Info: Modify Behavior of Daily Tasks and VPlatform Startup

Applies To:

Venafi Trust Protection Platform 17.2 or higher

Skill Level Required:
Expert
(Note: this article is intended to be used by only Experts)

Summary:

Many of the modules enabled on the Platform tree have regular scheduled tasks that are executed on a daily basis. By default, these tasks run at midnight (12:00 AM) and whenever Vplatform.exe (the Windows Service that runs the modules) starts up.  Examples of tasks that run daily are:

• Daily Certificate TLS and Installation Validation
• Certificate Expiration Monitoring and Notification
• Automatic Enrollment for certificates entering renewal window
• Automatic Disable/Retire or Revoke User Certificates
• Synchronization with Venafi TrustNet

In Web Admin, you can turn these services off and set the hour at which the daily tasks run.  Now in 17.2, there is a method that gives you additional control.  The Engine object in Web Admin has a new attribute called "Disable Triggers" which can have the following values:

• Never - This is the default behavior, and ensures that daily tasks are run daily and on VPlatform Startup
• OnStartup - The daily tasks will still run each day, but will not run when VPlatform starts up.
• Always - The daily tasks will never run.  Both daily and on VPlatform startup will be skipped.

How to Configure per Venafi Server:

1. Copy the following to a text file
2. Set an available value for ‘Disable Triggers’ (Note, in the example below, "Never" is used)
3. Use Schema Tool each Venafi server where you would like this setting to take effect
4. Restart the ‘Venafi Platform Service’

<?xml version="1.0" encoding="utf-8"?>
<ConfigSchema Type="17.2.0">
 	<Write Parent="$TreeRoot$\$EngineRoot$" Name="$EngineIdentity$">
 		<Attribute Name="Disable Triggers">Never</Attribute>
 	</Write>
 </ConfigSchema>

How to Configure once for all Venafi Servers in the Environment:

1. Copy the following to a text file
2. Set an available value for ‘Disable Triggers’ (Note, in the example below, "Never" is used)
3. Use Schema Tool once on any of your Venafi servers.
4. Restart the ‘Venafi Platform Service’ on each of your servers

<?xml version="1.0" encoding="utf-8"?>
<ConfigSchema Type="17.2.0">
 	 <Policy>
 	 	<Object DN="\VED\Engines" Class="Venafi Platform" Attribute="Disable Triggers" Locked="false">
 	 	 	<Value>Never</Value>
 	 	</Object>
 	 </Policy>
</ConfigSchema>

How tell if the settings worked:

Look for the following events in the Default SQL Channel:

• 000E0014,Venafi Platform - Daily Tasks Start
• 000E0015,Venafi Platform - Daily Tasks End

When set to Never (the default):

• You will see these events at service startup for the Venafi Servers that have this value
• You will see these events at the daily scheduled time for the Venafi Servers that have this value

When set to OnStartup:

• You should only see these events at the daily scheduled time for tasks for the Venafi Servers that have this value

When set to Always:

• You should never see these events for the Venafi Servers that have this value

Possible Reasons to use this parameter:

• You don't want triggers to start when Vplatform is restarted (this can at times interfere with troubleshooting another issue)
• You want a service like Validation, to only execute on demand via the UI (Validate Now) and never on a schedule.  To do this, you would enable the Validation Module on it's own Venafi Servers (and only that that server), for that Server, you would set "Disable Triggers" = "Always" so that Validation never turns during daily tasks or on VPlatform startup, but it will execute when called on demand by Web Admin or Aperture.