SCCM 2007 R3 Installation (Howto)

I have recently deployed Configuration Manager 2007 R3 beta (refresh) in production at my TAP customer. Below I will outline the steps for deploying Configuration Manager 2007 R3 beta.
Disclaimer: You are not allowed to install any beta products in your production environment!!! This is only allowed for selected TAP Customers !!! Always install beta products in lab environments !!!
This blog post highlights R3 the beta upgrade preparation on your SCCM 2007 SP2 environment . You need SP2 in order to be allowed the installation of R3, so if you did not upgraded your environment , this is the first step !
We talk further about the actual server upgrade and validation tasks.



1. Prerequisites :

SCCM 2007 SP2 only environment

Below a table with the site roles where this R3 upgrade is applicable if you have SCCM 2007 SP2 installed :

Role	Needed Installs	Comments	Specific Comments
Site Server (Central Site)	Hotfix KB977384 & R3 Installation	Always install	This site needs to be upgraded first.
Site Server (Primary Site)	Hotfix KB977384 & R3 Installation	Always install	These sites needs to be upgraded secondly.
Site Server (Secondary Site)	Hotfix KB977384 & R3 Installation *	Always Install	These sites needs to be upgraded after the primary sites because you will need certain included R2 features.
Admin Console	R3 Installation	to make sure that all functionality is present	-
DP, SUP, SQL DB Server (if remote)	Not applicable	none	-

 

SCCM 2007 SP2 R2 environment

Below a table with the site roles where this R3 upgrade is applicable if you have SCCM 2007 R2 already installed :

Role	Needed Installs	Comments	Specific Comments
Site Server (Central Site)	Hotfix KB977384 & R3 Installation	none	This site needs to be upgraded first.
Site Server (Primary Site)	Hotfix KB977384 & R3 Installation	none	These sites needs to be upgraded secondly.
Site Server (Secondary Site)	Hotfix KB977384 & R3 Installation *	Hotfix must always be installed !	Look below for additional information if you really need to install R3 on your secondary's
Admin Console	R3 Installation	to make sure that all functionality is present	-
DP, SUP, SQL DB Server (if remote)	Not applicable	none	-

* Site Server (Secondary Site) :

If you have SCCM 2007 R2 installed on your secondary sites and then :

1. You don't need to install R3 on secondary sites if you do not use any "Proxy MP" or "AD discovery" feature at your secondary sites if you only use the "Power Mgmt" feature through your organization & run "AD discovery" on your Central or Primary sites.
2. You do need R3 on your secondary sites if you do use the "Proxy MP" functionality or "AD discovery" at your secondary sites.
If you are planning to use these features in secondary sites you need to install R3. Since most customers do use proxy MP role on secondary ,you need to install R3 there as well.

2. Pre-Flight Checks for R3 Beta (refresh) Upgrade

• Take a  ConfigMgr Site Backup and verify that it is successful.
• Make sure that ConfigMgr 2007 SP2 is installed correctly and that all site server components are healthy

3. Configuration Manager 2007 R3 Beta (refresh) Server Upgrade

• Install the server side hotfix (KB977384) (included in the dowload of the R3 media) .This hotfix, which comes with the R3 of SCCM 2007, is a prerequisite for SCCM 2007 R3. During the installation it also creates a SCCM Package/Program containing a MSP file allowing to update SCCM Advanced Clients Components. This client hotfix package has to be deployed to all ConfigMgr 2007 SP2 clients before power policies can be managed.

Click “Next”to continue.

Click “I accept …”to continue and select “Next”to continue.

Hit the Ïnstall” button.

The Hotfix starts to install.

It will prompt you to create a Package & Program for later deployment to your Configmgr 2007 SP2 clients.

During the installation process, when prompted to create a software distribution package for client hotfix deployment, Provide a name for the ConfigMgr package & Program. However your package & program needs to be done thru conformity of your production naming convention & deployment standards. This client hotfix package has to be deployed to all ConfigMgr SP2 clients in the environment before their power policies can be managed

Specify the package source & click “Next” to continue.

