Alert information not displayed correct in Alert Description

[Fjeldsted]

On both "Certificate lifespan alert" and "Certificate is invalid" I don't get the expected information on the alert. If I open Alert Context, all the info is there..

In my environment I get: Certificate lifespan alert The certificate {0}.

Certificate Subject: {1} Certificate Issuer: {2} Serial number: {3}

Enterpise Template: {4} Enhanced Key Usage List: {5}

Store: {6}{7} Monitoring User: {8}

Chain Time Details: {9}

Certificate is invalid The certificate is not valid. Reason: {0}

Certificate Subject: {1} Certificate Issuer: {2} Serial number: {3}

Enterpise Template: {4} Enhanced Key Usage List: {5}

Store: {6}{7} Monitoring User: {8}

Chain Details: {9}

Alert Context Date and Time: 10-07-2019 19:40:28 Property Name Property Value InstanceType Certificate UserContext NT AUTHORITY\SYSTEM CertVersion 3 CertSerial 513E1893869EB8CF122484771B3CDB82 CertSignatureAlgo md5RSA CertIssuedBy CN=Symantec Root CA, O=Symantec Corporation CertValidFrom 05/01/2001 00:00:00 CertValidTo 04/30/2011 23:59:59 CertIssuedTo CN=Symantec Root CA, O=Symantec Corporation CertPublicKey RSA-PKCS1-KeyEx CertFriendlyName
CertThumbprint 74CDD21C2F1D104F8940DFFE7E6F035756E2F5D0 CertSAN
CertIsCertificateAuthority True CertIsSelfSigned True CertPrivateKey False CertDaysStillValid -2992 CertLifeTimeMessage has expired on 04/30/2011 23:59:59 UTC CertExpiresSoon false CertStatus IsVerified CertStatusIgnoreUntrustedRoot IsVerified CertTimeStatus NotTimeValid: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. CertVerboseStatus
CertVerboseTimeStatus --- Certificate Status --- NotTimeValid: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
CAVersion n/a TemplateName
EnhancedKeyUsageList : all purpose certificate

[shawnzzzy]

I get the same thing on mine. I'm just a beginner with management pack authoring and Github but I was thinking about taking a try and see if it's something i could fix.

[randomnote1]

This is the same as issue #6. There are two parameters in the property bag which do not appear to be populated.

[sbanyas]

We are experiencing the same issue as Fjeldsted.

randomnote1 - if two (2) parameters in the property bag are not getting populated is that "bad" enough to make none of the parameters visible?

Raphael - any ideas on this one?

[Fjeldsted]

randomnote1 - which two parameters in the property bag do not get populated?

[randomnote1]

@sbanyas, I have no idea if that'll make the difference. I attempted to modify and management pack and am awaiting testing results.

@Fjeldsted, according to my notes in issue #6, it looks like TemplateName and CertVerboseTimeStatus. It's been a while since I've looked at this issue.

[rafabu]

There is some life coming back to this as Bob has volunteered to help out on the MP maintenance. The alert parameter replacement issue(s) are high up on the list of things that should be fixed.

[BCornelissen]

RIght, In the past there were some workarounds to some fields which might be empty in the alert parameter replacement. However it looks like the Certificate Template field is now the most common culprit. We have a choice of fixing it through either passing along some content in the discovery (a "n/a" in the field if its empty), or to fix it at the alert end. I prefer to solve it through the discovery if possible. Currently testing that with the suggestions Rafabu made. Currently looking through other fields which might be empty, but seem to not be in the current alert parameters.

[rafabu]

Fixed with v1.4.3.0 https://github.com/rafabu/SCOM-PKICertificateMP/releases/tag/v1.4.3.0

[Fjeldsted]

Hi

A small detail Tag and file say v. v1.4.3.0https://github.com/rafabu/SCOM-PKICertificateMP/tree/v1.4.3.0 But head line say v1.4.2.0 Think it should also say v1.4.3.0

Med venlig hilsen

Jacob Fjeldsted Seniorkonsulent solvo it aps

Mobil +45 22 10 06 15 Telefon +45 70 20 55 90

LinkedInhttp://www.linkedin.com/company/solvo-it ● Facebookhttps://www.facebook.com/pages/solvo-it/455011694561567 ● www.solvoit.comhttp://www.solvoit.com/?utm_source=utm_source%3Dalm_e-mail&utm_medium=utm_medium%3Dalm_e-mail&utm_campaign=utm_campaign%3Dalm_e-mail

[E-mailsignatur]

