WS-Management Certificate Health Monitor

  • ID:  Microsoft.Unix.WSMan.Certificate.Monitor
  • Description:  WS-Management Certificate Monitor
  • Target:  Unix Computer
  • Enabled:  Yes

Operational States

Name State Description
Valid Success WS-Management Certificate is valid
Not Valid Error WS-Management Certificate has a configuration issue

Overridable Parameters

Parameter Name Default Value Description Override
Interval 300 Interval in seconds that the Heartbeat Monitor runs.
SyncTime   Time of day the Heartbeat Monitor syncs at.

Alert Details

Monitor State Message Priority Severity Auto Resolution
Not Valid (Error) SSL Certificate Error Medium Critical Yes

Run As Profiles

Name
Default

Monitor Knowledgebase

Summary

This monitor ensures that the SSL Certificate used by the WS-Management component of the Agent is valid. If the state is unknown, either monitoring has not begun for this object or there are no availability monitors defined.

Causes

An unhealthy state for this monitor indicates some problem with the certificate used for Agent communication that is installed on the Unix or Linux server.

Some of the problems that could affect the state of this monitor include:

  • The Certificate has Expired.

  • The Certificate common name (CN) does not match the hostname.

Check the "Alert Context" tab of the Alert Properties for more information.

View all current alerts from this object using this link:

Alerts

Resolutions

To verify that the SCX Agent on the remote system is running properly, try enumerating the SCX_Agent provider using the following command from the Operations Manager monitoring server:

winrm e http://schemas.microsoft.com/wbem/wscim/1/cim-schema/2/SCX_Agent?__cimnamespace=root/scx -r:https://<hostname>.<domain>:1270 -u:<username> -p:<password> -auth:basic -encoding:utf-8

substituting <hostname>.<domain> for the fully-qualified domain name of the host and <username>/<password> for some valid username and password combination on the remote system.

To verify the certificate on the remote system, log into the remote system and issue the following command:

openssl x509 -noout -in /etc/opt/microsoft/scx/ssl/scx.pem -subject -issuer -dates

To check if the certificate has expired, ensure that the current date falls between the notBefore and notAfter dates, and ensure that the date and time on the target server matches that of the Operations Manager Server.

If the Certificate common name does not match the hostname, you may change the name of your host system if necessary (check your operating system documentation for information on how to do that). Or, if the certificate is incorrect but your system's host hame is correct, regenerate the certificate by issuing the following commands from the 'root' account:

  • cd /etc/opt/Microsoft/scx/bin/tools

  • . setup.sh

  • scxsslconfig -f

  • scxadmin -restart cimom

After the above commands are issued, you'll need to re-sign the certificate via the Operations Manager Discovery Wizard.

Finally, be certain that the target computer's Fully Qualified Domain Name can be resolved from the Operations Manager Server.

External References
This monitor does not contain any external references.

See Also for System Center Operations Manager 2007 R2 Cross Platform - SLES Management Pack


Downloads for System Center Operations Manager 2007 R2 Cross Platform - SLES Management Pack

AZURE OPTIMIZATION ASSESSMENT GET STARTED
MIGRATION TO AZURE GET STARTED
SYSTEM CENTER MIGRATION TO AZURE GET STARTED
MIGRATION TO AZURE FOR SQL AND WINDOWS 2008 GET STARTED