Windows Fabric Certificate Health Probe Action
WinFabCertHealthProbeAction (ProbeActionModuleType)
Windows Fabric certificate health probe action
Element properties:
Member Modules:
Source Code:
<ProbeActionModuleType ID="WinFabCertHealthProbeAction" Accessibility="Internal" Batching="false" PassThrough="false">
<Configuration>
<xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" minOccurs="1" name="ExpiryWarningDays" type="xsd:double"/>
</Configuration>
<ModuleImplementation Isolation="Any">
<Composite>
<MemberModules>
<ProbeAction ID="WinFabCertHealthScript" TypeID="Windows!Microsoft.Windows.PowerShellPropertyBagProbe">
<ScriptName>WinFabCertHealthScript.ps1</ScriptName>
<ScriptBody><Script>param([string]$scriptName, [double]$expiryWarningDays)
$global:key = "HKLM:\SOFTWARE\MICROSOFT\SDNMonitoringMP\"
$global:NCNodeNamesKey = "NCNodeNames"
$api = new-object -comObject 'MOM.ScriptAPI'
$logId = 5001
$computers = ((Get-ItemProperty -Path $global:key).$global:NCNodeNamesKey ) -split ','
foreach ( $computerName in $computers ) {
$bag = $api.CreatePropertyBag()
$bag.AddValue("Name", $computerName)
$health = 'Good'
$errorId = ""
# get the winFab certificate thumbprint for the current node
$psSession = New-PSSession -ComputerName $computerName
$winFabCert=Invoke-Command -Session $psSession -ScriptBlock {$currentNode=(Get-NetworkControllerNode)[0]; $currentNode.NodeCertificate}
$winFabCertThumbprint = $winFabCert.Thumbprint
$winFabCertName = $winFabCert.Subject
# if it is null, we will just return healthy for this monitor. Some other monitor (winFab health / ping) will prob show red
if($winFabCert -ne $null)
{
$bag.AddValue('remainDays',$expiryWarningDays)
#check that the actual certificate is in the cert store
$certsInStore = Invoke-Command -Session $psSession -ScriptBlock {param($thumbprint) dir Cert:\LocalMachine\My | Where-Object {$_.Thumbprint -eq $thumbprint}} -ArgumentList $winFabCertThumbprint
if($certsInStore -eq $null -or $certsInStore.count -eq 0)
{
$api.LogScriptEvent($scriptName,$logId,1,$computerName + ": Cert not found in store");
$errorId = "1"
$health='Bad'
}
else
{
#check its validity dates
$timeNow = Invoke-Command -Session $psSession -ScriptBlock { Get-Date}
$certInStore = $certsInStore[0]
if(($certInStore.NotBefore -gt $timeNow) -or ($certInStore.NotAfter -lt $timeNow))
{
$api.LogScriptEvent($scriptName,$logId,1,$computerName + ": Cert invalid");
$errorId = "2"
$health='Bad'
}
elseif($certInStore.NotAfter -gt $timeNow -and $timeNow.AddDays($expiryWarningDays) -gt $certInStore.NotAfter)
{
$remainDays = New-TimeSpan -Start $timeNow -End $certInStore.NotAfter
$api.LogScriptEvent($scriptName,5004,1,$computerName + ": Cert Going to expire in "+$remainDays+" days");
$errorId = "3"
$bag.AddValue('remainDays',$remainDays)
$health = 'Warning'
}
}
$bag.AddValue('certName',$winFabCertName)
$bag.AddValue('certThumbPrint',$winFabCertThumbprint)
}
$bag.AddValue('Result',$health)
$bag.AddValue('errorId',$errorId)
$bag
}</Script></ScriptBody>
<Parameters>
<Parameter>
<Name>scriptName</Name>
<Value>"WinFabCertHealthScript.ps1"</Value>
</Parameter>
<Parameter>
<Name>expiryWarningDays</Name>
<Value>$Config/ExpiryWarningDays$</Value>
</Parameter>
</Parameters>
<TimeoutSeconds>300</TimeoutSeconds>
</ProbeAction>
</MemberModules>
<Composition>
<Node ID="WinFabCertHealthScript"/>
</Composition>
</Composite>
</ModuleImplementation>
<OutputType>System!System.PropertyBagData</OutputType>
<InputType>System!System.BaseData</InputType>
</ProbeActionModuleType>
Home
Show References: