Hi, I have a member server in a DMZ zone. MMA is installed. I would like to pass the data collected from the OMS agent to an OMS Gateway server and then to the Log Analytics Workspace. On the DMZ zone member server: Create Outbound firewall port 8080 open Corporate Firewall allows traffic between member server and OMS Gateway Configured the agent to use TLS 1.2 Configured .Net Framework to support secure cryptography I copied the Workspace ID and Key from the Log Analytics Workspace. Copy/paste ID and Key in the Log Analytics configuration On the Proxy Settings tab, I added the Use a proxy server: <OMS Gateway IP address>:8080 The Azure Log Analytics (OMS) tab shows: The agent could not authenticate with the Microsoft Operations Management Suit service. Please check that the Workspace Key is correct" OMS Gateway: Checking the OMS Gateway Event log, I see an Information event: Client: <IP from DMZ member server>, Client ID: , Gateway: <OMS Gateway IP> When I go to the Log Analytics Workspace, I do not see the agent from the DMZ server. Question: Does my DMZ server first have to be able to reach the Log analytic Workspace before it can be able to pass its data collection to the OMS Gateway? This would require I open port 443. Why isn't the DMZ server visible in the Analytics Workspace? Any ideas or suggestions would be greatly appreciated. David

Hi Swathi, I have been checking the network traffic between the DMZ server and the OMS gateway. Port is open, however, I see tcp-rst-from-server followed by a tcp-fin. Bytes sent: roughly 14.5k. This could mean that the collection is reaching the OMS Gateway server. Is it possible to see whether the collection data from the DMZ server is reaching the OMS Gateway? Also, the OMS Gateway also has an entry that it sees the DMZ agent, namely Client: <IP of DMZ> Client ID: xxxxxx-xxx-xx-xxxxx-xx . . . Gateway: <IP of OMS Gateway> Is there any reason the OMS Gateway cannot register the DMZ server with the Log analytics Workspace? david

I opened a case with Microsoft Support. I will update this post with the results. david

DMZ Server wiht OMS agent -> OMS Gateway -> Log Analytics Workspace

Werner, David 116

Hi,

I have a member server in a DMZ zone. MMA is installed. I would like to pass the data collected from the OMS agent to an OMS Gateway server and then to the Log Analytics Workspace.

On the DMZ zone member server:

Create Outbound firewall port 8080 open
Corporate Firewall allows traffic between member server and OMS Gateway
Configured the agent to use TLS 1.2
Configured .Net Framework to support secure cryptography
I copied the Workspace ID and Key from the Log Analytics Workspace.
Copy/paste ID and Key in the Log Analytics configuration
On the Proxy Settings tab, I added the Use a proxy server: <OMS Gateway IP address>:8080 The Azure Log Analytics (OMS) tab shows: The agent could not authenticate with the Microsoft Operations Management Suit service. Please check that the Workspace Key is correct"

OMS Gateway:

Checking the OMS Gateway Event log, I see an Information event: Client: <IP from DMZ member server>, Client ID: , Gateway: <OMS Gateway IP>

When I go to the Log Analytics Workspace, I do not see the agent from the DMZ server.

Question: Does my DMZ server first have to be able to reach the Log analytic Workspace before it can be able to pass its data collection to the OMS Gateway? This would require I open port 443.

Why isn't the DMZ server visible in the Analytics Workspace?

Any ideas or suggestions would be greatly appreciated.

David

SwathiDhanwada-MSFT 17,726 Reputation points

2020-12-28T08:03:04.21+00:00
@Werner, David Thanks for your question. From the information provided, I could see that you have verified most of the prerequisites. However, Can you please check if your server meets the below system configuration ?

Windows 10, Windows 8.1, or Windows 7 ,Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008

Microsoft .NET Framework 4.5

At least a 4-core processor and 8 GB of memory

A Log Analytics agent for Windows that is configured to report to the same workspace as the agents that communicate through the gateway

Also as per the error, I would request you to recheck your workspace key again. And can you please share if you are seeing any warnings in OMS Gateway Log ?

7 answers

David Werner 66 Reputation points

2021-01-04T15:15:19.773+00:00

Hi Swathi,

I have been checking the network traffic between the DMZ server and the OMS gateway. Port is open, however, I see tcp-rst-from-server followed by a tcp-fin. Bytes sent: roughly 14.5k. This could mean that the collection is reaching the OMS Gateway server.

Is it possible to see whether the collection data from the DMZ server is reaching the OMS Gateway?

Also, the OMS Gateway also has an entry that it sees the DMZ agent, namely

Client: <IP of DMZ>
Client ID: xxxxxx-xxx-xx-xxxxx-xx . . .
Gateway: <IP of OMS Gateway>

Is there any reason the OMS Gateway cannot register the DMZ server with the Log analytics Workspace?

david
Please sign in to rate this answer.

0 comments No comments
Sign in to comment
David Werner 66 Reputation points

2021-01-05T15:11:48.54+00:00

I opened a case with Microsoft Support.

I will update this post with the results.

david
Please sign in to rate this answer.

0 comments No comments
Sign in to comment