Home
  •  

Otp Certificate template configuration

Microsoft.Windows.RemoteAccess.2012.R2.Monitor.DA_OTP_HEURISTIC_CERT_TEMPLATE_BAD (UnitMonitor)

Knowledge Base article:

Summary

Certificate template used for OTP authentication is configured incorrectly.

Causes

1. The Remote Access server does not have the required permissions to enroll the certificate template.

2. The DirectAccess user does not have the required read permissions for the certificate template.

3. The certificate template is not suitable for issuing OTP certificates. Possible causes:

a. Enhanced key usage is not smart card logon.

b. Key usage is not digital signature.

c. Validity period exceeds four hours.

d. Subject name is not set to be supplied in the request.

4. The certificate template is misconfigured.

5. Certificate template is not enabled on one or more CA servers.

Resolutions

1. Ensure that Remote Access server has read and enrollment permissions for the certificate template.

2. Ensure that DirectAccess users have read permissions for the certificate template

3. Ensure that the certificate template name is configured correctly in the Remote Access Setup Wizard.

4. Check that the certificate template is enabled on all CA servers used for OTP authentication.

Element properties:

TargetMicrosoft.Windows.RemoteAccess.2012.R2.Class.Otp
Parent MonitorSystem.Health.ConfigurationState
CategoryCustom
EnabledTrue
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.Windows.RemoteAccess.2012.R2.Monitor.HeuristicMonitorType
RemotableTrue
AccessibilityPublic
Alert Message
Certificate template misconfiguration

Error Description - {0}
Error Cause - {1}
Error Resolution - {2}
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.Windows.RemoteAccess.2012.R2.Monitor.DA_OTP_HEURISTIC_CERT_TEMPLATE_BAD" Accessibility="Public" Enabled="true" Target="Microsoft.Windows.RemoteAccess.2012.R2.Class.Otp" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="Microsoft.Windows.RemoteAccess.2012.R2.Monitor.HeuristicMonitorType" ConfirmDelivery="true">

  <Category>Custom</Category>

  <AlertSettings AlertMessage="Microsoft.Windows.RemoteAccess.2012.R2.Monitor.DA_OTP_HEURISTIC_CERT_TEMPLATE_BAD_AlertMessageResourceID">

    <AlertOnState>Warning</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>Error</AlertSeverity>

    <AlertParameters>

      <AlertParameter1>$Data/Context/DataItem/Property[@Name='ErrorDesc']$</AlertParameter1>

      <AlertParameter2>$Data/Context/DataItem/Property[@Name='ErrorCause']$</AlertParameter2>

      <AlertParameter3>$Data/Context/DataItem/Property[@Name='ErrorResolution']$</AlertParameter3>

    </AlertParameters>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="UIGeneratedOpStateId41208f9817554bb1968828aa1d4310f2" MonitorTypeStateID="Error" HealthState="Error"/>

    <OperationalState ID="UIGeneratedOpStateId40b1b5eb3bec4ac4b4a46b9433e1482e" MonitorTypeStateID="Warning" HealthState="Warning"/>

    <OperationalState ID="UIGeneratedOpStateId8dde5217d7774cfb8b9acbd14a4e9116" MonitorTypeStateID="Healthy" HealthState="Success"/>

  </OperationalStates>

  <Configuration>

    <Interval>300</Interval>

    <SyncTime/>

    <ComponentName>Otp</ComponentName>

    <HeuristicId>2148466696</HeuristicId>

  </Configuration>

</UnitMonitor>