rafabu / SCOM-PKICertificateMP

This is for SCOM - System Center Operations Manager: The PKI Certificate Verification MP discovers PKI Certificates and Certificate Revocation Lists inside computers’ local certificate stores. It helps preventing service interruptions caused by invalid certificates by alerting when
GNU Lesser General Public License v3.0
20 stars 11 forks source link

SCOM ALERT FOR MS-ORGANIZATION-P2P-ACCESS PKI CERTIFICATE #32

Open daisysl1981 opened 3 years ago

daisysl1981 commented 3 years ago

I am having the following alerts in SCOM:

PartialChain: A certificate chain could not be built to a trusted root authority.

These alerts are generating from the Certificate validity monitor in the PKI Certificate Validation Management Pack. I opened a case with Microsoft trying to solve this issue but they told me that management pack this is a community written management pack and is not under Microsoft support.

Please I need advise.

Thanks, Daisy

Fursel commented 3 years ago

Hi, just override "Discovery of local computer's certificate store "My / Personal" (registry)" , target Windows Computer and in Issuer Filter - Excluded type "CN=MS-Organization-P2P-Access.*"

cjramseyer commented 3 years ago

That doesn't completely solve the issue. I did exactly that and was still getting alerts for MS certificates.

On July 30, 2021 2:24:40 AM Fursel @.***> wrote:

Hi, just override "Discovery of local computer's certificate store "My / Personal" (registry)" , target Windows Computer and in Issuer Filter - Excluded type "CN=MS-Organization-P2P-Access.* — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.

daisysl1981 commented 3 years ago

Hi, I also did exactly that and was still getting alerts for MS certificates.

2021-08-02_10-53-29

Fursel commented 3 years ago

@daisysl1981 can you paste here screen from discovery ?

daisysl1981 commented 3 years ago

@Fursel, the discovery for certificate store you mean?

2021-08-03_11-32-03

daisysl1981 commented 3 years ago

@Fursel, any other ideas? Thank you, Daisy

Fursel commented 3 years ago

This is my setting which did filter all Azure Certificates - P2P ones(SCOM 2016 , PKI MP 1.4.3.0)

image image