Click “Next” to continue.

Click “Finish” to exit.

• During the hotfix KB977384 installation, the source bits for the client hotfix package will be copied into the client\i386\hotfix\KB977384Beta folder. Look if the bits exists in that folder.

• After successful installation of hotfix KB977384 pre-requisites, execute R3 beta (refresh) installation from the installation source location using SPLASH.HTA. Follow the screenshots below to complete the installation.

Click “Next” to continue.

Accept the license agreement and Click “Next” to continue.

Click “Next” to continue.

Click “Next” to continue.


Click “Finish” to exit.

4. Post Configuration Manager 2007 R3 Beta (refresh) Server tasks

• Open SCCM Console & navigate to Site Database – Site Management - - and view properties to confirm that R3 Installed is “Yes” as shown below

• Verify that the SMS_Def.mof has been appended with R3 specific WMI classes, without any changes to the pre-existing class definitions.

• Go to the ConfigMgr Console, navigate to [Site Database] – [Site Management] - [Your site code] - [Your site name] - [Site Settings] – [Client Agents].You will see a new item called “Power Management Client Agent”. Go to the “Power Management Client Agent” properties and check the box “Enable Power Management on Clients”.

• Install SCCM Reporting Services Point. Power Management in SCCM 2007 R3 contains a number of reports to help you to analyze power consumption and computer power settings in your organization. These Reports require SQL Reporting Services which was introduced in SCCM 2007 R2.If you never worked or used SRS reporting , get used to it , because it will be the only reporting functionality left in Configmgr V.next.

Note : I am not going to explain how to set-up SRS reporting . You can find guidance on Technet or the online help .

Copy SCCM Reports to Reporting Services. Power Management in SCCM 2007 R3 gives you 17 new reports.

Click “Next” to Continue.

Fill in your credentials and Click “Next” to Continue.

Select “Import Report Definition Language Files From Microsoft Signed Cabinet File”.

Browse to the "%SCCM installation folder%\Reports\Power Management" folder and select the MicrosoftReportPack.cab file. Click "Open” to Continue.

Look if all reports are selected and Click “Next” to Continue.

Click “Next” to Continue.

Look at the status and see that all reports are imported successfully. Click “Next” to Continue.

Look in the SCCM console if the reports exists.You can run all Reports from the SCCM Console now.

5. Deploy the MSP file contained into the SCCM Package created by installing the hotfix onto you SCCM 2007 SP2 Clients

After the R3 installation is completed on the site server, the next step is to deploy R3 hotfix to all SP2 clients to use all R3 features.Look for the Client hotfix package & program that where created during installation and must be available under ‘Software Distribution’ and then look for the Packages Node.

• Validate your Package & Program Properties

• Deploy your package to all your Distribution points, before deploying the package to all clients.

• Create your deployment collection(s).Deployments should be done in multiple phases.Start with a Test/Pilot group and the second wave should be per site/region.You could use “Link to Collection” for avoiding creating to much collections.

• Creation your Advertisements.There are no special requirements in creating advertisements for this deployment.

Hope it Helps ,

Updating SCCM 2007 SP2 RC (or beta) to SP2 Final

This guide will show you how to upgrade from SCCM 2007 SP2 Release Candidate (or SP2 Beta) to SCCM 2007 SP2 Final, however this scenario is not supported by Microsoft. This guide was performed on a lab server running Windows Server 2008 X64 SP2, SCCM 2007 R2 SP2 release candidate installed.

You can use this guide to help you plan your upgrade from SCCM 2007 SP1 to SP2.

This guide is provided as is to help you in your LAB environment, if you find any errors please report them in the Forums. For best practice advice always refer to Technet and in particular refer to the Configuration Manager 2007 SP2 Upgrade Checklist



Verify your SCCM version
Before we get started, let's verify our SCCM version. Right click on your Site Name in ConfigMgr and choose Properties.



The version info should read 4.00.6468.2001 for the SP2 release candidate.



Close ConfigMgr and open up control panel, add remove programs.


