A script based unit monitor that periodically checks the Guarded Fabric's ability to reach the HGS Server.
A script based unit monitor for the Guarded Fabric, denoting if the Fabric could reach the URLs specified in its configuration.
This could be related to a network connectivity issue, or a domain configuration issue.
Auto-resolves when the Guarded Fabric succeeds in pinging the Attestation and Key Protection URLs.
Target | Microsoft.Windows.GuardedFabric.10.0.ComputerRole.GuardedHost | ||
Parent Monitor | System.Health.AvailabilityState | ||
Category | AvailabilityHealth | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | MatchMonitorHealth | ||
Alert Priority | High | ||
Alert Auto Resolve | True | ||
Monitor Type | Microsoft.Windows.TimedScript.TwoStateMonitorType | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Default |
<UnitMonitor ID="Microsoft.Windows.GuardedFabric.10.0.GuardedHostConnectionMonitor" Accessibility="Public" Enabled="true" Target="HGSDL!Microsoft.Windows.GuardedFabric.10.0.ComputerRole.GuardedHost" ParentMonitorID="Health!System.Health.AvailabilityState" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.TimedScript.TwoStateMonitorType" ConfirmDelivery="false">
<Category>AvailabilityHealth</Category>
<AlertSettings AlertMessage="Microsoft.Windows.GuardedFabric.10.0.GuardedHostConnectionMonitor.AlertMessage">
<AlertOnState>Error</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>High</AlertPriority>
<AlertSeverity>MatchMonitorHealth</AlertSeverity>
</AlertSettings>
<OperationalStates>
<OperationalState ID="Error" MonitorTypeStateID="Error" HealthState="Error"/>
<OperationalState ID="Success" MonitorTypeStateID="Success" HealthState="Success"/>
</OperationalStates>
<Configuration>
<IntervalSeconds>3600</IntervalSeconds>
<SyncTime/>
<ScriptName>ClientConnectionMonitor.ps1</ScriptName>
<Arguments/>
<ScriptBody> param ()
$testSuccess = $true
# Get current information about HgsClient
$info = Get-HgsClientConfiguration
$api = New-Object -ComObject 'MOM.ScriptAPI'
$bag = $api.CreatePropertyBag()
if($info.Mode.ToString() -ieq "HostGuardianService")
{
$kdsURL = $info.KeyProtectionServerUrl -replace "http://", ""
$kdsURL = $kdsURL -replace "/KeyProtection", ""
# And in the case of https
$kdsURL = $kdsURL -replace "https://", ""
#do the same for the Attestation URL
$attestationURL = $info.AttestationServerUrl -replace "http://", ""
$attestationURL = $attestationURL -replace "/KeyProtection", ""
# And in the case of https
$attestationURL = $attestationURL -replace "https://", ""
try
{
Test-Connection -ComputerName $kdsURL -ErrorAction Stop
Test-Connection -ComputerName $attestationURL -ErrorAction Stop
}
catch [Exception]
{
$testSuccess = $false
$bag.AddValue("Result",$false)
}
if($testSuccess)
{
$bag.AddValue("Result",$true)
}
}
else
{
$bag.AddValue("Result", $true)
}
$bag </ScriptBody>
<TimeoutSeconds>120</TimeoutSeconds>
<ErrorExpression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="Boolean">Property[@Name='Result']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="Boolean">false</Value>
</ValueExpression>
</SimpleExpression>
</ErrorExpression>
<SuccessExpression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="Boolean">Property[@Name='Result']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="Boolean">true</Value>
</ValueExpression>
</SimpleExpression>
</SuccessExpression>
</Configuration>
</UnitMonitor>