Le certificat SSL configuré pour le site Web passif de fédération sur le serveur de fédération expirera dans 20 jours.
Le certificat SSL expirera dans 20 jours.
Obtenez un nouveau certificat et importez-le à l'aide du composant logiciel enfichable Gestionnaire des services Internet pour le site Web passif de fédération.
Target | Microsoft.ActiveDirectoryFederationServices20.Websites | ||
Parent Monitor | System.Health.ConfigurationState | ||
Category | AvailabilityHealth | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | Warning | ||
Alert Priority | Normal | ||
Alert Auto Resolve | True | ||
Monitor Type | Microsoft.ActiveDirectoryFederationServices20.TwoStateScriptMonitorType | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Default |
<UnitMonitor ID="Microsoft.ActiveDirectoryFederationServices20.FederationServerWebsitesSSLCertGoingToExpireMonitor" Accessibility="Public" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices20.Websites" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="Microsoft.ActiveDirectoryFederationServices20.TwoStateScriptMonitorType" ConfirmDelivery="false">
<Category>AvailabilityHealth</Category>
<AlertSettings AlertMessage="Microsoft.ActiveDirectoryFederationServices20.FederationServerWebsitesSSLCertGoingToExpireMonitor_AlertMessageResourceID">
<AlertOnState>Warning</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Warning</AlertSeverity>
</AlertSettings>
<OperationalStates>
<OperationalState ID="Success" MonitorTypeStateID="Success" HealthState="Success"/>
<OperationalState ID="Error" MonitorTypeStateID="Error" HealthState="Warning"/>
</OperationalStates>
<Configuration>
<PowerShellPath>%windir%\system32\windowspowershell\v1.0\powershell.exe</PowerShellPath>
<ScriptName>FederationServerWebsitesSSLCertFutureExpiryCheck.ps1</ScriptName>
<ScriptBody>
function ByteArrayMatch ($array1, $array2)
{
if ( ($array1 -eq $null) -or ($array2 -eq $null) )
{
return $false
}
if ( $array1.Length -ne $array2.Length )
{
return $false
}
for ($i = 0; $i -lt $array1.Length; $i++)
{
if ( $array1[$i] -ne $array2[$i] )
{
return $false
}
}
return $true;
}
function GetADFSSSLCertificate()
{
$cert = $null;
$hash = ( Get-WmiObject -namespace "root/MicrosoftIISV2" -Class "IISWebServer" | Where-Object {$_.Name -eq "W3SVC/1"} | Select-object SSLCertHash )
if ($hash -ne $null)
{
$certStoreName = Get-WmiObject -namespace root/MicrosoftIISV2 -Class IISWebServerSetting | Where-Object {$_.Name -eq "W3SVC/1"} | Select-Object SSLStoreName
$certStore = New-Object System.Security.Cryptography.X509Certificates.X509Store($certStoreName.SSLStoreName , [System.Security.Cryptography.X509Certificates.StoreLocation]::LocalMachine)
$certStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)
for ( $i = 0; $i -lt $certStore.Certificates.Count; $i++)
{
$cert = $certStore.Certificates[$i]
if ($cert -ne $null)
{
$certHash = $cert.GetCertHash()
if ( ByteArrayMatch $hash.SSLCertHash $certHash )
{
break;
}
}
$cert = $null
}
}
return $cert
}
[System.Reflection.Assembly]::LoadWithPartialName("System.Security")
$scomapi = new-object -comObject "MOM.ScriptAPI"
$scomapi.LogScriptEvent("ActiveDirectoryFederationServices", 700, 4, "SSL certificate future expiry check PowerShell monitoring script")
$script:certOK = $true
&{
$sslCertificate = GetADFSSSLCertificate
if ($sslCertificate -ne $null)
{
if ( $sslCertificate.NotAfter.Subtract([System.DateTime]::Now).Days -lt 20 )
{
$script:certOK = $false
}
}
}
trap [System.Exception]
{
$script:exceptionMessage = $_.Exception.Message
$scomapi.LogScriptEvent("ActiveDirectoryFederationServices", 701, 2, "SSL certificate future expiry check PowerShell monitoring failed with an error. " + $_.Exception.Message)
continue
}
$scompb = $scomapi.CreatePropertyBag()
$scompb.AddValue("CertOK", $script:certOK )
$scompb.AddValue("ErrorMessage", $script:exceptionMessage )
$scomapi.AddItem($scompb)
$scomapi.ReturnItems() </ScriptBody>
<IntervalSeconds>86400</IntervalSeconds>
<TimeoutSeconds>300</TimeoutSeconds>
<ErrorExpression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='CertOK']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">false</Value>
</ValueExpression>
</SimpleExpression>
</ErrorExpression>
<SuccessExpression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='CertOK']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">true</Value>
</ValueExpression>
</SimpleExpression>
</SuccessExpression>
</Configuration>
</UnitMonitor>