MOMCertImport and UAC

With the arrival of Windows Server 2008 R2 it seems that more administrators are keeping UAC enabled.  I ran into an issue where I installed the certs for a gateway server and ran the cert import tool but kept getting this error


Event: 21016

OpsMgr was unable to set up a communications channel to and there are no failover hosts.  Communication will resume when is available and communication from this computer is allowed.




Event: 21007

 The OpsMgr Connector cannot create a mutually authenticated connection to because it is not in a trusted domain.


I ran MOMCertImport and everything seemed to be fine.  After taking a look into HKLM\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings\ I realized that there was no reg key for ChannelCertificateSerialNumber.

This told me there was a problem with running the MOMCertImport tool as nothing was being written to the registry.

It turns out that running MOMCertImport doesn’t call the UAC dialog box the application runs and lets you select you cert and exits normally.  So what you must do is right click on MOMCertImport.exe and click on Run as administrator.


Then click Continue in the UAC dialog box.


No comments yet.

Leave a Reply