1 Reply Latest reply on Jul 3, 2012 1:19 PM by Lawrence Garvin

    Error Messages: All Management Servers are unavailable for management group. 200 Certificates

    SolarWinds Community Team

      Summary:

      On occasion, this error message can appear when attempting to perform requests to retrieve WSUS or computer information, run reports, or perform configuration management tasks.  Additionally, you may also see related errors that indicate the 'RPC Server is Too Busy' or you may get an installation error due to too many certificates.

       

      Cause:

      This error is caused by having too many certificates in the machine's Trusted Root Certification Authorities certificate store.  At installation time (and when you apply an update), we test to ensure that there are fewer than 200 certificates in the store.  This error occurs when the certificate count goes up *after* EminentWare has been installed (e.g., when a certificates update has been applied).  Thus we don't have the opportunity to check for this issue and this failure can manifest.

       

      Fix:

      This is actually a design issue with the Microsoft certificate store and their trust chain verification algorithms.  We have been in contact with Microsoft about this issue.

       

      Workaround:

      To remedy this, you need to get the total number of certificates in the Trusted Root Certification Authorities store down to below approximately 180 certificates.  To do this, run mmc.exe and add the 'Certificates' snapin.  Select the 'Computer Account' option and specify the 'Local Computer' if prompted.  Once the snapin is loaded, expand the 'Trusted Root Certification Authorities' node and select 'Certificates.'  The certificate count is displayed at the bottom of the snapin.

       

      From here, you can delete certificates until the count gets down to approximately 180.  As a rule of thumb, delete the expired certificates first, followed by foreign regional CA certificates.  For example, there are a large number of certificates where the issued to/by fields are in Spanish and Swedish.  These typically make good candidates for deletion.  You should *not* delete certificates from Microsoft, Verisign, or EminentWare.

       

      Remember, these are just certificates, so if you accidentally delete something useful, you can typically get it re-installed by visiting the site (certificates are presented in the SSL handshake), or by re-installing the certificate pack and starting over.

       

      Once you have deleted the certificates, you should shut down the EminentWare console and restart the EminentWare server.  If the issue persists, delete a few more certificates - we have seen cases where the count had to be 175ish before things would work properly.