Update May 31, 2011 – Version 220.127.116.11 now available for download.
Over 250 downloads of previously published versions.
The SQL Server DB Mirroring Management Pack discovers database mirroring components and […]
Update August 12, 2014 – Version 18.104.22.168 now available for download.
Compatible with SCOM 2012 and SCOM 2012 R2 only.
NOTE: This update will only import on SCOM 2012 and later.
PKI Certificates serve to protect web sites by enabling SSL, secure cross-server communication and see many other uses.
The PKI Certificate Verification MP discovers PKI Certificates and Certificate Revocation Lists inside computers’ local certificate stores. It helps preventing service interruptions caused by invalid certificates by alerting when:
– a certificate’s lifetime is about to expire
– a certificate’s lifetime has ended
– a certificate has become invalid because of a different reason
– a CRL has not been updated in a timely manner
The MP contains a full set of inventory reports to help you audit certificates. The included guide contains detailed instructions on how to configure the MP. Click the Download links at bottom to download the management pack archive.
The PKI Certificate Verification MP was a jointly developed by Raphael Burri, Pete Zerger and Jaime Correia, specifically for release on the SystemCenterCentral.com site.
An article on MP authoring by the same authors uses the PKI Certificate Verification MP as a sample to explain the concepts and procedures of writing a Management Pack. It is available on the site at the link below
Changes between 22.214.171.124 (April 2014) and 126.96.36.199 (August 2014)
Discovery Filter with include and exclude regular expression on certificate subject as well as on certificate and CRL issuer.
Discovery Filter on “Ehanced Key Usage”. By default the MP does no longer discover MS Network Access Protection certificates (napHealthyOid and napUnhealthyOid). Other OIDs may be excluded as well.
PowerShell compatibility monitor got triggered on 2012 (when no PoSh 1.0 key existed).
Using 1st certificate SAN as subject in case the subject is empty (not defined).
Changes between 188.8.131.52 (March 2012) and 184.108.40.206 (April 2014)
re-written MP, main logic now based on a PowerShell instead of a VB script.
full support for Windows Server 2012 (R2)
dropped SCOM 2007 support (use the legacy version 220.127.116.11 if SCOM 2007 is still a requirement).
support any system locale.
advanced certificate validation overrides.
Changes between 18.104.22.168 (March 2011) and 22.214.171.124 (March 2012)
Corrected a discovery bug that would hit when a server’s locale was non-US and CA certificates were found in the store.
Fixed some spelling issues in display strings
Verified OpsMgr 2012 compatibility
Changes between 126.96.36.1998 (released Jun 17, 2010) and 188.8.131.52
Improved discovery of Issued to and Issued by properties: Will use Subject Alternative Name if certificate doesn’t have a subject and will correctly extract the subject if CN= isn’t encountered on the first line of the subject string.
Additional certificate property: CA Version (based on extension szOID_CERTSRV_CA_VERSION). If this property holds a value, that certificate is a Windows CA one.
Does no longer discover superseded CA certificates. Evaluation is based on the CA Version property. Additional override to change that behavior if required.
Monitors will not mark superseded CA certificates as expired if their discovery is enabled.
Expose script timeout as an overridable parameter
Changed alert priority to ‘Low’.
Broke upgrade path to avoid potential agent stale issues when upgrading from V 184.108.40.2060 or earlier.
Changes between 220.127.116.110 (released April 19, 2010) and 18.104.22.1680
Much more relaxed script timing
cook down safe timing override option
public certificate store data source (to add custom certificate stores)
better compatibility with legacy Operation Systems (2000 & 2003)
introduces a Release Notes document; which is a must read for updates from any previous release to 22.214.171.1248!
Please read the release notes carefully before attempting an upgrade of any previously released version.
The download consists of a zip archive with the management pack, guide, release notes plus examples:
Download: PKI Certificate MP 126.96.36.199 (legacy SCOM 2007). Note that this version is no longer being developed.
Discovery: Windows Media Services Computer Roles and Publishing Points
Compatibility: Windows Server 2003 and Windows Server 2008
Rules and Monitors: Availability and Performance related
Operations Manager ships with various providers that allow populating classes. They allow discovering classes based on the presence of a Windows Service, WMI queries, registry entries or by running a script. […]