Today I run into an issue with the Global Service Monitor configuration in my SCOM 2012 R2 environment. The GSM subscription was configured some time ago but I was forgotten with which account this was done. For some time I received alerts that I had to renew my certificate for the communication with GSM in Azure. After some time the Global Service Monitor stopped working. I tried to renew the certificate with another subscription credentials but that failed. I could not find a very easy solution so I decided to reset the whole Global Service monitor implementation.In this blogpost I want to explain what I did.
Let’s first start with the error which I got when the certificate was expired in SCOM:
Global Service Monitor Modules: Failed to communicate with the Global Service Monitor service. Could not get a token from AppFabric ACS for Web Tests Service, Uri 'https://gsmeastus3.accesscontrol.windows.net/', Audience 'https://gsm-prod.systemcenter.microsoft.com/TestResultService', Identity Name 'CustomerRest_a130ee39-a99e-478e-9882-c7e73941aa0a'
Failure details: The remote server returned an error: (400) Bad Request.. Response Body: '{"error":"invalid_client","error_description":"ACS50008: SAML token is invalid.\r\nTrace ID: 2723848e-9492-4557-baaa-8304005806d6\r\nCorrelation ID: 92c99bc4-caa2-4847-8d4c-fd797c36b97a\r\nTimestamp: 2015-04-01 13:27:06Z"}'
One or more workflows were affected by this.
Workflow name: n/a
Instance name: n/a
Instance ID: n/a
Management group:
So my last and final solution to solve the certificate issue in combination with the missing active subscription username/password was to completely reset the Global Service Monitor. I did the following:
- Remove all Global Service monitor locations from the ‘Visual Studio Web Test Monitoring’ and the ‘Web Application Availability Monitoring’ tests. You do not need to delete the whole test, for me only removing the GSM locations was enough.
- Delete the Global Service Monitor Management Packs
- Now wait for a couple of minutes
- Re-Import the Global Service Monitor Management Packs
- Create a new subscription with the correct credentials
- Add the GSM locations to the tests from which you removed them in the first step
Job done! Global Service Monitor is working again!
The process for doing this has changed. Please see the new process included in the ‘getting started documentation at https://technet.microsoft.com/library/jj860373.aspx. If the URL does not appear, please search for ‘Getting Started with Global Service Monitor: Signing In and Setup’