SCOM - PKI Certificates and CRLs Group

Can anyone explain why I’m getting these grey/question mark states for PKI Certificates and CRLs Group? I have configured a Health Roll-up for “CA Certificates Group” but no Health Status is being reflected.

Below you can see the groups and sub groups created by the management pack
The “PKI Certificates and CRL’s Group” is the main group and the other groups are sub-groups of it.

The groups where I have used Toa’s MP to configure the Health Rollup appears in a different colour/style…?
An still I’m getting the Grey/Question Mark status…? even though the group contains objects…?




I know this issue is over a year old but I had the same issue but with something totally different. I was using the Tao Health rollup to monitor a group but the group still showed as not monitored.

I wouldn’t say I fixed this but the work around I used was to save the management config to a new management pack. Once I had done this the health was shown as expected.

Looking further into this I noticed that although the task to apply the health completed as successful there was an error text listed below, as missing an xml structure, which upon investigation wasn’t missing at all, but the health wouldn’t accept.

So to summarise save the health configuration to a new management pack and it should as required.


Hi Schoeman,

Which management pack are you using to monitor certificates and when was it imported?

Which heaIth roll up did you configure a monitor for (availability, security, configuration or performance - or all!)? I believe that the certificates are monitored under Configuration, which some wouldn’t usually configure for a group as performance and availability tend to be what people are after in group health rollups.

Please can you also confirm if there are objects within these groups?


schoeman 103 rep. 1 min ago
Hi Jelly – I implemented the MP from System Center Central 4 weeks ago.

PKI Certificate Verification Management Pack for SCOM 2012

I then used Tao Yang’s Self Management Pack to configure a Health Rollup for “CA Certificates Group”

OpsMgr Self Maintenance Management Pack

I hope this makes sense?

In 4 weeks the discovery would have most definitely run, so we can rule out that it’s not because the time frame is too short for anything to be found and everything in this management pack is enabled by default.

Do those groups contain any objects?

If you scope a status dashboard to use just the advanced criteria of “certificate” does anything display?

Can you confirm which roll ups you configured using Tao’s MP?

Hi Jelly - I have updated my Question with more info and screenshots.

Thanks for the additional info.

When you go into the OpsMgr Group Healthrollup Task MP and view the OpsMgr Groups view, do the groups have a health state there?

From what I can see everything seems to be correct - Did you abide by the following note on Tao’s blog and in the documentation when using the task?

NOTE: Please DO NOT select multiple instance groups at once.

Hi Jelly - Yes followed Toa’s notes for running the task - Only one at a time :wink:
The thing is I have a test SCOM environment and the symptoms are exactly the same :frowning:

Do you have this MP installed in your environment? It might be worth checking if someone else have the same issue?

I’ve not forgotten about this! I’m trying to replicated in my test lab :slight_smile:

Thanks Jelly - It would be interesting to see what your results are :wink:

Was the monitor actually created?