Not Getting Expiring certificates alerts

Aswin Thomas(UST,IN) 426 Reputation points
2023-07-27T06:40:33.2933333+00:00

Hi Team,

Hope you are doing good.

We have imported the Microsoft Certificate MP in SCOM 2019 and we were getting expiring certificate alerts. But all of a sudden we are now not getting any alerts related to expiring certificates. What may be the cause of the issue and could you please help us to resolve the issue.

Thanks in Advance,

Aswin

Operations Manager
Operations Manager
A family of System Center products that provide infrastructure monitoring, help ensure the predictable performance and availability of vital applications, and offer comprehensive monitoring for datacenters and cloud, both private and public.
1,505 questions
{count} votes

2 answers

Sort by: Most helpful
  1. XinGuo-MSFT 19,696 Reputation points
    2023-07-28T02:17:49.67+00:00

    Hello Aswin Thomas,

    I understand the issue you're facing. If you were previously receiving expiring certificate alerts in SCOM 2019 and suddenly stopped getting them, there could be several reasons behind it. Let's go through some potential causes and troubleshooting steps to resolve the issue:

    Certificate Monitoring Configuration: Verify that the certificate monitoring configuration in SCOM is still set up correctly. Check if the certificate management pack is still imported and enabled. Also, make sure the certificate discovery and monitoring rules are active.

    SCOM Agent Health: Ensure that the SCOM agents on the monitored servers are healthy and communicating properly with the SCOM management server. If the agents are not functioning correctly, they may not be able to send the certificate-related data to SCOM, leading to the lack of alerts.

    Certificate Discovery: Double-check the certificate discovery process. If the certificates are not being discovered by SCOM, then the monitoring pack won't generate any alerts. You may need to review the discovery configurations to ensure they are accurate.

    Certificate Expiry Threshold: Verify the threshold for triggering expiring certificate alerts. It is possible that the threshold was changed, and the certificates that were previously alerting are now within the new threshold range.

    Event Log Errors: Check the SCOM event logs for any errors or warnings related to certificate monitoring. Look for specific error codes or messages that might give you more insights into the problem.

    SCOM Management Pack Updates: If there were any updates or changes to the SCOM management packs, it could have affected the behavior of certificate monitoring. Review the release notes or documentation for any relevant updates.

    Certificate Changes: Check if there have been any changes in the certificate infrastructure or if certificates have been renewed or reissued. If certificates have been replaced, the old ones may no longer be monitored.

    SCOM Notifications: Review the SCOM notification settings to ensure that the alerts are being sent to the appropriate channels (e.g., email, SMS, etc.).

    Monitoring Service Account Permissions: Ensure that the account used for certificate monitoring in SCOM has the necessary permissions to access the certificate information on the monitored servers.

    SCOM Health Check: Perform a general health check of your SCOM environment to identify any potential issues that might be affecting the certificate monitoring functionality.

    By investigating the points mentioned above, you should be able to narrow down the cause of the issue and take the necessary steps to resolve it.

    0 comments No comments

  2. Sandro D'Incà 226 Reputation points
    2023-10-17T12:16:10.78+00:00

    Hi Thomas

    Any updates in this case? i think we are facing in similar problems. it seems that SCOM does not refresh the discovery of certificates / not alerting anymore for expired certificates.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.