SCE and worgroup hosts

In SCE sometimes happens, that you lose the connection with the workgroup managed computer. In  this case you are unable to repair the connection or in some way reinstall the agent. This is another scenario connected to certificate and password communications between machines. The only solution is to establish again the connection from zero.
First we must uninstall the agent from the workgroup machine. We have to do this from the Control Panel by removing the SCVMM2008R2 agent.
The second step is to install the agent once again from the source media (setupvmmamd64SetupVMM.exe) with this options:

  • in the wizard option select This is a host on perimeter network,
  • insert a password for encryption file and do not select Use the CA certificate,
  • select Use local computer name,
  • install the agent,
  • copy SecurityFile.txt to the SCE computer.

Now is time to logon on the SCE server. You have to use the PowerShell. Open Start menu and navigate to All Programs > Microsoft System Center >  Virtual Machine Manager 2008R2 and open Windows PowerShell – Virtual Machine Manager (Open it as Administrator).
Now you must connect to the SCE server with the command Get-VMMServer –ComputerName “FQDN of SCE Server”
The first thing to do if the Host is already present in SCE is to remove it. This is easy to do with the command Remove-VMHost “Hostname”. The hostname here is, in most cases, without domain (it is situated in the workgroup).
Now we add a host to SCE with this commands:

  • first we put in the credentials (the same username and password as you specified it in the Host machine): $Pass = Get-Credential,
  • now we add a Host to SCE: Add-VMHost “HostName” –Description “My host” –RemoteConnectEnabled $False –PerimeterNetworkHost –SecurityFile “D:SecurityFile.txt” -EncryptionKey $Pass. Note the location of the Security file and the fact that the description is optional.

Now we can open the SCE console and host is there, but when we try to connect to host (screen below), we are prompted for credentials and we will see, that there is the problem with certificate of the host machine. At this point we have to find which certificate is required (look the dates and the certificate properties in the popup window), export it from the host computer trusted certificate store and import in on the SCE computer to Trusted Root Certification Authorities store (Computer).
That’s all.

.