This monitor determines if the certificate is expired or the number of days until certificate expiry is lower than the set threshold.
This monitor determines if the certificate is expired or if the number of days until certificate expiry is lower than the set threshold. The monitor has three health states, healthy, warning and critical. The health state is determined by comparing the number of days until the certificate expires to the set threshold.
An error state is caused by having an issue with the certificate on a watcher node. It can be caused by the following:
Subscription using a certificate that is expired.
Certificate does not contain private keys.
Certificate not found in the local machine certificate store.
The private keys of the certificate are not readable by the action account.
Resolution depends on the specific error. Verify and/or fix the following:
Replace certificate with one that has yet to expire.
Create a certificate with private keys.
Import the certificate into the local machine certificate store.
Give action account read access to the certificate.
Target | Microsoft.SystemCenter.M365.WatcherNodeApplication | ||
Parent Monitor | Microsoft.SystemCenter.M365.Monitor.Availability.WatcherNode | ||
Category | AvailabilityHealth | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | MatchMonitorHealth | ||
Alert Priority | Normal | ||
Alert Auto Resolve | True | ||
Monitor Type | Microsoft.SystemCenter.M365.Monitor.CertificateExpiry.UnitMonitorType | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Default |
<UnitMonitor ID="Microsoft.SystemCenter.M365.Monitor.CertificateExpiryMonitor" Accessibility="Public" Enabled="true" Target="Microsoft.SystemCenter.M365.WatcherNodeApplication" ParentMonitorID="Microsoft.SystemCenter.M365.Monitor.Availability.WatcherNode" Remotable="true" Priority="Normal" TypeID="Microsoft.SystemCenter.M365.Monitor.CertificateExpiry.UnitMonitorType" ConfirmDelivery="false">
<Category>AvailabilityHealth</Category>
<AlertSettings AlertMessage="Microsoft.SystemCenter.M365.Monitor.CertificateExpiry.Alert.Message">
<AlertOnState>Error</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>MatchMonitorHealth</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Data/Context/Property[@Name='Message']$</AlertParameter1>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="Success" MonitorTypeStateID="Healthy" HealthState="Success"/>
<OperationalState ID="Warning" MonitorTypeStateID="Warning" HealthState="Warning"/>
<OperationalState ID="Error" MonitorTypeStateID="Critical" HealthState="Error"/>
</OperationalStates>
<Configuration>
<IntervalSeconds>21600</IntervalSeconds>
<AzureADEndpoint>$Target/Property[Type="Microsoft.SystemCenter.M365.WatcherNodeApplication"]/AzureADEndpoint$</AzureADEndpoint>
<GraphEndpoint>$Target/Property[Type="Microsoft.SystemCenter.M365.WatcherNodeApplication"]/GraphEndpoint$</GraphEndpoint>
<TenantId>$Target/Property[Type="Microsoft.SystemCenter.M365.WatcherNodeApplication"]/TenantId$</TenantId>
<ApplicationClientId>$RunAs[Name="Microsoft.SystemCenter.M365.RunAsProfile.ApplicationClient"]/UserName$</ApplicationClientId>
<ApplicationClientCredentials>$RunAs[Name="Microsoft.SystemCenter.M365.RunAsProfile.ApplicationClient"]/Password$</ApplicationClientCredentials>
<WarningDays>30</WarningDays>
<MatchCount>1</MatchCount>
</Configuration>
</UnitMonitor>