PKI v3 certificate monitoring issue - help?

PowerShell
,
1

For some reason, the PowerShell scripts that power the discovery of certificates are failing … the event log and errors below say the script “timedout”.

Using the latest PKI Certificate Management Pack found here:

https://github.com/rafabu/SCOM-PKICertificateMP

 

Haven’t been able to solve this issue yet …

 

 

Event ID 10006 in the Operations Manager Event Log:

Discovery task has timed out.
Discovery name: SystemCenterCentral.Utilities.Certificates.LocalScriptProbe.RootCertificate.Discovery
Instance name: Personal Computer Certificate Store
Management group name: ****
Also some Power Shell script failed to run alerts:
Forced to terminate the following PowerShell script because it ran past the configured timeout 300 seconds.
Script Name: SystemCenterCentral.Utilities.Certificates.Certificate_Verify_Script_V6.ps1
One or more workflows were affected by this.
Workflow name: SystemCenterCentral.Utilities.Certificates.LocalScriptProbe.NonRootCertificate.DiscoveryInstance name: Personal Computer Certificate Store
Instance ID: {F168E521-2C5D-BDBF-A117-32D55CBFEE7B}
I don’t quite understand why the Power Shell discovery scripts are failing to return results and timing out … this explains why deleted certs are not disappearing, new certs aren’t being discovered, and perhaps why the state isn’t changing.

 

 

 

Anyone able to assist?

2

I am running this MP and not seeing this issue.

3

The stores that experience this issue have 40+ certs in them … I haven’t yet found a way to increase the timeout for the script. Unfortunately this is used to monitor all of our external certs for expiry dates but has become unreliable … searching for another way to monitor certs now.

4

Unfortunately this is the way we were monitoring our external certificates (add them to a repository on a specific server). It’s a bit unfortunate that the discovery times out now.

I will try to split the certs into several groups and see if I experience better results.

5

There is a “ChildScriptTimeout” override. Have you tried adjusting that?

6

This override is located on the: Discovery of local comptuer’s certificate store “My / Personal” (registry) … I will increase this timeout and see how things go!

 

 

Cheers

7

Any chance you could clean up some of the certs?