We have management packs for Active Directory Certificate Services on Windows 2012R2 and Windows 2016.
WS 2012 and 2012R2: https://www.microsoft.com/en-us/download/details.aspx?id=34765
WS 2016: https://www.microsoft.com/en-us/download/details.aspx?id=56671
However, there is an issue with the recently released ADCS MP for WS 2016. A change was made in the library MP which modified some class property names. This breaks MP update, so customers using the ADCS MP’s for Windows 2012 and 2012R2 cannot “add” the ADCS for Windows Server 2016 MP’s to the management group.
You might see these errors:
Certificate Services Common Library could not be imported.
If any management packs in the Import list are dependent on this management pack, the installation of the dependent management packs will fail.
Verification failed with 5 errors:
——————————————————-
Error 1:
Found error in 2|Microsoft.Windows.CertificateServices.Library|7.1.10100.0|Microsoft.Windows.CertificateServices.Library|| with message:
Version 10.0.0.0 of the management pack is not upgrade compatible with older version 7.1.10100.0. Compatibility check failed with 4 errors:——————————————————-
Error 2:
Found error in 1|Microsoft.Windows.CertificateServices.Library/31bf3856ad364e35|1.0.0.0|Microsoft.Windows.CertificateServices.CAWatcher|| with message:
Publicly accessible ClassProperty (WatcheeName) has been removed in the newer version of this management pack.
——————————————————-
Error 3:
Found error in 1|Microsoft.Windows.CertificateServices.Library/31bf3856ad364e35|1.0.0.0|Microsoft.Windows.CertificateServices.CAWatcher|| with message:
Publicly accessible ClassProperty (IsWatcheeOnline) has been removed in the newer version of this management pack.
——————————————————-
Error 4:
Found error in 1|Microsoft.Windows.CertificateServices.Library/31bf3856ad364e35|1.0.0.0|Microsoft.Windows.CertificateServices.CAWatcher|| with message:
Publicly accessible ClassProperty (WatcheeHierarchyEntryPoint) has been removed in the newer version of this management pack.
——————————————————-
Error 5:
Found error in 1|Microsoft.Windows.CertificateServices.Library/31bf3856ad364e35|1.0.0.0|Microsoft.Windows.CertificateServices.CAWatcher|| with message:
New Key ClassProperty item (WatcherName) has been added in the newer version of this management pack.
——————————————————-
There is a workaround:
Delete all the ADCS 2012 MP’s you have, while first backing up and then deleting any unsealed MP’s which reference them.
Import only the Microsoft.Windows.CertificateServices.Library.mp version 10.0.0.0
Now you may import all the rest of the MP’s, including 2012, 2012R2, and 2016 for ADCS, and your unsealed MP’s which you have to remove.
If you only need to monitor ADCS on Windows Server 2016, simply delete your existing ADCS MP’s first, then you can import these as normal.