Home
  •  

Web.config file unencrypted sections in SQL Server Resource Provider

WindowsAzurePack.Monitor.WebConfigEncrypt.ResourceProvider.SqlServers (UnitMonitor)

Error, Web.config file has unencrypted sections, this sections contain secrets that must be protected.

Knowledge Base article:

Summary

Monitors whether the Web.config file of the Windows Azure Pack site is encrypted or not. If it is not encrypted it generates the corresponding alert. The monitoring test is done periodically by running Test-MgmtSvcProtectedConfiguration.

Causes

If this monitor is in error, then the Web Site's web.config file is not encrypted and its secrets are at risk.

Resolution

Run the PowerShell Cmdlet Protect-MgmtSvcConfiguration on the target machine. Find all the information about this command and examples here: http://technet.microsoft.com/en-us/library/dn520965(v=sc.20).aspx.

Configuration

For this monitor to work correctly, it must be allowed to run the Test-MgmtSvcProtectedConfiguration PowerShell Cmdlet on the target machine. It runs in the local SCOM Agent

Option

Definition

Default

Alert On State

Health state for the monitor that generates an alert.

The monitor is in a critical health state

Alert Priority

Priority of the alert generated for this monitor.

High

Alert Severity

Priority of the alert generated for this monitor.

Critical

Auto-Resolve Alert

Specifies whether the alert should automatically be resolved when the monitor returns to a healthy state.

True

Enabled

Specifies whether the monitor should run.

True

Generates Alert

Specifies whether the monitor should generate an alert when changing to a warning or critical state.

True

Interval

Number of minutes between times that the monitor is run.

120

Element properties:

TargetWindowsAzurePack.ResourceProvider.SqlServers
Parent MonitorSystem.Health.ConfigurationState
CategoryConfigurationHealth
EnabledTrue
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeWindowsAzurePack.MonitorType.WebConfigEncrypt.WAP
RemotableTrue
AccessibilityPublic
Alert Message
A site with the Web.config file unencrypted
Error, the site's Web.config file has unencrypted sections, this sections contain secrets that must be protected.
RunAsDefault

Source Code:

<UnitMonitor ID="WindowsAzurePack.Monitor.WebConfigEncrypt.ResourceProvider.SqlServers" Accessibility="Public" Enabled="true" Target="WindowsAzurePack.ResourceProvider.SqlServers" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="WindowsAzurePack.MonitorType.WebConfigEncrypt.WAP" ConfirmDelivery="false">

  <Category>ConfigurationHealth</Category>

  <AlertSettings AlertMessage="WindowsAzurePack.Monitor.WebConfigEncrypt.AlertMessage.WAP">

    <AlertOnState>Error</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>Error</AlertSeverity>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="Success" MonitorTypeStateID="Success" HealthState="Success"/>

    <OperationalState ID="Failure" MonitorTypeStateID="Failure" HealthState="Error"/>

  </OperationalStates>

  <Configuration>

    <IntervalSeconds>7200</IntervalSeconds>

    <SyncTime/>

    <WAPService>$Target/Property[Type="WindowsAzurePack.ResourceProvider.SqlServers"]/WAPService$</WAPService>

  </Configuration>

</UnitMonitor>