Discovering certificates from a Microsoft CA Server - error for (only) one template

Marcio Olivieri · ‎10-24-2023

Hello. We have enabled the discovery of Microsoft Certificate Authority (CA) certificates using the Microsoft CA - Certificate Management pattern. We have one CA server with multiple templates, and noticed some errors during discovery. To isolate the issue, we managed to create one discovery job for each CA template.

It turns out discovery works fine most CA templates, except for one (which happens to be the biggest one with 188K certs), that reports the following once discovery is completed:

”Error in Horizontal Discovery Sensor for Horizontal Pattern: Payload was in an unexpected format, the payload will not be processed.".

I suspect this happens due to the high number of certificates for this specific template, as the other ones have been discovered just fine. Any ideas or suggestions? Thank you.

Mateus Oliveira · ‎10-24-2023

Hello @Marcio Olivieri ,

You may want to check this known error, it seems to be applicable to your issue: "MicroSoft CA - Certificate Management" pattern - When template_list is not set to All, in some case...

Please, mark my reply as helpful in case it helped you.

Marcio Olivieri · ‎10-24-2023

Thanks Matheus, but we already used that KB few weeks ago, it worked so we could start to run discoveries with success - except for one specific template. After increasing JVM memory from 2GB to 4G, Discovery managed to perform more steps, but failed with this:

Maybe should I adjust the time out numbers below?

Mateus Oliveira · ‎10-25-2023

I would certainly try adjusting it. Only take care of also verifying your Discovery max execution time, so you don't start getting a time out from the Discovery Status itself. I am not sure how you have configured it, but one suggestion could also be to isolate this big one in a specific/dedicated Discovery Schedule.