How to Configure Certificates on the ACS Collector in Operations Manager 2007
Applies To: Operations Manager 2007 R2, Operations Manager 2007 SP1
After certificates have been installed between the agent and the management server and ACS have been deployed, perform the following procedures on the computers hosting the ACS Collector as part of the steps necessary to configure ACS to use certificates.
After you have completed these procedures, you will need to enable the ACS Forwarders. For more information, see the topic How To Enable ACS Forwarders In Operations Manager 2007 (http://go.microsoft.com/fwlink/?LinkId=91143).
To assign a certificate to the ACS Collector
On the Windows desktop, click Start, and then click Run.
In the Run dialog box, type cmd, and then click OK.
At the command prompt, type <drive_letter>: (where <drive_letter> is the drive where the Operating System is installed), and then press ENTER.
Type cd %systemroot%, and then press ENTER.
Type cd system32\security\adtserver, and then press ENTER.
Type net stop adtserver, and then press ENTER.
Type adtserver -c, and then press ENTER.
In the numbered list of certificates, find the certificate used for Operations Manager, type the number in the list (should be 1), and then press ENTER.
Type net start adtserver and then press ENTER.
To configure named mapping to the certificate
Log on to the computer hosting Active Directory.
On the Windows desktop, click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
Expand the domain name, right-click Computers, point to New, and then click Computer.
In the New Object - Computer dialog box, enter the NetBIOS name of the computer that is hosting the ACS Forwarder, and then click Next. Repeat this step for every computer that hosts an ACS Forwarder.
In the Managed dialog box, ensure that This is a managed computer is not selected, and then click Next.
In the New Object - Computer dialog box, click Finish.
In Active Directory Computers and Users, in the right pane, right-click the computer (or computers) you added, and then click Name Mappings.
In the Security Identity Mapping dialog box, click X.509 Certificates, and then click Add.
In the Add Certificate dialog box, click the Look in menu, select the location where the exported certificate is located, and then click Open.
In the Add Certificate dialog box, ensure that Use Subject for alternate security identity is selected, and then click OK.
In the Security Identity Mapping dialog box, click OK.
Repeat steps 4–11 for each computer you have added.