Uninstall WAIK
Close ConfigMgr and open up Control Panel, Programs And Features.
highlight Windows Automated Installation Kit and choose Uninstall

Resized to 96% (was 1008 x 629) - Click image to enlarge

answer yes when prompted



and Click Allow if you see the UAC prompt.

If prompted about the Windows Deployment Services Server, choose Do not close Applications and click Ok



When the WAIK is uninstalled answer Yes to reboot when prompted.



Extract the SP2 Upgrade files
First of all, download the SP2 file from here
There are two versions:

Full install (Note, this is a 180 day Eval)
Upgrade Install (Use this one to upgrade SCCM 2007 Sp1 to Sp2)

After the reboot double click on our ConfigMgr07SP2Upgrade_RTM_ENU.exe file

You will be prompted to unzip the file to a folder, so give it a folder to unzip to eg: c:\sccmsp2upgrade



Once unzipped, now would be a good time to read the ReadMe particularly to highlight the Known Issues.

Quote

Known Issues with System Center Configuration Manager 2007 SP2

This section provides the most up-to-date information about issues with Configuration Manager 2007 SP2. These issues do not appear in the product documentation, and in some cases may contradict existing product documentation. Whenever possible, these issues will be addressed in later releases.
Adding Packages to WinPE Images for Operating System Deployment by Using WAIK 2.0 Might Fail On Servers That Run the 64-Bit Version of Windows Server 2003 and the 64-bit Edition of Windows Server 2008

Configuration Manager 2007 uses the Deployment Image Service and Management (DISM) tool and the Windows Automated Installation Kit (WAIK) 2.0 to add packages to WinPE images for operating system deployment of Windows 7. On computers that run the 64-Bit version of Windows Server 2003 or the 64-bit edition of Windows Server 2008, a known issue might cause the following DISM commands to fail when updating string values in the registry:

* /Add-Package

* /Enable-Feature

* /Disable-Feature

During the Configuration Manager 2007 SP2 installation, DISM runs the /Add-Package command on the site server. The command fails on site servers that run the 64-Bit version of Windows Server 2003 or the 64-bit edition of Windows Server 2008.

WORKAROUND Install hotfix 960037 on the site server computer before upgrading to Configuration Manager 2007 SP2. For information about this issue and to download this hotfix, see article 96037 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkID=164906).

as I am running the X64 edition of Server 2008 I need to first check if I need to install the hotfix mentioned above and it seems the the hotfix is included in SP2 for Server 2008.

Install the Upgrade
Double click on Splash.HTA in the newly extracted folder




Run the PreRequisite checker click continue to the UAC prompt



I'm not running a SUP on this server so we can safely ignore the WSUS warning



click OK and run the Splash.hta file again, this time select to Install the Configuration Manager SP2 option



when the wizard appears click next

choose Upgrade an Existing...



accept the EULA



decide your CEIP settings



next choose to download the updates from the internet or if you have no internet connection on that server point to where you have downloaded the updates in advance



specify the path to the updates



and click next

you should see a summary of the upgrade, click next to begin



the PreRequisite checker will run again, as long as there are no show stoppers click Begin Install



after a long while the upgrade will be complete, make sure to scroll down to verify that all parts are marked as Completed and ok



click Next to complete the process and you can choose to view the upgrade log




Verify the new version

Now that the installation of SP2 is complete, start ConfigMgr and look at the version number.



The new version number should be 4.00.6487.2000

Verify your boot images
In ConfigMgr expand the Operating System Deployment node, boot images, select your X64 boot image and review it's properties, the version should read 6.1.7600.16385



once verified, you should update your Distribution Points with a copy of that boot image



Now that you are done, do the same with your X86 boot image

Create new Package from Definition
In ConfigMgr, expand the Software Distribution node and right click, choose New, Package from Definition



Choose the Configuration Manager Client Upgrade option



choose Always obtain files from a source directory



point to your client source eg: \\SERVER\sms_xxx\client where xxx is the site code, and choose finish

Expand the newly created package, and click on Programs, select the Advanced client and right click, choose Properties.



click on the Requirements tab, and select this program can run on any platform and click Apply



Right click on distribution points and select New, go through the wizard



when done, update your client to the same Distribution points




Final Actions after the Upgrade

* You need to update your Client versions to the new SP2 ConfigMgr Client.

