Home
  •  

Certificate template availability

AP.Remote.Access.Monitor.DA_OTP_HEURISTIC_CERT_TEMPLATE_GONE (UnitMonitor)

Knowledge Base article:

Summary

1. Certificate template configured for OTP authentication cannot be reached.

2. Certificate template used for OTP authentication is configured incorrectly.

Causes

1. The certificate template was deleted or renamed.

2. The Remote Access server does not have the required permissions to enroll the certificate template.

3. The DirectAccess user does not have the required read permissions for the certificate template.

4. The certificate template is not suitable for issuing OTP certificates. Possible causes:

a. Enhanced key usage is not smart card logon.

b. Key usage is not digital signature.

c. Validity period exceeds four hours.

d. Subject name is not set to be supplied in the request.

5. The certificate template is misconfigured.

Resolutions

1. Ensure that the certificate template exists on the domain controller.

2. Ensure that Remote Access server has read and enrollment permissions for the certificate template.

3. Ensure that DirectAccess users have read permissions for the certificate template

4. Ensure that the certificate template name is configured correctly in the Remote Access Setup Wizard.

Element properties:

TargetAP.Remote.Access.Class.Otp
Parent MonitorSystem.Health.AvailabilityState
CategoryCustom
EnabledTrue
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeAP.Remote.Access.Monitor.HeuristicMonitorType
RemotableTrue
AccessibilityPublic
Alert Message
Certificate template unavailable

Error Description - {0}
Error Cause - {1}
Error Resolution - {2}
RunAsDefault

Source Code:

<UnitMonitor ID="AP.Remote.Access.Monitor.DA_OTP_HEURISTIC_CERT_TEMPLATE_GONE" Accessibility="Public" Enabled="true" Target="AP.Remote.Access.Class.Otp" ParentMonitorID="Health!System.Health.AvailabilityState" Remotable="true" Priority="Normal" TypeID="AP.Remote.Access.Monitor.HeuristicMonitorType" ConfirmDelivery="true">

  <Category>Custom</Category>

  <AlertSettings AlertMessage="AP.Remote.Access.Monitor.DA_OTP_HEURISTIC_CERT_TEMPLATE_GONE_AlertMessageResourceID">

    <AlertOnState>Warning</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>Error</AlertSeverity>

    <AlertParameters>

      <AlertParameter1>$Data/Context/DataItem/Property[@Name='ErrorDesc']$</AlertParameter1>

      <AlertParameter2>$Data/Context/DataItem/Property[@Name='ErrorCause']$</AlertParameter2>

      <AlertParameter3>$Data/Context/DataItem/Property[@Name='ErrorResolution']$</AlertParameter3>

    </AlertParameters>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="DA_OTP_HEURISTIC_CERT_TEMPLATE_GONE_Error" MonitorTypeStateID="Error" HealthState="Error"/>

    <OperationalState ID="DA_OTP_HEURISTIC_CERT_TEMPLATE_GONE_Warning" MonitorTypeStateID="Warning" HealthState="Warning"/>

    <OperationalState ID="DA_OTP_HEURISTIC_CERT_TEMPLATE_GONE_Success" MonitorTypeStateID="Healthy" HealthState="Success"/>

  </OperationalStates>

  <Configuration>

    <Interval>300</Interval>

    <SyncTime/>

    <ComponentName>Otp</ComponentName>

    <HeuristicId>2148466695</HeuristicId>

    <Debug>false</Debug>

  </Configuration>

</UnitMonitor>