Secure Exchange Key Synchronization Check

Microsoft.SystemCenter.SecureStorage.PublicKeyCheck.Unit (UnitMonitor)

Alerts when an issue synchronizing the secure exchange key exists

Knowledge Base article:

Summary

This monitor and alert indicates that the Health Service has either failed to publish its public key to a management group in order to receive secure messages or it has received a secure message encrypted with the wrong public key.

Below is a summary of the default configuration of this monitor:

Red state: Transition to red state if the health service, within 6 hours, receives at least 10 occurrences of event that indicates the wrong key (7004), failure to publish key (7005), or expiring public key (7013)
Green state: Transition to green state automatically every 6 hours.

Causes

The critical state can indicate the following may be happening on the agent:

The Health Service received a secure message from a management group which was encrypted using the wrong public key.
The Health Service was unable to publish its public key to a management group and will be unable to receive secure messages until this key is published.
The key pair that the health service uses to receive secure messages from a management group is expiring.

Resolutions

No action required – the health service will try to automatically fix the problem by doing one of the following:

The health service will discard the secure message and re-publish the public key.
The health service will attempt to retry publishing the key.
The health service will be recycled and the key regenerated.

Element properties:

Target

Microsoft.SystemCenter.HealthService

Parent Monitor

Microsoft.SystemCenter.HealthService.AvailabilityHealthRollup

Category

Custom

Enabled

True

Alert Generate

True

Alert Severity

Error

Alert Priority

Normal

Alert Auto Resolve

True

Monitor Type

Microsoft.Windows.RepeatedEventLogTimer2StateMonitorType

Remotable

True

Accessibility

Public

Alert Message

Secure Exchange Key Synchronization Error

There is a problem with synchronization of the secure storage public key.

RunAs

Default

Source Code:

<UnitMonitor ID="Microsoft.SystemCenter.SecureStorage.PublicKeyCheck.Unit" Accessibility="Public" Enabled="true" Target="SCLibrary!Microsoft.SystemCenter.HealthService" ParentMonitorID="Microsoft.SystemCenter.HealthService.AvailabilityHealthRollup" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.RepeatedEventLogTimer2StateMonitorType" ConfirmDelivery="true">

  <Category>Custom</Category>

  <AlertSettings AlertMessage="Microsoft.SystemCenter.SecureStorage.PublicKeyCheck.Unit.AlertMessage">

    <AlertOnState>Error</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>Error</AlertSeverity>

    <AlertParameters>

      <AlertParameter1>$Data/Context/EventDescription$</AlertParameter1>

    </AlertParameters>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="SecureExchangeKeyIssues" MonitorTypeStateID="RepeatedEventRaised" HealthState="Error"/>

    <OperationalState ID="SecureExchangeKeySynchronized" MonitorTypeStateID="TimerEventRaised" HealthState="Success"/>

  </OperationalStates>

  <Configuration>

    <RepeatedComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</RepeatedComputerName>

    <RepeatedLogName>Operations Manager</RepeatedLogName>

    <RepeatedExpression>

      <And>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="String">PublisherName</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="String">HealthService</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

        <Expression>

          <Or>

            <Expression>

              <And>

                <Expression>

                  <SimpleExpression>

                    <ValueExpression>

                      <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

                    </ValueExpression>

                    <Operator>Equal</Operator>

                    <ValueExpression>

                      <Value Type="UnsignedInteger">7013</Value>

                    </ValueExpression>

                  </SimpleExpression>

                </Expression>

                <Expression>

                  <SimpleExpression>

                    <ValueExpression>

                      <XPathQuery Type="String">Params/Param[1]</XPathQuery>

                    </ValueExpression>

                    <Operator>Equal</Operator>

                    <ValueExpression>

                      <Value Type="String">$Target/ManagementGroup/Name$</Value>

                    </ValueExpression>

                  </SimpleExpression>

                </Expression>

              </And>

            </Expression>

            <Expression>

              <And>

                <Expression>

                  <SimpleExpression>

                    <ValueExpression>

                      <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

                    </ValueExpression>

                    <Operator>Equal</Operator>

                    <ValueExpression>

                      <Value Type="UnsignedInteger">7005</Value>

                    </ValueExpression>

                  </SimpleExpression>

                </Expression>

                <Expression>

                  <SimpleExpression>

                    <ValueExpression>

                      <XPathQuery Type="String">Params/Param[1]</XPathQuery>

                    </ValueExpression>

                    <Operator>Equal</Operator>

                    <ValueExpression>

                      <Value Type="String">$Target/ManagementGroup/Name$</Value>

                    </ValueExpression>

                  </SimpleExpression>

                </Expression>

              </And>

            </Expression>

            <Expression>

              <And>

                <Expression>

                  <SimpleExpression>

                    <ValueExpression>

                      <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

                    </ValueExpression>

                    <Operator>Equal</Operator>

                    <ValueExpression>

                      <Value Type="UnsignedInteger">7004</Value>

                    </ValueExpression>

                  </SimpleExpression>

                </Expression>

                <Expression>

                  <SimpleExpression>

                    <ValueExpression>

                      <XPathQuery Type="String">Params/Param[1]</XPathQuery>

                    </ValueExpression>

                    <Operator>Equal</Operator>

                    <ValueExpression>

                      <Value Type="String">$Target/ManagementGroup/Name$</Value>

                    </ValueExpression>

                  </SimpleExpression>

                </Expression>

              </And>

            </Expression>

          </Or>

        </Expression>

      </And>

    </RepeatedExpression>

    <Consolidator>

      <ConsolidationProperties/>

      <TimeControl>

        <WithinTimeSchedule>

          <Interval>21600</Interval>

        </WithinTimeSchedule>

      </TimeControl>

      <CountingCondition>

        <Count>10</Count>

        <CountMode>OnNewItemTestOutputRestart_OnTimerRestart</CountMode>

      </CountingCondition>

    </Consolidator>

    <TimerWaitInSeconds>21600</TimerWaitInSeconds>

  </Configuration>

</UnitMonitor>