Kerberos certificate binding - Microsoft.Windows.RemoteAccess.2012.Monitor.DA_KERB_HEURISTIC_CERT

Microsoft.Windows.RemoteAccess.2012.Monitor.DA_KERB_HEURISTIC_CERT_BINDING (UnitMonitor)

The certificate binding for HTTPS Port 443 has changed. This certificate is used to authenticate remote clients with Kerberos. Without the correct certificate,
authentication of remote clients connecting via DirectAccess will not work as expected.

Knowledge Base article:

Summary

The certificate binding for HTTPS Port 443 has changed. This certificate is used to authenticate remote clients with Kerberos. Without the correct certificate, authentication of remote clients connecting via DirectAccess will not work as expected.

Causes

The certificate binding has been changed by another process or application.

Resolutions

1. Ensure the certificate binding has not been modified.

2. If you bind port 443 with another certificate for use with a different application, ensure that DirectAccess is configured to use the same certificate binding as that application.

Element properties:

Target

Microsoft.Windows.RemoteAccess.2012.Class.Kerberos

Parent Monitor

System.Health.ConfigurationState

Category

Custom

Enabled

True

Alert Generate

True

Alert Severity

Error

Alert Priority

Normal

Alert Auto Resolve

True

Monitor Type

Microsoft.Windows.RemoteAccess.2012.Monitor.HeuristicMonitorType

Remotable

True

Accessibility

Public

Alert Message

Kerberos cert binding has changed

Error Description - {0}
Error Cause - {1}
Error Resolution - {2}

RunAs

Default

Source Code:

<UnitMonitor ID="Microsoft.Windows.RemoteAccess.2012.Monitor.DA_KERB_HEURISTIC_CERT_BINDING" Accessibility="Public" Enabled="true" Target="Microsoft.Windows.RemoteAccess.2012.Class.Kerberos" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="Microsoft.Windows.RemoteAccess.2012.Monitor.HeuristicMonitorType" ConfirmDelivery="true"> <Category>Custom</Category> <AlertSettings AlertMessage="Microsoft.Windows.RemoteAccess.2012.Monitor.DA_KERB_HEURISTIC_CERT_BINDING_AlertMessageResourceID"> <AlertOnState>Warning</AlertOnState> <AutoResolve>true</AutoResolve> <AlertPriority>Normal</AlertPriority> <AlertSeverity>Error</AlertSeverity> <AlertParameters> <AlertParameter1>$Data/Context/DataItem/Property[@Name='ErrorDesc']$</AlertParameter1> <AlertParameter2>$Data/Context/DataItem/Property[@Name='ErrorCause']$</AlertParameter2> <AlertParameter3>$Data/Context/DataItem/Property[@Name='ErrorResolution']$</AlertParameter3> </AlertParameters> </AlertSettings> <OperationalStates> <OperationalState ID="UIGeneratedOpStateId719612dcaee84688b48dd0cda4945ebc" MonitorTypeStateID="Error" HealthState="Error"/> <OperationalState ID="UIGeneratedOpStateIdc8b4f39cb66b40e2b78fc2054637d9f4" MonitorTypeStateID="Warning" HealthState="Warning"/> <OperationalState ID="UIGeneratedOpStateId26967022d57e45dc95caa9dea597b81b" MonitorTypeStateID="Healthy" HealthState="Success"/> </OperationalStates> <Configuration> <Interval>300</Interval> <SyncTime/> <ComponentName>Kerberos</ComponentName> <HeuristicId>2148139013</HeuristicId> </Configuration> </UnitMonitor>