This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 31%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAT%3C/text%3E%3C/svg%3E)
Hi Team,
Hope you are doing good.
We have imported the Microsoft Certificate MP in SCOM 2019 and we were getting expiring certificate alerts. But all of a sudden we are now not getting any alerts related to expiring certificates. What may be the cause of the issue and could you please help us to resolve the issue.
Thanks in Advance,
Aswin
Hi Aswin,
first you need to make sure that discoveries, which discover all certificate objects are really doing their job. Do you see the discovered certificates when you navigate to the Monitoring Section and then to "discovered inventory"? You need to choose the certificate class and make sure you see all the certificatess there?
Another point: The MP works with RegEx exclusions...Could it be that you have configured the wrong RegEx and as such have disabled the monitrong? This sounds also like a possible cause.
Have you done any overrides that might cause this?
Please post a couple of Screenshots from the config pane (you can hide all sensitive details), so that we can get the bigger pciture?
Also: did you check for MP related events in the Operations Manager Event Log on Your management Servers?
Please let me know how it looks.
Regards,
Stoyan
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 92%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXM%3C/text%3E%3C/svg%3E)
Hello Aswin Thomas,
I understand the issue you're facing. If you were previously receiving expiring certificate alerts in SCOM 2019 and suddenly stopped getting them, there could be several reasons behind it. Let's go through some potential causes and troubleshooting steps to resolve the issue:
Certificate Monitoring Configuration: Verify that the certificate monitoring configuration in SCOM is still set up correctly. Check if the certificate management pack is still imported and enabled. Also, make sure the certificate discovery and monitoring rules are active.
SCOM Agent Health: Ensure that the SCOM agents on the monitored servers are healthy and communicating properly with the SCOM management server. If the agents are not functioning correctly, they may not be able to send the certificate-related data to SCOM, leading to the lack of alerts.
Certificate Discovery: Double-check the certificate discovery process. If the certificates are not being discovered by SCOM, then the monitoring pack won't generate any alerts. You may need to review the discovery configurations to ensure they are accurate.
Certificate Expiry Threshold: Verify the threshold for triggering expiring certificate alerts. It is possible that the threshold was changed, and the certificates that were previously alerting are now within the new threshold range.
Event Log Errors: Check the SCOM event logs for any errors or warnings related to certificate monitoring. Look for specific error codes or messages that might give you more insights into the problem.
SCOM Management Pack Updates: If there were any updates or changes to the SCOM management packs, it could have affected the behavior of certificate monitoring. Review the release notes or documentation for any relevant updates.
Certificate Changes: Check if there have been any changes in the certificate infrastructure or if certificates have been renewed or reissued. If certificates have been replaced, the old ones may no longer be monitored.
SCOM Notifications: Review the SCOM notification settings to ensure that the alerts are being sent to the appropriate channels (e.g., email, SMS, etc.).
Monitoring Service Account Permissions: Ensure that the account used for certificate monitoring in SCOM has the necessary permissions to access the certificate information on the monitored servers.
SCOM Health Check: Perform a general health check of your SCOM environment to identify any potential issues that might be affecting the certificate monitoring functionality.
By investigating the points mentioned above, you should be able to narrow down the cause of the issue and take the necessary steps to resolve it.
Hi Thomas
Any updates in this case? i think we are facing in similar problems. it seems that SCOM does not refresh the discovery of certificates / not alerting anymore for expired certificates.