Share via

We have P2P certs on our clients and servers seems to have been deployed via Azure without us intentionally doing anything?. Causing SCOM alerts because issuer not trusted!

ChristianL1980 11 Reputation points
2022-02-15T09:27:58.677+00:00

We have P2P certs on our clients and servers seems to have been deployed via Azure without us intentionally doing anything?.174416-floaybvwyaebghq.png Use case seems to be limited to RDP in same tenant between devices. BUT cert in the AAD Token Issuer folder MS-Organization-P2P-Access [2021] used for issue certs locally not trusted by ROOT CA causing SCOM ALERTS! What is the correct way to solve this? The issuer cert I can read used for self issuing certs locally this is causing issues because the root ca cert not trusted. I can´t find anywhere explaining what to do. please help us solve this as we get lots of SCOM alerts. For now we do not use the RDP using AAD credentials maybe at a later time.

Microsoft Security | Microsoft Entra | Microsoft Entra ID

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator
    2022-02-15T23:17:07.17+00:00

    @ChristianL1980
    Thank you for your detailed post!

    What are the MS-Organization-P2P-Access certificates:

    The MS-Organization-P2P-Access certificates are issued by Azure AD to both, Azure AD joined, and hybrid Azure AD joined devices. These certificates are used to enable trust between devices in the same tenant for remote desktop scenarios. One certificate is issued to the device, and another is issued to the user.

    The device certificate is present in Local Computer\Personal\Certificates and is valid for one day. This certificate is renewed (by issuing a new certificate) if the device is still active in Azure AD. The user certificate is present in Current User\Personal\Certificates and this certificate is also valid for one day, but it is issued on-demand when a user attempts a remote desktop session to another Azure AD joined device. It is not renewed on expiry.

    Both these certificates are issued using the MS-Organization-P2P-Access certificate present in the Local Computer\AAD Token Issuer\Certificates. This certificate is issued by Azure AD during device registration.

    Workaround:
    Because you're receiving SCOM Alerts from the certificates, I found some related threads that might help point you in the right direction. Since the certificate(s) are only valid for one day, one customer found that you should be able to safely skip this error, for more info. While another customer worked directly with our support team and was told "The expiration date of the certificate is 24Hrs, thus, you can safely ignore them", for more info.

    If these workarounds don't work for your environment, or if you'd like our support team to take a closer look into this, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    4 people found this answer helpful.
  2. Marco Botega 5 Reputation points
    2024-12-02T15:04:54.5033333+00:00

    Hello everyone,

    I have these expired certificates from MS-Organization-P2P-Access and I would like to know if I can delete instead of ignore them, can I?

    Thanks,

    1 person found this answer helpful.
  3. Poirier, Steve 10 Reputation points
    2024-11-28T14:34:28.72+00:00

    Is there a way to avoid getting theses certificat or make them trusted as they are now in a mode: This certificat cannot be verified up to a trusted certification authority? It create impacte in our vulnerability KPI.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.