Home
  •  

设备管理的证书吊销监视器

Microsoft.SystemCenter2012.ConfigurationManager.EnrollmentPoint.CertificateRevokeMonitor (UnitMonitor)

此监视器检查站点服务器是否能够成功撤消设备管理证书。

Knowledge Base article:

摘要

当注册点无法撤消证书时,此“撤消证书失败检测规则”将会检测失败。

原因

注册点无法撤消最近删除或擦除的移动设备的证书。

未设置 AMT 客户端时,注册点无法撤消这些客户端的证书。

解决方法

确保发放证书的证书颁发机构 (CA) 正在运行,并且注册点计算机可以与其取得联系。

验证注册点计算机是否具有该特定证书颁发机构的管理权限。

Element properties:

TargetMicrosoft.SystemCenter2012.ConfigurationManager.EnrollmentPoint
Parent MonitorMicrosoft.SystemCenter2012.ConfigurationManager.RoleAggregateMonitor
CategoryCustom
EnabledTrue
Alert GenerateTrue
Alert SeverityMatchMonitorHealth
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.SystemCenter2012.ConfigurationManager.StatusMessage2StateMonitor
RemotableTrue
AccessibilityPublic
Alert Message
无法吊销设备管理证书
注册点无法吊销证书。
RunAsDefault
CommentSIV:DM0001

Source Code:

<UnitMonitor ID="Microsoft.SystemCenter2012.ConfigurationManager.EnrollmentPoint.CertificateRevokeMonitor" Comment="SIV:DM0001" Accessibility="Public" Enabled="onEssentialMonitoring" Target="SCCM!Microsoft.SystemCenter2012.ConfigurationManager.EnrollmentPoint" ParentMonitorID="Microsoft.SystemCenter2012.ConfigurationManager.RoleAggregateMonitor" Remotable="true" Priority="Normal" TypeID="Microsoft.SystemCenter2012.ConfigurationManager.StatusMessage2StateMonitor" ConfirmDelivery="true">

  <Category>Custom</Category>

  <AlertSettings AlertMessage="Microsoft.SystemCenter2012.ConfigurationManager.EnrollmentPoint.CertificateRevokeMonitor_AlertMessageResourceID">

    <AlertOnState>Error</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>MatchMonitorHealth</AlertSeverity>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="UIGeneratedOpStateId91592d2972354917b61d24a265067537" MonitorTypeStateID="Good" HealthState="Success"/>

    <OperationalState ID="UIGeneratedOpStateId6b9a5aabcc7d4bafa8325841e3386218" MonitorTypeStateID="Error" HealthState="Error"/>

  </OperationalStates>

  <Configuration>

    <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$</ComputerName>

    <ComponentName>SMS_ENROLL_SERVER</ComponentName>

    <RuleId>61D52663-EA15-45A2-A63F-6870433E4CBE</RuleId>

    <IntervalSeconds>360</IntervalSeconds>

  </Configuration>

</UnitMonitor>