* You may need to add network drivers back to your boot images otherwise network boot (which worked before the ugprade) may fail with the following error

PXE-T01: File Not Found
PXE-E3B: TFTP Error - File Not found. 

SP2 tips and gotchas

* The Configuration Manager Service Pack Install Guide

* SCCM SP2 Upgrade Gotchas and Tips

* The SP2 Upgrade may take a lot of time especially if your Database is large

* How to create a custom boot image after the SP2 upgrade

* Upgrade the ConfigMgr consoles from SP1 to SP2 otherwise they will not work properly (advertisements missing etc)

* hotfix for "Number of retries" and "Delay before retrying (minutes)" retry settings

* SCCM 2007, ready to load SP2 and have some questions. .

How get the rid of systems which has WMI issue(rebuild WMI Repository)

Had several systems which had wmi issue in doing client /application installation.This is most common issue which we face if something happens to the system.To get solved,use the script which can be run remotly using psexec tool.
Note : The below script tested only on Windows XP ,not tested on higher versions like Windows 7
Download the psexec tool from microsoft .Here are the basic instruction in doing it.
1.copy the psexec.exe tool on to new folder (G:\script) and create 3 new files(wmifix.bat,computers.txt and run.bat).Each file script has given below.


wmifix:
@echo off
REM  WMi Repair
Title WMI Repair
%windir%\system32\wbem\winmgmt /clearadap
%windir%\system32\wbem\winmgmt /kill
%windir%\system32\wbem\winmgmt /unregserver
%windir%\system32\wbem\winmgmt /reserver
%windir%\system32\wbem\winmgmt /resyncperf
net stop winmgmt /y
if exist %windir%\system32\wbem\repository.old rmdir /s /q %windir%\system32\wbem\repository.old
ren %windir%\system32\wbem\repository repository.old
regsvr32 /s %systemroot%\system32\scecli.dll
regsvr32 /s %systemroot%\system32\userenv.dll
for /f %%s in (‘dir /b /s %windir%\system32\wbem\*.dll’) do regsvr32 /s %%s
for /f %%s in (‘dir /b /s %windir%\system32\wbem\*.mof’) do mofcomp %%s
for /f %%s in (‘dir /b %windir%\system32\wbem\*.mfl’) do mofcomp %%s
net start winmgmt
%windir%\system32\wbem\wmiprvse /regserver
run.bat
@echo off
cd G:\script
G:
psexec @computers.txt -c G:\script\wmifix.cmd
computers.txt
Add list of computers to the txt file which you have trouble.

Monthly Patch statistics reports in SMS/SCCM to show up to the management in a simplified manner

Long back created a report for the monthly Patch statistics which can be found in http://www.windows-noob.com/forums/index.php?/topic/1764-patch-management-report-in-sms-2003/#entry6281
Below all the reports have been created using the last state messages.Even you can create different type of quiries based on this.



I was referring to the Patch process and found an image which gives the statistics for the listed patches in a good viewable way.so thought of creating such a report and can be linked to other report to get preferable colums which are necessary.May be i can show it to the management team for the patch activity on monthly basis.This basically requries to create 3 reports( like 1,2,3 ) out of which 3 is linked to 2 and 2 is linked 1.It is just simple that you can run only one report which is linked to other reports which gives u a report like below for the given bulletin ID’s.
Note:The below report is filterd with language swedish,if you want to get status for English/other language patches,you can customise it.The below report is called 1)Patch Management summary

