Event ID 21001
The OpsMgr Connector could not connect to MSOMHSvc/hostname.local because mutual authentication failed. Verify the SPN is properly registered on the server and that, if the server is in a separate domain, there is a full-trust relationship between the two domains.
Event ID 20057
Failed to initialize security context for target MSOMHSvc/hostname.local. The error returned is 0x80090303 (The specified target is unknown or unreachable). This error can apply to either the Kerberos or the SChannel package.
my setup: certificate based authentication for servers in workgroup.
problem identified: MOMCertImport tool wrote the wrong certificate serial number to the registry so the wrong certificate was used for authentication.
registry key: HKLM\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings\ChannelCertificateSerialNumber
this registry key must contain the certificate serial number from : Local Computer / Personal / Certificates folder
!!! the certificate serial number is wrote in the registry in reverse order.!!!