From: rafabu notifications@github.com Sent: 11. november 2019 13:42 To: rafabu/SCOM-PKICertificateMP SCOM-PKICertificateMP@noreply.github.com Cc: Jacob Fjeldsted, solvo it jf@solvoit.com; Mention mention@noreply.github.com Subject: Re: [rafabu/SCOM-PKICertificateMP] Alert information not displayed correct in Alert Description (#8)

Fixed with v1.4.3.0 https://github.com/rafabu/SCOM-PKICertificateMP/releases/tag/v1.4.3.0https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Frafabu%2FSCOM-PKICertificateMP%2Freleases%2Ftag%2Fv1.4.3.0&data=02%7C01%7Cjf%40solvoit.com%7C9b761739565345f8a91608d766a494e0%7C902a824c330c405fb97ef2bfb03df0b1%7C0%7C0%7C637090729367714733&sdata=BclaOWGVxgsBsvRjM5YfbKYFOkjqsm0mT%2FaGZxgtKXs%3D&reserved=0

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Frafabu%2FSCOM-PKICertificateMP%2Fissues%2F8%3Femail_source%3Dnotifications%26email_token%3DAEMV2WEBYFE2NBE2MWPI4PTQTFHKJA5CNFSM4IBBKQLKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEDWWVHI%23issuecomment-552430237&data=02%7C01%7Cjf%40solvoit.com%7C9b761739565345f8a91608d766a494e0%7C902a824c330c405fb97ef2bfb03df0b1%7C0%7C0%7C637090729367714733&sdata=s52HDQCSf4S7SlwXP9Y1OxXnr4A9Wz8CTd0ulqPMKWQ%3D&reserved=0, or unsubscribehttps://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAEMV2WDNJMWHINLIA4VQDQLQTFHKJANCNFSM4IBBKQLA&data=02%7C01%7Cjf%40solvoit.com%7C9b761739565345f8a91608d766a494e0%7C902a824c330c405fb97ef2bfb03df0b1%7C0%7C0%7C637090729367724727&sdata=VF4Nol43iPXmUmpc8iLzUVoZBXrr4sefAdPKL42VXWA%3D&reserved=0.

[Fjeldsted]

On https://github.com/rafabu/SCOM-PKICertificateMP/releases/tag/v1.4.3.0 [cid:image001.png@01D598AB.4B1255A0]

Med venlig hilsen

Jacob Fjeldsted Seniorkonsulent solvo it aps

Mobil +45 22 10 06 15 Telefon +45 70 20 55 90

LinkedInhttp://www.linkedin.com/company/solvo-it ● Facebookhttps://www.facebook.com/pages/solvo-it/455011694561567 ● www.solvoit.comhttp://www.solvoit.com/?utm_source=utm_source%3Dalm_e-mail&utm_medium=utm_medium%3Dalm_e-mail&utm_campaign=utm_campaign%3Dalm_e-mail

[E-mailsignatur]

From: rafabu notifications@github.com Sent: 11. november 2019 16:14 To: rafabu/SCOM-PKICertificateMP SCOM-PKICertificateMP@noreply.github.com Cc: Jacob Fjeldsted, solvo it jf@solvoit.com; Mention mention@noreply.github.com Subject: Re: [rafabu/SCOM-PKICertificateMP] Alert information not displayed correct in Alert Description (#8)

Head line of what?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Frafabu%2FSCOM-PKICertificateMP%2Fissues%2F8%3Femail_source%3Dnotifications%26email_token%3DAEMV2WGJARTNF2JUOPTF7ELQTFZDDA5CNFSM4IBBKQLKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEDXD7AQ%23issuecomment-552484738&data=02%7C01%7Cjf%40solvoit.com%7C42785721213b4b009e1308d766b9c48c%7C902a824c330c405fb97ef2bfb03df0b1%7C0%7C0%7C637090820372780982&sdata=a543Y5SFKGJ8nUurCbVympQaC1SxRbp%2BkuiO063EGWI%3D&reserved=0, or unsubscribehttps://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAEMV2WFU773X2AWHIC34TE3QTFZDDANCNFSM4IBBKQLA&data=02%7C01%7Cjf%40solvoit.com%7C42785721213b4b009e1308d766b9c48c%7C902a824c330c405fb97ef2bfb03df0b1%7C0%7C0%7C637090820372780982&sdata=JEUPz6DcZtLs0TIRyl7YMcOZwBrOZyN8poVX4SYjYVQ%3D&reserved=0.

[rafabu]

Thanks @Fjeldsted; spotted and changed. Release title does now reflect the new version 1.4.3.0.