To Build this report and to link to other reports ,you will have to create 3 reports which i named it like :1)Patch Management summary 2)Status of Each bulletin ID 3)Status of each bulletin ID with distribution status
Create new reports for each with the below query.
3)Status of particular bulletin ID with selected distribution status:
select distinct sys.Netbios_Name0, sys.User_Domain0, sys.User_Name0, fcm.SiteCode, ws.LastHWScan,
DATEADD(ss,@__timezoneoffset,ps.LastStatusTime) as LastStatusTime,ps.LastStatusMessageIDName, ps.LastExecutionResult
from v_R_System sys
join v_FullCollectionMembership fcm on sys.ResourceID=fcm.ResourceID
join v_GS_WORKSTATION_STATUS ws on sys.ResourceID=ws.ResourceID
join v_GS_PatchStatusEx ps on sys.ResourceID=ps.ResourceID
join v_ApplicableUpdatesSummaryEx summ on
       ps.UpdateID=summ.UpdateID
where (ps.LastStateName=@status and summ.ID=@Title) and
(summ.Type = ‘Microsoft Update’) and (summ.product NOT LIKE ‘Windows Server 2003′)
group by Netbios_Name0, user_Domain0,user_Name0,SiteCode,LastHWScan,LastStatusTime,LastStatusMessageIDName,LastExecutionResult
order by Netbios_Name0
Click on the “Prompts Button“
Create a new prompt with the following Name: “status“
Give it a prompt text for ex: Select the Status
 Provide the following sql statement to the prompt for status with the given syntax
  select distinct LastStateName from v_GS_PatchStatusEx
Create another prompt value for Title with the sytax query :
  Select Title,ID,Product from v_GS_PatchStatusEx
Create report 2 called Status of Each bulletin ID
declare @n float
select @n = count(distinct ps.ResourceID)
from v_GS_PatchStatusEx ps
join v_FullCollectionMembership fcm on ps.ResourceID=fcm.ResourceID
join v_ApplicableUpdatesSummaryEx summ on
       ps.UpdateID=summ.UpdateID
where (ps.ID=@Title or ps.QNumbers=@Title or ps.Title=@Title) and
       (summ.Type =’Microsoft update’) and (summ.product NOT LIKE ‘Windows Server 2003′)
if IsNULL(@n,0) = 0 return
select @Title as Title, ps.LastStateName, count(distinct ps.ResourceID) as ‘Totals’,
 ROUND(100.0 * count(distinct ps.ResourceID)/@n,2) as ‘Percentage %’
from v_GS_PatchStatusEx ps
join v_FullCollectionMembership fcm on ps.ResourceID=fcm.ResourceID
join v_ApplicableUpdatesSummaryEx summ on ps.UpdateID=summ.UpdateID
where (ps.ID=@Title or ps.QNumbers=@Title or ps.Title=@Title)
       and (summ.Type = ‘Microsoft update’ ) and (summ.product NOT LIKE ‘Windows Server 2003′)
group by ps.LastStateName
Prompt for Title:   select Title,ID,QNumbers from v_GS_PatchStatusEx
Once you create the report,just right click on the report  and choose properties ,Choose the “Links” tab , Choose link Type: “link to another report“choose the report the one which you created above(report 3 in this case). make sure you have selected the correct columns which are marked in red circle
almost we come to an end by creating last report called  1) Patch Management summary
select summ.ID,summ.QNumbers as ‘Q Number’,
COUNT(distinct ps.ResourceID) as ‘Requested’,
COUNT(distinct case when ps.LastState=107 or ps.laststate=102 or ps.laststate=105 then ps.ResourceID else NULL End)  as ‘Installed’,
ROUND(100.0*COUNT(distinct case when ps.LastState=107 or ps.laststate=102 or ps.laststate=105 then ps.ResourceID else NULL End) /count(distinct ps.ResourceID),2) as ‘Success %’
from v_GS_PatchStatusEx ps
join v_ApplicableUpdatesSummaryEx summ on ps.UpdateID=summ.UpdateID
where (summ.ID=’MS10-006′ or summ.ID=’MS10-007′ or summ.ID=’MS10-008′ or summ.ID=’MS10-013′) and (summ.Type=’Microsoft Update’) and (summ.product NOT LIKE ‘Windows Server 2003′) and (summ.language=’Swedish’)
group by summ.ID,summ.QNumbers
order by summ.ID
If you want to get the information from particular collection,then you can limit the Above report on a specified collection ,here is the one to go.
select summ.ID,summ.QNumbers as ‘Q Number’,
COUNT(distinct ps.ResourceID) as ‘Requested’,
COUNT(distinct case when ps.LastState=107 or ps.laststate=102 or ps.laststate=105 then ps.ResourceID else NULL End)  as ‘Installed’,
 ROUND(100.0*COUNT(distinct case when ps.LastState=107 or ps.laststate=102 or ps.laststate=105 then ps.ResourceID else NULL End)
 /count(distinct ps.ResourceID),2) as ‘Success %’
 from v_GS_PatchStatusEx ps
JOIN v_FullCollectionMembership fcm on ps.ResourceID=fcm.ResourceID
join v_ApplicableUpdatesSummaryEx summ on
   ps.UpdateID=summ.UpdateID
    where (summ.QNumbers=’975562′ or summ.QNumbers=’978695′ or summ.QNumbers=’979482′ or summ.QNumbers=’980195′ or summ.QNumbers=’982381′) and
            (summ.Type=’Microsoft Update’) and (summ.product NOT LIKE ‘Windows Server 2003′) and(fcm.CollectionID =@collID)
group by summ.ID,summ.QNumbers
order by summ.ID
You would need to create promot collId given below:
begin
 if (@__filterwildcard = ”)
  select CollectionID, Name from v_Collection order by Name
 else
  select CollectionID, Name from v_Collection
  WHERE CollectionID like @__filterwildcard
  order by Name
end
The above report will generate status for specific bulletin ID’s for swedish language in brief.If you want to generate report for other languages or you want to get patch status irrespective of Laguage,you can simply delete it.
Once you create this report,right click and select properties.Choose the “Links” tab,Choose link Type: “link to another report” ,choose the report that you have created above(report 2 inthis case).ensure you have the correct columns fields like below otherwise you will mislead the report.
 you have done now,reports are ready for you.

