OpsMgr 2007 (SCOM): Coretech Certificates Expire checker Management Pack – 0.0.0.1

Download:

Download “Coretech Certificates MP 0.0.0.1.rar” coretech-certificates-mp-0001.rar – Downloaded 401 times – 9 KB

Intro:

This management packs can be used to check the expire date on all or specific certificates in the client/servers certificates store.

It uses the event log on the local client, to alert the OpsMgr unit monitor .

It is supposed to check once every day, and make a warning in the opsmgr if any certificates are close to the expire date.

This is the very first version. It has been tested in my test environments, and will soon be tested in production.

Please do not hesitate to report any bugs and please send suggestions for the next version you might have.

This was developed with the help of Kåre Rude Andersen and NetOp Solutions A/S

Have a great summer!

Install:

1.

Import the Management Pack into OpsMgr.

2.

Place the program file (.exe) in a shared directory.

All clients must have access to this file via the OpsMgr Rule Account

Save the UNC Path for later use in the configuration

3.

Open Properties window for the Rule called “Certificates: Run Script”

4.

Click “Edit” in the “Configuration”-pane by the Responses box.

Read the Configuration details below

image
5.

Both monitor and rule is disabled by default. Use the override function to enable it on specific computers, or just enable it on all.

6.

System is now ready!

Configuration:

Configuration can be found in the Rule Details, read the installation manual above.

arrStore = Array(“my”,”root”)
List of folders to check in each Store location
Valid entries: “my”, “root”, “addressbook”,”authroot”,”certauth”,”disallowed”,”trustedpeople”,”trustedpublisher” .
Example: Array(“my”,”root”)

arrStoreLoc = Array(“CurrentUser”,”LocalMachine”)
List of Certificate Locations to check
Valid Entries: “CurrentUser”,”LocalMachine”.
Array: (“CurrentUser”,”LocalMachine”)

arrSubjects = Array(“”)
List of subjects to search for
Example:. Array(“coretech”,”microsoft”)

strDaysToexpire = 1000
Limit in days, before the system should create an alert

strEventIDGood = 500

Event ID for the Healthy Event.

strEventIDBad = 510
Event ID for the unhealthy Event.

strEventIDInfo = 520
Event ID for info about the copy of the program file.

strSourcePath = “\\CTJGS\C$\CheckCertificateExpires.exe”
The UNC Path to the file, all monitored clients must have access to this folder.

strTargetPath = objShell.ExpandEnvironmentStrings(“%TEMP%”) & “\CheckCertificateExpires.exe”
Target path , where the script should place the file on local PC.
Default is the %TEMP% folder.
Usually there is not need to edit this parameter.

Script:


That should be it for now!

Please bring your feedback 🙂

About the Author:

Jakob Gottlieb Svendsen

Twitter: @JakobGSvendsen

Jakob Gottlieb Svendsen is a Microsoft Cloud and Data Center Management MVP (http://mvp.microsoft.com/en-us/default.aspx), Working as Global Lead Developer, Senior Consultant and Trainer at CTGlobal, where he is one of the driving forces in keeping CTGlobal a System Center Gold Partner and member of the System Center Alliance.

Since he started at Coretech in 2007, he has focused on Scripting and Development, primarily developing tools, extensions and scripts for the System Center Suite. His main area is Automation (including OMS/Azure Automation, Service Management Automation, PowerShell and Orchestrator). Another area is Windows Azure Pack / Azure Stack, where he does implementation, development, workshops and presentations. He is a world-wide renowned voice in the Automation field.

He is passionately devoted to the community, to which he contributes by being a moderator at TechNet and sharing his knowledge at http://blog.ctglobalservices.com/jgs

  • Co-founder: PowerShell User Group Denmark
  • Speaker at MMS 2016, Minneapolis (www.mmsmoa.com)
  • SCU Europe 2014, 2015, 2016 (www.systemcenteruniverse.ch)
  • Microsoft TechEd North America 2014, Houston
  • NIC 2012,2013,2014,2015, Oslo (www.nic.com)
  • Microsoft CampusDays 2011, 2013, Copenhagen
  • Microsoft TechDays 2015, Sweden (www.techdays.se)
  • Microsoft Partner Event: New in SC2012 SP1
  • User group meetings (PSUG.DK , SCUG.DK/BE/NO, AZMUG + more)
  • Microsoft Certified Trainer.
  • Microsoft Scripting Guys Forum Moderator

Main working areas:

  • Automation (Azure Automation, SMA, SCO)
  • Windows Azure Pack / Azure Stack
  • System CenterVisual Studio Team Services / Team Foundation Server
  • Development:C#.Net, VB.NET, VBScript, PowerShell, Service Manager, OpsMgr, ConfigMgr
  • Orchestrator
  • Windows Azure Pack / Azure Stack

Training:

  • Azure Automation
  • Service Management Automation
  • System Center Orchestrator
  • PowerShell, VBScript, C#.Net, VB.Net
  • Windows Azure Pack / Azure Stack Development Workshops

6 Comments

  1. Parry August 25, 2009 at 9:07 - Reply

    Hi Mate,

    this is really good stuff howevere I have a Question. in OpsMgr as per my understanding Agent would need Cert when they are in Workgroup Or DMZ (behind firewall), now in most case the UNC path will not be accessable from agent so then how to proceed further?

    Regards.

  2. Jakob August 25, 2009 at 10:10 - Reply

    Hello Parry

    I can see your problem, but as the script works now, it is not possible to use it on clients/servers, that does not have access to the UNC path.

    otherwise you would need to ditribute the CheckCertificateExpires.exe to the computer by yourself, and modify the sciprt, so that it does not copy the file automaticly.

    But this MP was ment to check other certificates on the clients and not the OpsMgr communication cert. There is already a buildin monitor that you can use to monitor the opsmgr cert, as far as i know.

    regards
    jakob

  3. Parry August 25, 2009 at 12:05 - Reply

    Thanks Jakob,

    So, can you modify the script so, that copying the EXE manualy to each agents %Temp% directory & that would solve my issue and it will make this as a real good stuff. becuase once the script is successful then it will log respective event in the event logs and OpsMgr can read such events from the log & Alert.

  4. Jakob Gottlieb Svendsen
    Jakob Gottlieb Svendsen August 25, 2009 at 12:37 - Reply

    Hello

    sorry i do not have time at the moment to do a new version, and test it and so on.

    but i will remember it for the next version, making it possible to choose to copy it or not.

    Regards

    Jakob

  5. Robert Torma May 20, 2011 at 14:11 - Reply

    Hi Jakob,

    It seems there will be an infinite loop if the exe file cannot be copied. At the first check, if the file does not exists at the target, the script will try to copy it. But if e.g. the UNC path cannot be reached from the agent, the value of bRetry remains True and the loop never quits.

    Robert

  6. Tor December 12, 2012 at 9:31 - Reply

    Hi! Does this work with scom2012? Is there any better way to do this in scom2012?

Leave A Comment