PanelCheck runs as a scheduled task, and solves the problem of "who watches the watchman?" for an Identity Panel installation. For example, if it detects that PanelService.exe is not running it will attempt to restart it.
Note: It is a good idea after deployment to forcedly stop Panel Service and confirm that Panel Check causes it to be restarted on the next run.
There are a number of standard Identity Panel dashboard components that are designed to report on system health which depend on this service having been correctly installed and configured. The following are instructions for installing PanelCheck for your Panel Service instance, within the context of a lab VM configuration for the purposes of this exercise.
Installation Procedure
- RDP to your lab VM as your admin user account, e.g.
Softwareidm\labadmin - Open Windows Explorer to the Downloads\PanelTools folder (to which PanelTools was previously downloaded):
~\labadmin\Downloads\PanelTools - Run ServiceSetup.exe
- Execute step 3 (configure Panel Check health monitoring - as a new Windows Scheduled Task)
- Enter the domain\name of the account to use for running the Scheduled Task - typically use the ServicePanel identity, i.e.
Softwareidm\idpservice - Enter a password
<redacted> - Specify a method for emails (we'll choose Azure in this case):
2 - Specify a valid mailbox sender email address, e.g.
IdPAlerts@sidm.us- NOTE:
To send messages with the Graph API you MUST specify an App Registration with the Microsoft Graph - Mail.Send permission. For more information go to https://support.identitypanel.com and search "Mail.Send".
- NOTE:
- Specify the email recipient(s) of email alerts (comma separated, or set up a new d-group), e.g.
LabSupport@softwareidm.com - Paste Azure Tenant ID of the application that will be used as the service principle for sending the email
<redacted> - Paste Azure Application ID of the application that will be used as the service principle for sending the email
<redacted> - Paste Client Secret for the application that will be used as the service principle for sending the email
<redacted>
Indicative Output
Once installed, a Windows Scheduled Task will have been created - see output below from one of the training labs.
ServiceSetup.exe
Note: the above error does not prevent the task creation - only mail delivery because in this case the Azure AD training tenant I am using for this article is not licensed with M365 mailboxes.
Windows Task Scheduler
Identity Panel Dashboard
Config.json
The following is the JSON section within the C:\Program Files\SoftwareIDM\PanelTools\config.json file created once PanelCheck has been successfully configured.
"PanelCheck": {
"TryResolve": true,
"PingInterval": "7.00:00:00",
"SendErrorTo": "errorreporting@softwareidm.com",
"Service": "SoftwareIDM.PanelService",
"Test": {
"PanelService": true,
"PanelHost": true,
"ScheduleService": true,
"WorkflowService": true,
"PasswordService": true,
"PasswordCertificate": true
},
"SMTP": {
"Server": "0dba38dd-9670-4997-91be-0f95cdfb74f8",
"Port": 25,
"UseSSL": false,
"User": "a7918df3-0888-48d8-8c5e-cde828b1c543",
"Password": "<redacted>",
"From": "IdPAlerts@sidm.us",
"To": "LabSupport@softwareidm.com"
}
}
The following describe the functionality of the configured "tests" which are enforced if TryResolve is set to true (default):
- PanelService - is the local Panel Service running, and if not attempt to restart it;
- PanelHost - can a connection be made to the web application, and if not send an email;
- ScheduleService - is the scheduler inside of Panel Service running, and if not attempt to restart PanelService;
- WorkflowService - is the workflow service inside of Panel Service running, and if not attempt to restart PanelService;
- PasswordService - if password sync is configured, then is the password service running, and if not attempt to restart;
- PasswordCertificate - if password sync is configured, then is the certificate within the validity period, and if not send an email alert.
Comments
0 comments
Please sign in to leave a comment.