Monitoring AD Certificate Services on Windows Server 2012 R2 and Windows Server 2016


 

We have management packs for Active Directory Certificate Services on Windows 2012R2 and Windows 2016. 

WS 2012 and 2012R2:  https://www.microsoft.com/en-us/download/details.aspx?id=34765

WS 2016:  https://www.microsoft.com/en-us/download/details.aspx?id=56671

 

However, there is an issue with the recently released ADCS MP for WS 2016.  A change was made in the library MP which modified some class property names.  This breaks MP update, so customers using the ADCS MP’s for Windows 2012 and 2012R2 cannot “add” the ADCS for Windows Server 2016 MP’s to the management group.

image

 

You might see these errors:

 

Certificate Services Common Library could not be imported.

If any management packs in the Import list are dependent on this management pack, the installation of the dependent management packs will fail.

Verification failed with 5 errors:
-------------------------------------------------------
Error 1:
Found error in 2|Microsoft.Windows.CertificateServices.Library|7.1.10100.0|Microsoft.Windows.CertificateServices.Library|| with message:
Version 10.0.0.0 of the management pack is not upgrade compatible with older version 7.1.10100.0. Compatibility check failed with 4 errors:

-------------------------------------------------------
Error 2:
Found error in 1|Microsoft.Windows.CertificateServices.Library/31bf3856ad364e35|1.0.0.0|Microsoft.Windows.CertificateServices.CAWatcher|| with message:
Publicly accessible ClassProperty (WatcheeName) has been removed in the newer version of this management pack.
-------------------------------------------------------
Error 3:
Found error in 1|Microsoft.Windows.CertificateServices.Library/31bf3856ad364e35|1.0.0.0|Microsoft.Windows.CertificateServices.CAWatcher|| with message:
Publicly accessible ClassProperty (IsWatcheeOnline) has been removed in the newer version of this management pack.
-------------------------------------------------------
Error 4:
Found error in 1|Microsoft.Windows.CertificateServices.Library/31bf3856ad364e35|1.0.0.0|Microsoft.Windows.CertificateServices.CAWatcher|| with message:
Publicly accessible ClassProperty (WatcheeHierarchyEntryPoint) has been removed in the newer version of this management pack.
-------------------------------------------------------
Error 5:
Found error in 1|Microsoft.Windows.CertificateServices.Library/31bf3856ad364e35|1.0.0.0|Microsoft.Windows.CertificateServices.CAWatcher|| with message:
New Key ClassProperty item (WatcherName) has been added in the newer version of this management pack.
-------------------------------------------------------

 

 

There is a workaround:

Delete all the ADCS 2012 MP’s you have, while first backing up and then deleting any unsealed MP’s which reference them.

Import only the Microsoft.Windows.CertificateServices.Library.mp version 10.0.0.0

Now you may import all the rest of the MP’s, including 2012, 2012R2, and 2016 for ADCS, and your unsealed MP’s which you have to remove.

 

image

 

If you only need to monitor ADCS on Windows Server 2016, simply delete your existing ADCS MP’s first, then you can import these as normal.


Comments (2)

  1. Aengus says:

    Thanks, process worked a treat for me and no issues re-importing my 2012 R2 overrides MP

Skip to main content