Known Issues

  • Article

The following issues have been identified for the Active Directory Certificate Services Management Pack.

If more than one of the Certificate Services role services (CA, OCSP, or MSCEP) are located on the same computer, events and alerts for all of the installed services are displayed in the view for each service

By default, views display events and alerts based on the computer on which the services are installed, not by service.

Resolution

To display events and alerts based on more specific criteria, configure the view criteria to show only events and alerts from a specific source.

MOM 2005 cannot read Autoenrollment Event 64 event message strings

Resolution

To resolve this issue, manually create a registry key.

To create a manual registry key

  1. On the managed server, open the Registry Editor and navigate to HKLM\System\CurrentControlSet\Services\Eventlog\Application\Autoenrollment\

    Warning

    Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.

  2. Under this key, create a new String Value with the following values (this requires an access control change on the registry key):

    Value Name: EventMessageFile

    Value Data: %SystemRoot%\system32\pautoenr.dll

Events in the Optional Certificate Services Monitoring Rules folder are not monitored by default

By default, events in the Optional Certificate Services Monitoring Rules folder are not monitored. The rules in this folder can be useful for monitoring successful events, such as the successful publishing of a certificate revocation list (CRL) by a CA. To enable these rules, first ensure that the managed CA or Online Responder is configured to generate informational events by enabling verbose logging. Then, use the MOM 2005 Administrator Console to enable the optional rules you require.

Resolution

Enable event monitoring in the Optional Certificate Services Monitoring rules folder.

To enable event monitoring in the Optional Certificate Services Monitoring Rules folder

  1. Verify that the managed Certificate Services server is configured to generate informational events. On the managed server, enable verbose logging by increasing the logging level to 4:

    For Certificate Services:

    HKLM\System\CurrentControlSet\Services\CertSvc\Configuration\{CA Name}\LogLevel

    For the Online Responder:

    HKLM\SYSTEM\CurrentControlSet\Services\OCSPSvc\Responder\LogLevel

    Warning

    Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.

  2. In the MOM 2005 Administrator Console, expand the Optional Certificate Services Monitoring Rules folder and select Event Rules.

  3. To enable the desired rules, in the details pane, double-click the rule, and then on the General tab, select the This rule is enabled check box. Click OK.

  4. Repeat Step 3 for each desired rule, and then commit the configuration changes in the MOM Administrator Console.