rafabu / SCOM-PKICertificateMP

This is for SCOM - System Center Operations Manager: The PKI Certificate Verification MP discovers PKI Certificates and Certificate Revocation Lists inside computers’ local certificate stores. It helps preventing service interruptions caused by invalid certificates by alerting when
GNU Lesser General Public License v3.0
20 stars 11 forks source link

CLR Discovery throwing errors in Windows 2016 and 2019 servers #34

Open Andy-C-NZ opened 3 years ago

Andy-C-NZ commented 3 years ago

Hi There

We are getting the same message across the fleet of boxes. Error 4509

The constructor for the managed module type "Microsoft.EnterpriseManagement.Modules.PowerShell.PowerShellProbeActionModule" threw an exception. This module was running in rule "SystemCenterCentral.Utilities.Certificates.LocalScriptProbe.CRL.Discovery" running for instance "Trusted Root Certification Authorities Computer Certificate Store" with id:"{F7060244-F75B-1EA6-9890-2A2C274966CA}" in management group "XXXXXX".

The exception text is: Microsoft.EnterpriseManagement.HealthService.ModuleException: Failed to parse module configuration, please see inner exception for details. ---> System.Xml.XmlException: 'EndElement' is an invalid XmlNodeType. Line 1124, position 862. at System.Xml.XmlReader.ReadElementString(String name) at Microsoft.EnterpriseManagement.Modules.PowerShell.PowerShellProbeActionModule.ReadParametersXml(XmlReader reader) at Microsoft.EnterpriseManagement.Modules.PowerShell.PowerShellProbeActionModule..ctor(ModuleHost1 moduleHost, XmlReader configuration, Byte[] previousState) --- End of inner exception stack trace --- at Microsoft.EnterpriseManagement.Modules.PowerShell.PowerShellProbeActionModule..ctor(ModuleHost1 moduleHost, XmlReader configuration, Byte[] previousState)

Its always for "SystemCenterCentral.Utilities.Certificates.LocalScriptProbe.CRL.Discovery" but the Instances change

Trusted Root Certification Authorities Computer Certificate Store , Line 862 Enterprise Trust Computer Certificate Store , line 863 Personal Computer Certificate Store line 900 Intermediate Certification Authorities Computer Certificate Store line 860

Capture

quilter-MattCreighton commented 2 years ago

Same issue for me, did you find a way to get it working?

dgshipman commented 2 years ago

Hi, I'm also seeing the same issue. Had been trying to get CRL monitoring working for my Issuing CA (in order to alert on the offline root CRL validity in particular). Same error message & I've been unable to find a solution. Has anyone else been successful in getting this working?

krajster commented 1 year ago

Hi, I read great article about issue Powershell module doesn’t obey optional parameters.