This is for SCOM - System Center Operations Manager: The PKI Certificate Verification MP discovers PKI Certificates and Certificate Revocation Lists inside computers’ local certificate stores. It helps preventing service interruptions caused by invalid certificates by alerting when
GNU Lesser General Public License v3.0
20
stars
11
forks
source link
Certificates not discovered due to amount over 1000 #37
On 1 server which houses over 1200 certificates in the personal store the certificates are not discovered.
I have reason to believe this is due to the high amount of certificates.
To determine this i made a copy of the discovery in a separate MP and changed the power shell command that gets the certificates to have a limit.
By increasing the limit i found out that certificates stopped being discovered when the amount reaches the 1000.
By changing the order of the power shell output i think I've eliminated the possibility that one specific certificate is the issue.
Getting the first 900 or last 900 certificates both work fine with that method.
The agent, gateway and managementserver don't show any errors in the eventlog so you would think it's not the size of the property bag since I'm used to getting events/alerts when it's to big.
The discovery runs in debug mode and it creates an 114 event for exact every certificate that needs to be discovered.
The overview event 112 also shows exactly what you expect: N° of certs: 1092 of 1225
On 1 server which houses over 1200 certificates in the personal store the certificates are not discovered. I have reason to believe this is due to the high amount of certificates. To determine this i made a copy of the discovery in a separate MP and changed the power shell command that gets the certificates to have a limit. By increasing the limit i found out that certificates stopped being discovered when the amount reaches the 1000. By changing the order of the power shell output i think I've eliminated the possibility that one specific certificate is the issue. Getting the first 900 or last 900 certificates both work fine with that method.
The agent, gateway and managementserver don't show any errors in the eventlog so you would think it's not the size of the property bag since I'm used to getting events/alerts when it's to big.
The discovery runs in debug mode and it creates an 114 event for exact every certificate that needs to be discovered. The overview event 112 also shows exactly what you expect: N° of certs: 1092 of 1225