Home
  •  

Expiration Check of Certificate Used for Authentication

Microsoft.SystemCenter.HealthService.CommunicationCertificateExpirationCheck (UnitMonitor)

This monitor checks the status of the certificate used for authentication and sends an alert when the certificate is about to expire.

Knowledge Base article:

Summary

The certificate used for authentication is about to expire. This certificate is used for certificate-based authentication from this System Center Management Health Service to other System Center Management Health Services.

This is the same certificate that was imported using the MOMCertImport.exe utility.

Once the certificate expires, the agent or management server will not be able to communicate with or report data to the management group.

Causes

The certificate is about to expire. After it has expired, the System Center Management Health Service will be unable to authenticate to other System Center Management Health Services.

Resolutions

Obtain a new certificate and import it using the MOMCertImport.exe utility.

Additional

For more information on importing and using certificates in Operations Manager, see Managing Certificates in Operations Manager (http://go.microsoft.com/fwlink/?LinkID=824998).

For information about using the CertGenWizard.exe, an unsupported tool for requesting multiple certificates, see the blog post Obtaining Certificates for Non-Domain Joined Agents Made Easy With Certificate Generation Wizard (http://go.microsoft.com/fwlink/?LinkId=195439).

Element properties:

TargetMicrosoft.SystemCenter.HealthService
Parent MonitorSystem.Health.ConfigurationState
CategoryConfigurationHealth
EnabledTrue
Alert GenerateTrue
Alert SeverityError
Alert PriorityHigh
Alert Auto ResolveTrue
Monitor TypeMicrosoft.Windows.2SingleEventLog2StateMonitorType
RemotableTrue
AccessibilityPublic
Alert Message
System Center Management Health Service Authentication Certificate Expiration
{0}
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.SystemCenter.HealthService.CommunicationCertificateExpirationCheck" Accessibility="Public" Enabled="true" Target="SCLibrary!Microsoft.SystemCenter.HealthService" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.2SingleEventLog2StateMonitorType" ConfirmDelivery="true">

  <Category>ConfigurationHealth</Category>

  <AlertSettings AlertMessage="Microsoft.SystemCenter.HealthService.CommunicationCertificateExpirationCheck_AlertMessageResourceID">

    <AlertOnState>Warning</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>High</AlertPriority>

    <AlertSeverity>Error</AlertSeverity>

    <AlertParameters>

      <AlertParameter1>$Data/Context/EventDescription$</AlertParameter1>

    </AlertParameters>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="FirstEventRaised" MonitorTypeStateID="FirstEventRaised" HealthState="Warning"/>

    <OperationalState ID="SecondEventRaised" MonitorTypeStateID="SecondEventRaised" HealthState="Success"/>

  </OperationalStates>

  <Configuration>

    <FirstComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</FirstComputerName>

    <FirstLogName>Operations Manager</FirstLogName>

    <FirstExpression>

      <And>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="UnsignedInteger">21020</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="String">PublisherName</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="String">OpsMgr Connector</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

      </And>

    </FirstExpression>

    <SecondComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</SecondComputerName>

    <SecondLogName>Operations Manager</SecondLogName>

    <SecondExpression>

      <And>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="UnsignedInteger">20053</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="String">PublisherName</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="String">OpsMgr Connector</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

      </And>

    </SecondExpression>

  </Configuration>

</UnitMonitor>