SCOM 2012: Global Service Monitor Certificate Error


Today I run into an issue with the Global Service Monitor configuration in my SCOM 2012 R2 environment. The GSM subscription was configured some time ago but I was forgotten with which account this was done. For some time I received alerts that I had to renew my certificate for the communication with GSM in Azure. After some time the Global Service Monitor stopped working. I tried to renew the certificate with another subscription credentials but that failed. I could not find a very easy solution so I decided to reset the whole Global Service monitor implementation.In this blogpost I want to explain what I did.

Let’s first start with the error which I got when the certificate was expired in SCOM:

Global Service Monitor Modules:  Failed to communicate with the Global Service Monitor service.  Could not get a token from AppFabric ACS for Web Tests Service, Uri '', Audience '', Identity Name 'CustomerRest_a130ee39-a99e-478e-9882-c7e73941aa0a'

Failure details: The remote server returned an error: (400) Bad Request.. Response Body: '{"error":"invalid_client","error_description":"ACS50008: SAML token is invalid.\r\nTrace ID: 2723848e-9492-4557-baaa-8304005806d6\r\nCorrelation ID: 92c99bc4-caa2-4847-8d4c-fd797c36b97a\r\nTimestamp: 2015-04-01 13:27:06Z"}'

One or more workflows were affected by this.
Workflow name: n/a
Instance name: n/a
Instance ID: n/a
Management group:

So my last and final solution to solve the certificate issue in combination with the missing active subscription username/password was to completely reset the Global Service Monitor. I did the following:

  1. Remove all Global Service monitor locations from the ‘Visual Studio Web Test Monitoring’ and the ‘Web Application Availability Monitoring’ tests. You do not need to delete the whole test, for me only removing the GSM locations was enough.
  2. Delete the Global Service Monitor Management Packs
  3. Now wait for a couple of minutes
  4. Re-Import the Global Service Monitor Management Packs
  5. Create a new subscription with the correct credentials
  6. Add the GSM locations to the tests from which you removed them in the first step

Job done! Global Service Monitor is working again!


One thought on “SCOM 2012: Global Service Monitor Certificate Error

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.