This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
starting from 1st of September 2022, we are experiencing issues with On-Demand Assessments (Active Directory, Azure Active Directory).
File processed.trace.<GUID>.adassessment.assessmenttrace reports this error:
Method=LoadCertificate Message=Certificate has expired or has no valid root. Thumbprint=8740DF4ACB749640AD318E4BE842F72EC651AD80 Subject=CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US ErrorMessage=Chain Status=NotTimeValid ChainStatusInfo=A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Method=Main Message=Unable to load package. PackagePath=C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Resources\62\AzureAssessment.execpkg
Looking at C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Resources\62\AzureAssessment.execpkg, it seems was signed by a certificate expired on 1st of September 2022:
Tasks already performed:
Any advice or recommendation to solve this issue ?
Thank you,
Luca
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
@Anonymous Thank you for reaching out to us. As I understand you are experiencing issues with On-Demand Assessments (Active Directory, Azure Active Directory)
Reviewed the documentation for Active Directory On-Demand Assessment and Azure Active Directory On-Demand Assessment
You need to contact Services Hub and raise a request from this portal https://serviceshub.microsoft.com/gethelp by selecting appropriate option.
Let me know if you have any further questions.
Iam also facing the same issue.
Givary - Please don't redirect us to the generic documentation which is of no use. This issue is due to the certificate expiry, which was used to digitally sign the package.
Could you please let us know how we can get the latest package refreshed?
Thanks
Let me check internally with my team on this issue and will keep you posted.
Hello,
I already know I have to pass through Service Hub to get support about On-Demand Assessments however I'd like to share my experience (in case someone else got the same issue).
However I received a confirmation from Microsoft: "We are experiencing issues with all of our Assessments due to a certificate expiry issue."
Regards,
Luca
@Anonymous Thanks for the update. I have also raised a request as well with Service Hub to investigate this issue further, once I hear from them, will update this post too.
Update: Our team is aware of this issue and fixed the certificate expiry issue mentioned in the query, ETA to roll out the fix is mid of next week.
Apologies for the inconvenience. Let me know if you have any further questions.
Hi Givary-MSFT,
Could you please let us know how to move forward?
Once the fix is released, What is expected from customers to get ODA jobs successful?
Appreciate if you can provide the steps or some directions on how to get this issue resolved.
Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 34%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB2%3C/text%3E%3C/svg%3E)
Hi Shabarinath,
Once the fix has been released, you can force the new files to download by following these steps:
I checked a few minutes ago, the files still have the old digital signature.
Thanks Brian.
Hi Givary-Msft,
Please let us know once the fix is out so that we can try to re-run the jobs.
Thanks
Shaba
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 87%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
Hi Givary-Msft,
We are also facing the same issue where the Ondemand assessment results are not populating on log analytics workspace after 30th of Aug 2022. We are also seeing the same certificate error.
Please let us know once the solution is available, so we can check and confirm.
[20220919_230010] [0001] SironaCore Warning: 6 : [20220919_230010] [0001] Core Advisor(741b5d0d-887e-4e4d-93db-899f61a587e6) Warning: ActivityID=2691a33b-c34f-0000-a57d-9c264fc3d801 Method=LoadCertificate Message=Certificate has expired or has no valid root. Thumbprint=8740DF4ACB749640AD318E4BE842F72EC651AD80 Subject=CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US ErrorMessage=Chain Status=NotTimeValid ChainStatusInfo=A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 12%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Is there an update on this issue? We are seeing the same problem with our environment.
Apologies for the delayed response, as per the last update, fix is in deployment phase and let me check with my team for the ETA.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 14.000000000000002%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Looks like the certificate issue is resolved. My Assessments are now running again.
I followed these steps from above:
Stop Microsoft Monitoring Agent (HealthService) service.
Delete the Health Service State folder. The default location is C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State.
Start the HealthService.
Hello All,
the SSL certificate expiration issue was fixed on 23rd Sept by Microsoft.
Bye,
Luca
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hi,
Thank you for your question and reaching out. My name is Louie and I’d be more than happy to help you with your query.
I understand that you're experiencing issues with On-Demand Assessments.
Kindly get back to us. Also, while waiting, you may access this link to get further information that could help you resolve the concern: https://learn.microsoft.com/en-us/services-hub/health/getting-started-ad
----------------------------------------------------------------------------------------------------------------------------------
If the reply was helpful, please don’t forget to Upvote or Accept as answer. Thank you!
Thank you Luca for confirming.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 4%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
Hello,
i ran into this issue with the AMA On Demand Assessments. Basically all assessments downloaded from the Services Hub to the Data Collector got expired Certificates.
Is there a solution/workaround for this?
Thanks!
