Home
  •  

Certificate Monitoring failure

Microsoft.ActiveDirectoryFederationServices20.CertificateManagementCertificateManagementGenericErrorMonitor (UnitMonitor)

Knowledge Base article:

Summary

This monitor indicates that certificate monitoring failed.

If the same problem does not occur again within 13 hours, the health state of this monitor will change back to a Green state. The alert that is generated by this monitor must be resolved manually.

Causes

Any error in the certificate rollover service task can cause this event to occur. If this event occurs, a preceding error in the AD FS event log contains the actual cause for this error.

Resolutions

Manually check to determine whether any certificates are nearing expiration. If certificates are not nearing expiration, no further action is required. If certificates are near to expiration, restart the AD FS Windows service to restart the certificate rollover process.

Element properties:

TargetMicrosoft.ActiveDirectoryFederationServices20.CertificateManagement
Parent MonitorSystem.Health.ConfigurationState
CategoryConfigurationHealth
EnabledTrue
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.Windows.SingleEventLogTimer2StateMonitorType
RemotableTrue
AccessibilityPublic
Alert Message
Certificate Monitoring failure
Certificate monitoring failed.
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.ActiveDirectoryFederationServices20.CertificateManagementCertificateManagementGenericErrorMonitor" Accessibility="Public" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices20.CertificateManagement" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.SingleEventLogTimer2StateMonitorType" ConfirmDelivery="true">

  <Category>ConfigurationHealth</Category>

  <AlertSettings AlertMessage="Microsoft.ActiveDirectoryFederationServices20.CertificateManagementCertificateManagementGenericErrorMonitor_AlertMessageResourceID">

    <AlertOnState>Warning</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>Warning</AlertSeverity>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="EventRaised" MonitorTypeStateID="EventRaised" HealthState="Warning"/>

    <OperationalState ID="TimerEventRaised" MonitorTypeStateID="TimerEventRaised" HealthState="Success"/>

  </OperationalStates>

  <Configuration>

    <ComputerName>$Target/Host/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

    <LogName>$Target/Host/Property[Type="Microsoft.ActiveDirectoryFederationServices20.FederationServer"]/ADFSEventLog$</LogName>

    <Expression>

      <And>

        <Expression>

          <RegExExpression>

            <ValueExpression>

              <XPathQuery Type="String">PublisherName</XPathQuery>

            </ValueExpression>

            <Operator>MatchesMOM2005RegularExpression</Operator>

            <Pattern>(^AD FS$)|(^AD FS 2.0$)</Pattern>

          </RegExExpression>

        </Expression>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="UnsignedInteger">338</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

      </And>

    </Expression>

    <TimerWaitInSeconds>46800</TimerWaitInSeconds>

  </Configuration>

</UnitMonitor>