This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello,
Is it necessary for the SCOM Gateway Server to be domain-joined when monitoring workgroup computers with SCOM? Additionally, what steps should I take if I want to discover workgroup computers using SCOM?
Hi,
no, it is not required for the GW to be domain-joined, but it could make the setup easier if it is. Let me explain why.
If your Gateway is in the same domain as your Management Servers (the servers the Gateway reports to) then you don't need to create certificates on your Management Servers. What you still need is a a certificate on your Gateway and also certificates on each Workgroup computer you need to monitor.
In case that the Gateway and the Management Servers are in different domains, then you need certificates on all three instances - on your Management Server(s), on your Gateway(s) and of course on ech monitored computer (Workgroup). Alex already pointed this out.
Of course all three instances must get certificates coming from the same CA, so that the setup can work.
I hope I could help you with that. Please don't hesitate to ask further questions if something is not clear.
(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Stoyan Chalakov
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 66%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Hi,
The gateway server can be either workgroup or domain joined.
There are three major things that we need to have ready and in place before proceeding with the gateway role installation in a standard scenario:
1, Certificates need to be generated for the gateway and management server(s) and installed into the certificate stores.
If the gateway and client servers are being used in a Workgroup scenario, then the clients also need certificates.
2, The intended gateway server needs to be "Approved" to be a gateway within the management group before installation.
3, Port 5723 must be opened between the gateway and management server
For the detailed steps for workgroup scenarios, we can refer to this step-by-step guide:
https://www.souravmahato.com/procedure-to-install-the-scom-agent-on-workgroup-server/
note: this is not from Microsoft, just for your reference.
Regards,
Alex