Home
  •  

SPF stored certificate has expired

Microsoft.SystemCenter.SPF.Rule.CertificateExpired (Rule)

Service Provider Foundation stored certificate being used to authenticate request has expired.

Knowledge Base article:

Summary

Detects expired certificates stored in SPF. SPF will post an event when a certificate being used to authenticate has expired.

Configuration

The following options can be configured on this rule:

Option

Definition

Default

Enabled

Specifies whether the rule should run.

True

Alert Priority

Specifies priority level for this rule.

Normal

Alert Severity

Specifies severity level for this rule.

Warning

Causes

If this monitor is in error, then certificate SPF uses to authenticate has expired. See the Configuration section for details on configuring the monitor.

Resolutions

Check the Authentication Certificate and renew the same.

Element properties:

TargetMicrosoft.SystemCenter.SPF.SpfServer
CategoryAlert
EnabledTrue
Event_ID101
Event SourceMicrosoft-ServiceProviderFoundation
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
RemotableTrue
Alert Message
SPF stored certificate has expired
Service Provider Foundation stored certificate being used to authenticate request has expired.
Event LogMicrosoft-ServiceProviderFoundation/Admin

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
Alert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Microsoft.SystemCenter.SPF.Rule.CertificateExpired" Target="Microsoft.SystemCenter.SPF.SpfServer" Enabled="true" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>Alert</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Microsoft-ServiceProviderFoundation/Admin</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="UnsignedInteger">101</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">Microsoft-ServiceProviderFoundation</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>2</Severity>

      <AlertMessageId>$MPElement[Name="Microsoft.SystemCenter.SPF.Rule.CertificateExpired.AlertMessage"]$</AlertMessageId>

    </WriteAction>

  </WriteActions>

</Rule>