This monitor checks if the Enrollment Point is able to configure the Certification Authority.
This monitor checks if the Enrollment Point is able to request certificates from the Certification Authority (CA) on behalf of the mobile device or AMT client. It produces an alert if the Enrollment Point cannot request the certificate from the CA.
Users allowed to enroll might not have permission to enroll for the CA template configured in the enrollment profile.
The Certificate Template configured on the CA has incorrect settings (for example wrong key length)
The CA is not functioning correctly.
The security group for the AMT client account does not have Enroll permissions.
Check that the credentials used to communicate with the CA server are correct.
Check that the Certification Authority is running properly.
Check the failed certificate request on the CA.
Check the security groups for the AMT account to ensure the Enroll permissions are setup correctly.
New mobile devices cannot enroll to Configuration Manager.
Enrolled mobile devices will not be able to renew their certificates.
New AMT machines cannot be provisioned.
Provisioned AMT machines cannot renew their certificates.
| Target | MECM.EnrollmentPoint | ||
| Parent Monitor | MECM.SiteRole.AggregateRollup.Monitor | ||
| Category | Custom | ||
| Enabled | True | ||
| Alert Generate | True | ||
| Alert Severity | MatchMonitorHealth | ||
| Alert Priority | Normal | ||
| Alert Auto Resolve | True | ||
| Monitor Type | MECM.StatusMessage2State.MT | ||
| Remotable | True | ||
| Accessibility | Public | ||
| Alert Message |
| ||
| RunAs | Default |
Home
<UnitMonitor ID="MECM.EnrollmentPoint.CATask.StatusMessage.Monitor" Accessibility="Public" Enabled="true" Target="MECM.EnrollmentPoint" ParentMonitorID="MECM.SiteRole.AggregateRollup.Monitor" Remotable="true" Priority="Normal" TypeID="MECM.StatusMessage2State.MT" ConfirmDelivery="true">
<Category>Custom</Category>
<AlertSettings AlertMessage="MECM.EnrollmentPoint.CATask.StatusMessage.Monitor.AlertMessage">
<AlertOnState>Error</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>MatchMonitorHealth</AlertSeverity>
</AlertSettings>
<OperationalStates>
<OperationalState ID="UIGeneratedOpStateId6e8c5188e1e843278b5082a600713c5c" MonitorTypeStateID="Good" HealthState="Success"/>
<OperationalState ID="UIGeneratedOpStateIdd474d27d8e384d0a9a31172e6f7045c3" MonitorTypeStateID="Error" HealthState="Error"/>
</OperationalStates>
<Configuration>
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$</ComputerName>
<ComponentName>SMS_ENROLL_SERVER</ComponentName>
<RuleId>0E0F3D4B-C5A0-41A4-B225-1708C9FE28EF</RuleId>
<IntervalSeconds>360</IntervalSeconds>
<MatchCount>3</MatchCount>
</Configuration>
</UnitMonitor>