Before you import the Forefront UAG Management Pack, you must do the following:

Agentless monitoring is not supported. You must deploy an agent on every Forefront UAG server that you want to manage.

Configuring the Operations Manager 2007 server to allow manual agent deployment on Forefront UAG servers

To configure management server settings for manual agent deployment on the Operations Manager 2007 server

  1. In the Operations console, click Administration.

  2. In the Administration pane, click Settings.

  3. In the Settings pane, expand Type: Server, right-click Security, and then click Properties.

  4. In the Global Management Server Settings - Security dialog box, in the General tab, click Review new manual agent installations in pending management view, and select the Automatically approve new manually installed agents check box, and then click OK.

Creating a New Access Rule for Operations Manager

The following procedure describes how to create a new access rule for remote monitoring of Forefront UAG servers using the Operations Manager agent.

For single Forefront UAG servers, you must perform this procedure on each server that you want to deploy the Operations Manager agent. For an array of Forefront UAG servers, you must perform this procedure on one of the servers in the array. You do not need to perform this procedure on the array manager.

If you are using Forefront UAG and the Operations Manager server in an IPv6 environment, see To create an IPv6 access rule for the Operations Manager agent in Forefront UAG.

To create a new access rule for the Operations Manager agent in Forefront UAG

  1. Click Start, point to All Programs, point to Microsoft Forefront TMG, and then click Forefront TMG Management.

  2. In the console tree, click Firewall Policy.

  3. On the View menu, ensure the Show System Policy Rules menu item is selected.

  4. Right-click the system rule Allow remote monitoring from Forefront TMG to trusted servers, using Microsoft Operations Manager (MOM) Agent, and then click Edit System Policy.

  5. On the System Policy Editor dialog box, click the To tab, and then in This rule applies to traffic sent to these destinations, click Add.

  6. On the Add Network Entities dialog box, create a new computer entity for the System Center Operations Manager server, and then click Add.

  7. On the System Policy Editor dialog box, click OK.

  8. Click Apply to save changes and update the configuration.

To create an IPv6 access rule for the Operations Manager agent in Forefront UAG

  1. On the Forefront UAG server, open an elevated command prompt and navigate to the folder /Microsoft Forefront Unified Access Gateway/utils/TMGIPv6Policy.

  2. Run the script ConfigureLocalhostToIPv6Policy.vbs using the following syntax to create the IPv6 access rule:

    ConfigureLocalhostToIPv6Policy <Add/Delete> <Protocol> <FromAddress> <ToAddress>

    For example, if the Operations Manager server has the IPv6 address 2001:DB8::30, run the command:

    ConfigureLocalhostToIPv6Policy Add "System Center Operation Manager Agent" 2001:DB8::30 2001:DB8::30

Installing the Operations Manager Agent on the Forefront UAG servers

The Operations Manager agent runs on each Forefront UAG server that is monitored by the Operations Manager. The Operations Manager agent is typically installed by starting the Discovery Wizard from the Operations Manager 2007 Administrator Console on the Operations Manager server. Because the Microsoft Firewall service blocks the traffic between the Operations Manager server and the Forefront UAG servers that is needed to install an Operations Manager agent, it is recommended that you install the Operations Manager agent manually on each Forefront UAG server that you want to configure as an Operations Manager agent computer. The following procedures describe how to do this.

To install the Operations Manager agent manually on a Forefront UAG server

  1. On the Forefront UAG server on which you want to install the agent, run SetupOM.exe from the Operations Manager 2007 installation media.

  2. Click Agent to install an agent.

  3. In the Agent Setup Wizard, select the Specify Management Group Information option.

  4. On the Management Group Configuration page, specify the following:

    • In the Management Group Name box, type the name of the management group to which the agent will connect.

    • In the Management Server Name box, type the fully qualified domain name (FQDN) of the Operations Manager 2007 server.

  5. Select either Local System or specify a domain user account for the agent action account.

  6. Complete the Agent Setup Wizard.

To approve the agent on the Operations Manager server

  1. In the Operations Manager Console, click Administration.

  2. Click Administration, expand Administration, expand Device Management, and then click Pending Management.

  3. In the Pending Management pane, select computers in Type: Manual Agent Install.

  4. Right-click the computers, and then click Approve.

  5. In the Manual Agent Install dialog box, click Approve to display the computers in the Agent Managed node that show they are ready to be managed.

    Rejected agents remain in Pending Management until the agent is uninstalled for the Management Group.
  6. In the Agent Managed node, right-click the computer name of each Forefront UAG server, click Properties, and on the Security tab, select the Allow this agent to act as a proxy and discover managed objects on other computers check box.