Report for Particular Bulletin ID ,click on MS10-007

click on failed status,which gives you all machines

Hope it helps you insome way.The same reports are still work in SCCM in similar way but before doing it SCCM,change the bulletin ID numbers and language(in mycase it is Swedish)
Note: when you copy and paste the quiries to your SMS/SCCM server ,you might see some errors because of copy and paste.All these quiries are present in notepad attached here  Status report quiries
All the reports are working well in SCCM environment but you will have to remove a part of syntax called “and (summ.product NOT LIKE ‘Windows Server 2003′)” from the reports which you use since in SCCM,the product value is NULL.If you use the above quiries without modifying,you may see blank report.

Show All “Succeeded” Advertisement Counts for the Past 30 Days

We rely on Run Advertised Programs (RAP) quite heavily at Dell – we have approximately 400 applications available in RAP, available to almost all systems.  I was asked to provide a quick report that shows the number of successful installs for each Advertisement over the past 30 days, so I thought I would share with you!

SELECT     COUNT(*) AS Count, v_ClientAdvertisementStatus.AdvertisementID, v_Advertisement.AdvertisementName
FROM         v_ClientAdvertisementStatus LEFT OUTER JOIN
                      v_Advertisement ON v_Advertisement.AdvertisementID = v_ClientAdvertisementStatus.AdvertisementID
WHERE     (v_ClientAdvertisementStatus.LastStateName = 'succeeded') AND (v_ClientAdvertisementStatus.LastStatusTime > DATEADD(day, - 30, GETDATE()))
GROUP BY v_ClientAdvertisementStatus.AdvertisementID, v_Advertisement.AdvertisementName
ORDER BY v_Advertisement.AdvertisementName

Enjoy!

SCOM R2 Gateway Server not communicating with the SCOM Management Group: EventID 20070 on the GW server and EventID 20000 on the RMS

Normally when a SCOM Gateway is installed and all prereqs are met, things run like clock work. In the years that I work with SCOM I have installed many SCOM GWs, all without any real issues what so ever. And when something was amiss, it turned out to be something simple like a firewall blocking some traffic or an incorrect certificate or a missing certificate chain. With just a few mouse clicks, all was fine and life was good again.


