Raphael Burri

  • Update May 31, 2011 – Version now available for download.
    Over 250 downloads of previously published versions.
    The SQL Server DB Mirroring Management Pack discovers database mirroring components and […]

  • Update August 12, 2014 – Version now available for download.
    Compatible with SCOM 2012 and SCOM 2012 R2 only.

    NOTE: This update will only import on SCOM 2012 and later.
    PKI Certificates serve to protect web sites by enabling SSL, secure cross-server communication and see many other uses.

    The PKI Certificate Verification MP discovers PKI Certificates and Certificate Revocation Lists inside computers’ local certificate stores. It helps preventing service interruptions caused by invalid certificates by alerting when: 

    – a certificate’s lifetime is about to expire
    – a certificate’s lifetime has ended
    – a certificate has become invalid because of a different reason
    – a CRL has not been updated in a timely manner

    The MP contains a full set of inventory reports to help you audit certificates. The included guide contains detailed instructions on how to configure the MP. Click the Download links at bottom to download the management pack archive.

    The PKI Certificate Verification MP was a jointly developed by Raphael Burri, Pete Zerger and Jaime Correia, specifically for release on the SystemCenterCentral.com site.

    An article on MP authoring by the same authors uses the PKI Certificate Verification MP as a sample to explain the concepts and procedures of writing a Management Pack. It is available on the site at the link below

    MP Creation Zen: Part 1 – Concepts and Application Modeling

    Change History
    Changes between (April 2014) and (August 2014)

    Discovery Filter with include and exclude regular expression on certificate subject as well as on certificate and CRL issuer.
    Discovery Filter on “Ehanced Key Usage”. By default the MP does no longer discover MS Network Access Protection certificates (napHealthyOid and napUnhealthyOid). Other OIDs may be excluded as well.
    PowerShell compatibility monitor got triggered on 2012 (when no PoSh 1.0 key existed).
    Using 1st certificate SAN as subject in case the subject is empty (not defined).

    Changes between (March 2012) and (April 2014)

     re-written MP, main logic now based on a PowerShell instead of a VB script.
     full support for Windows Server 2012 (R2)
     dropped SCOM 2007 support (use the legacy version if SCOM 2007 is still a requirement).
     support any system locale.
     advanced certificate validation overrides.


    Changes between (March 2011) and (March 2012)

    Corrected a discovery bug that would hit when a server’s locale was non-US and CA certificates were found in the store.
    Fixed some spelling issues in display strings
    Verified OpsMgr 2012 compatibility

    Changes between (released Jun 17, 2010) and

    Improved discovery of Issued to and Issued by properties: Will use Subject Alternative Name if certificate doesn’t have a subject and will correctly extract the subject if CN= isn’t encountered on the first line of the subject string.
    Additional certificate property: CA Version (based on extension szOID_CERTSRV_CA_VERSION). If this property holds a value, that certificate is a Windows CA one.
    Does no longer discover superseded CA certificates. Evaluation is based on the CA Version property. Additional override to change that behavior if required.
    Monitors will not mark superseded CA certificates as expired if their discovery is enabled.
    Expose script timeout as an overridable parameter
    Changed alert priority to ‘Low’.
    Broke upgrade path to avoid potential agent stale issues when upgrading from V or earlier.


    Changes between (released April 19, 2010) and

    Much more relaxed script timing
    cook down safe timing override option
    public certificate store data source (to add custom certificate stores)
    better compatibility with legacy Operation Systems (2000 & 2003)
    introduces a Release Notes document; which is a must read for updates from any previous release to!

    Please read the release notes carefully before attempting an upgrade of any previously released version.

    The download consists of a zip archive with the management pack, guide, release notes plus examples:

    Download: PKI Certificate MP (SCOM 2012)

    SHA-1: 51a71fe9c4fe33864ecc1af9aafc46da22e3c05c

    Download: PKI Certificate MP (legacy SCOM 2007). Note that this version is no longer being developed.

    SHA-1: 1753524A1A969572EFE0EE9E8301C9FECC83B0AF

  • Discovery: Windows Media Services Computer Roles and Publishing Points
    Compatibility: Windows Server 2003 and Windows Server 2008
    Rules and Monitors: Availability and Performance related
    Tasks […]

  • Operations Manager ships with various providers that allow populating classes. They allow discovering classes based on the presence of a Windows Service, WMI queries, registry entries or by running a script. […]