins
MOM Administrator
Stuart [MVP]
2005-06-20 19:28:01 UTC
Permalink
That's what I assume also. I have a similar situation and I'm trying to
decide whether to install another small MOM instance (workgroup) in the
untrusted domain or disable mutual authentication on the existing MOM
instance.

Stuart.
Post by Jamie Bakert
Below is an excerpt from the MOM 2005 Security Guide.
I am not quite sure what the quoted section means. If we have mutual
authentication enabled, then I am assuming that I won’t be able to monitor
agents in non trusted domains even if we perform a manual install?
Agents in a Non-Trusted Domain or a Workgroup
You can have agents in non-trusted domains or workgroups; however, mutual
authentication is not available because, by definition, no two-way trust
relationship exists between the Management Server domain and the agent
domain. “The secure channel is still available, however. You must install and
update the agents manually. If the Management Server is configured to require
mutual authentication, these agents will not be able to communicate with it.”
-Jamie
John Hopkins
MOM Administrator
Blake Mengotto
2005-06-21 01:13:46 UTC
Permalink
Right with mutual auth enabled kerberos communication is used between agent
and management sever. If kerberos isn't working, no communication will
occur.
--
Regards,
Blake Mengotto
Email: ***@nospam.hotmail.com (remove the nospam if you want to email
me directly)
"MOM 2000/2005 - The ultimate solution for monitoring/managing your Windows
OS and applications."
http://www.momanswers.com - MOM solution center resource
http://www.microsoft.com/mom - MOM Application site
http://www.silect.com - MOM Health Reporter and MP Studio Express
http://www.excsoftware.com - MOM solution provider
Post by Stuart [MVP]
That's what I assume also. I have a similar situation and I'm trying to
decide whether to install another small MOM instance (workgroup) in the
untrusted domain or disable mutual authentication on the existing MOM
instance.
Stuart.
Post by Jamie Bakert
Below is an excerpt from the MOM 2005 Security Guide.
I am not quite sure what the quoted section means. If we have mutual
authentication enabled, then I am assuming that I won't be able to
monitor
Post by Stuart [MVP]
Post by Jamie Bakert
agents in non trusted domains even if we perform a manual install?
Agents in a Non-Trusted Domain or a Workgroup
You can have agents in non-trusted domains or workgroups; however, mutual
authentication is not available because, by definition, no two-way trust
relationship exists between the Management Server domain and the agent
domain. "The secure channel is still available, however. You must
install and
Post by Stuart [MVP]
Post by Jamie Bakert
update the agents manually. If the Management Server is configured to require
mutual authentication, these agents will not be able to communicate with
it."
Post by Stuart [MVP]
Post by Jamie Bakert
-Jamie
John Hopkins
MOM Administrator
Loading...