Until last week that is. I bumped into a GW that wouldn’t work. AT ALL! I could reproduce it as well with another GW, installed in total different environment. Strangest thing was that another SCOM R2 GW server was already installed and fully functional. So what was happening? And more over, how to solve it?
The Situation:
The SCOM R2 GW is installed and everything is in place (certs, SCOM GW Approval Tool has been run, firewalls have been configured and the lot). So there is a connection from the GW to the MG.
However, the GW throws EventID 20070 with the message ‘…Check the event log on the server for the presence of 20000 events, indicating that the agents which are not approved are attempting to connect ’:

On the RMS side of things, EventID 20000 is shown, telling that the SCOM R2 GW tries to connect but isn’t recognized as part of this Management Group (…A device which is not part of this management group has attempted to access this Health Service. Requesting Device Name : …):

Things we tried: Wow! We did many things in order to get it all up & running:

1. Of course, we checked the firewalls, routers and switches;
2. Even installed Network Monitor on the RMS;
3. Renewed the certs on the GW side of it all, reinstalled the SCOM GW;
4. Reran the GW Approval Tool many times;
5. Flushed the Health Service State on the RMS and the MS which the GW should report to in order to get a fresh config file (~:\Program Files\System Center Operations Manager 2007\Health Service State\Connector Configuration Cache\\OpsMgrConnector.Config.xml);
6. Installed the SCOM GW on total new server;
7. Renamed the SCOM GW to see whether the computer name was causing it all;
8. Ran some verbose logging on the RMS, MS and GWs which only showed EventID 20000 happening and nothing more;
9. Deleted the SCOM GW and its SITE entry from the SCOM DB, waited until they were groomed out and started all over totally CLEAN;
10. Ran some good tracing on the firewalls involved as well, showing us the connection was closed by the RMS (EventID 20000).

All to no avail. Nothing solid came out of it.
So I installed a new SCOM GW in total different Forest. And experienced the same issue! And all that time, the GW server which was installed some weeks ago was running just fine.
Dive Dive!: So it was time for a deep deep dive. We copied the file OpsMgrConnector.Config.xml of the RMS and MS to another location and started to take a deep dive into them. Soon we noticed a difference: the file from the RMS contained the Connector information for the fully functional GW server, while the MS didn’t.
That’s strange! Since that GW server was installed by me using the GW Approval Tool, telling SCOM that the GW server should report to the MS and not the RMS. So this entrance should be found in the file located on the MS, not the RMS! I checked my installation document for that particular environment and indeed, I referred to the MS, not the RMS….
Time to run a PS-cmdlet which shows to WHAT MS the GW server is primarily talking to: Get-GatewayManagementServer | where {$_.Name -like '< GW SERVER NAME>'} | Get-PrimaryManagementServer.
And the output really puzzled me: the functional GW Server wasn’t talking to the MS but the RMS. Also the people running the firewall (TMG) told me that ONLY the RMS was being published, not the MS!
Now it all hit home! Wow!
The Solution: I stopped the Health Service on the problematic test GW server, removed the GW server from the SCOM R2 Console, reran the GW Approval Tool, this time I referred to the RMS as the Management Server, adjusted the registry on the GW server in order to reflect the RMS and not the MS and restarted the Health Service on the GW.
BINGO!
All was working now!
Did the same for the problematic production GW server and hit the jackpot there as well!
However, some additional work needs to be done but that will be planned for the days to come:

1. Publish the MS instead of the RMS on the TMG;
2. Reconfigure the GWs to talk to the MS and not the RMS (some simple PS-cmdlets will do the trick here);
3. Adjust the registry entries on the GWs in order to reflect the changes.

Why? It is not good to have servers reporting to the RMS.
Puzzled: Yes, I am still puzzled. WHY does the first functional GW server talk to the RMS instead of the MS, while I have ran the GW Approval Tool in such a manner that it should talk to the MS? Got the screen dumps showing it. Really felt stupid and taken by surprise. Also learned a valuable lesson: How to troubleshoot SCOM R2…