locked
SCOM 2012 - Certificates Expiry Monitoring RRS feed

  • Question

  • Hi

    We have SCOM 2012 SP1 and need to monitor the expiry of the Server certificates. We have downloaded a MP from the below link and imported them successfully. Followed the instructions. Used the SCOM Action account (with admin Privileges) in Run As Profile and made sure all the privileges are there. 

    Still, it does not show up any of the servers under the Monitoring as shown below either under valid or expiry or about to expire categories. Please advise, what is missing here or is there any other better way to monitor the expiry of the certificates?


    Thanks & regards, Naren.

    Sunday, September 13, 2015 11:57 AM

Answers

  • Hi Naren,

    Here's what I did:

    From Authoring menu:

    1. Expand "Management Pack Objects", select Object Discoveries.
    2. Search for "PKI".
    3. Under "Discovered Type: Certificate Store"  locate "Discovery of local computer's personal certificate store (registry)"
    4. Right click, Overrides, Override the Object Discovery, (target your override as you desire. Since I only monitor servers I set it for the health class)

    This should allow the MP to discover the personal certificate container. If you want to monitor the root certificates, repeat with the "discover root certificates (locally)"  or any of the targets that are not enabled by default, all I was interested in monitoring were the personal certs.

    F1JD

    • Proposed as answer by Elton_Ji Tuesday, October 13, 2015 2:09 AM
    • Marked as answer by NarenSV Thursday, October 15, 2015 3:58 PM
    Thursday, October 8, 2015 11:17 AM

All replies

  • Hi

    I don't see a link but you are probably best going back to the site where the MP was obtained from and asking them there.

    Regards

    Graham


    http://blogs.technet.com/b/manageabilityguys/

    Tuesday, September 15, 2015 2:41 PM
  • Hi Graham,

    It seems I missed to paste the link. Here it is:

    http://www.systemcentercentral.com/pack-catalog/pki-certificate-verification-mp/

    Please go through the link and provide an update. I will also try to check from the same place where I had downloaded. But still request you to provide inputs, if you have any idea.


    Thanks & regards, Naren.

    Tuesday, September 15, 2015 4:14 PM
  • Hi Graham,

    I posted my issue the above mentioned link (systemcentercentral.com), but did not get any response. Any idea, to get an answer to my query on that site, where should I post?


    Thanks & regards, Naren.

    Tuesday, September 22, 2015 10:57 AM
  • As far as I can remember, you need to override the Discoveries to targets you want to monitor.
    Tuesday, September 22, 2015 12:53 PM
  • Hello,

    And after enabling the discovery override I think the discovery runs every 12 hours, I had enabled the discovery one day before going home and they were in the monitor the next morning.

    F1

    • Proposed as answer by Elton_Ji Wednesday, October 7, 2015 9:04 AM
    • Unproposed as answer by Elton_Ji Wednesday, October 7, 2015 9:04 AM
    Tuesday, September 22, 2015 1:44 PM
  • Hi Michael, 

    Can you please provide the steps, how to override the discoveries to Targets we want to monitor?


    Thanks & regards, Naren.

    Thursday, October 8, 2015 8:15 AM
  • Hi Naren,

    Here's what I did:

    From Authoring menu:

    1. Expand "Management Pack Objects", select Object Discoveries.
    2. Search for "PKI".
    3. Under "Discovered Type: Certificate Store"  locate "Discovery of local computer's personal certificate store (registry)"
    4. Right click, Overrides, Override the Object Discovery, (target your override as you desire. Since I only monitor servers I set it for the health class)

    This should allow the MP to discover the personal certificate container. If you want to monitor the root certificates, repeat with the "discover root certificates (locally)"  or any of the targets that are not enabled by default, all I was interested in monitoring were the personal certs.

    F1JD

    • Proposed as answer by Elton_Ji Tuesday, October 13, 2015 2:09 AM
    • Marked as answer by NarenSV Thursday, October 15, 2015 3:58 PM
    Thursday, October 8, 2015 11:17 AM
  • Hi F1JD,

    I could see the valid certificates Under the Monitoring, but it shows only SCOM servers. We would like to see the other servers which are also having certificates. Please advise


    Thanks & regards, Naren.

    Wednesday, November 4, 2015 7:38 AM
  • Check your override scope. Make sure you set it to the right class. I find that going to « discovered inventory » and looking for the class will show you which instances are targeted.
    Sunday, October 22, 2017 2:13 AM