In our environment, I have deployed several pieces of OpsMgr core infrastructure.  In building the infrastructure, one machine housed the RMS, SQL Server and web console.  Since we have several DMZs that are either one-way trusted or not in a domain (workgroup-only), I deployed Gateway servers in each of the DMZs.  Just recently, I installed the data warehouse and reporting components to the RMS machine.  As a result, I am now getting warnings on all of the Gateway machines complaining about the validity of the RunAs account for the data warehouse -- which is a domain account.  Specifically, the warning reads: "The Health Service cannot verify the future validity of the RunAs account <domain>\<data warehouse account> for management group <mgmt group>. The error is Logon failure: unknown user name or bad password. (1326L)."  Why are the Gateways not using local (or system) credentials and communicating back through cert-based auth?  Is there a piece of configuration that I am overlooking?

 Any insight would be appreciated.

-mc

I would start with the following guidance:

 Ops Mgr 2007 Gateway Server and PKI Scenarios Document