on 5/6/2010 10:47:31 AM
Excellent MP! This has solved a long-standing request for us by our web team. Everyone is extremely happy with what we have seen so far in this pack.



I do have one question, though. Was there any specific reason for having the default certificate and CRL discoveries hard coded to run once every 3456 seconds, but not be able to override it? We tend to set most discoveries to around once a day or more as we have a fairly large environment, but these discoveries don't give that option. The discovery for the personal certificate STORE allows us to override it (although it's value of 86310 is just fine where it is), but the cert and CLR discoveries do not. I know that we can technically just create new 'mirrored' discoveries in the override pack to set different times, but I was wondering if there was some other logic in using these particular times or if you had any plans of updating the pack to allow for these overrides.





Thanks!



Larry

on 5/6/2010 11:49:07 AM
@ Ruben: Unfortunately that would require a totally different MP and unfortunately I don't think that I will find the time to write one for *ix platform soon. Besides my knowledge about certificate use on there is very limited.



@ Mutino: If you can send me the output of the certutil.exe command for the store in question I'll check what is going on:

certutil.exe -v -verifystore [store key name]

And please let me know what locale settings you have on that server. My email: raburri [at] bluewin [dot] ch



@ Larry: Very good question. In this MP, all monitors and discoveries for certificates and CRLs use the same probe action: CertUtil output probe (VBScript). By means of cookdown all these are fed upon a single run of the script. If the frequency was overridable you'd have to make sure that you changed it to the same value for all three discoveries and four monitors. So I left the override out beacuse I feared that people would inadvertedly break cookdown. That was the idea anyhow - it turned out that the discoveries and monitors run on two different intervals (one for all discoveries and one for all monitors). If you send me your email address, we can have an offline talk about how to improve this for the next update.

on 6/1/2010 4:21:49 AM
Hi Raphael,



we are trying to understand why the view "Certificate stores availability" include "not monitored" personal computer certificate store.

After some tests we realized that we have 2 different scenarios:

1. Servers with no certificates in computer personal store. (Event 3001 is logged in OpsMgr event log)

2. Servers with self-signed certificates.



Is this behavior is by design?



The MP solved us a lot of trouble in monitoring the expiration of certificates.



Thanks you.

on 6/1/2010 2:19:05 PM
Hi Kobile

Your observation is absolutely correct. The MP will discover certificate stores - but only if the next step also discovers certificates (or CRLs) in them will you see those stores in anything other that 'Not Monitored' state. The reason for this is that the only monitors targeted at certificate stores are roll up ones. They don't initialize unless child objects (certificates) are present.

By coincidence: The next update to the MP (which I'll release hopefully in the next few days) will explain exactly that situation in the release notes.

on 6/18/2010 4:31:47 AM
how can i download the MP? i´m always asked to accept the licence, but how can i accept the licence??

on 6/18/2010 5:50:20 AM
Thanks a lot !

on 6/18/2010 6:34:09 AM
Hi, download function is not working.



Please help!



Cheers.

on 6/18/2010 6:39:34 AM
Download are not working!!!

on 6/26/2010 5:07:49 AM
Sorry for the late reply ; I've been on vacation. Just checked the download and it seems to be working all right.

Download is only working for registered users (registration is free).

On my IE8 I also needed to scroll back up to accept the terms of use after clicking on 'Download' before the file transfer was starting. A bit confusing...

on 8/31/2010 4:50:49 AM
I have installed the MP and set up overrides for the Personal Computer Certificate Store & CRL Roll Up for the Object Discovery with a class of Windows Computer. I followed the MP guide however the monitors in Health explorer do not have the green tick indicating that they are monitored but the monitor's properties indicate that it is enabled. Have I missed a step?