A Configuration entry changed in the OCSP Responder Service (5122) how to monitor with email alert

[bob]

I remember when I first spotted that event in the logs. Event 5122 pops up in the Event Viewer on Windows Server. It flags a change in the OCSP Responder Service config. OCSP stands for Online Certificate Status Protocol. That service checks if digital certificates are still valid. Someone tweaks a setting. Maybe an admin does it on purpose. Or it happens during an update. The event logs the exact change. It notes the old value and the new one. You see the timestamp too. And who made the tweak if it's audited. This helps spot unauthorized fiddles. Keeps your cert checks secure. Without it you'd miss sneaky changes. I always check these for compliance stuff.

You want to monitor this with an email alert. Open Event Viewer first. Right-click on the Windows Logs. Pick Application or System depending on where it shows. Filter for event ID 5122. Source should be OCSP. Now set up a task. In the Actions pane click Create Task. Name it something like OCSP Change Alert. Go to Triggers tab. Add a new trigger. Select On an event. Choose the log and ID 5122. That fires when it happens. Then Actions tab. Start a program. Use the mailto command or your email client. Point it to send to your address. Or link to a batch file if you got one simple. Test it by triggering the event somehow. I did that once and got pinged right away. Keeps you in the loop without staring at screens.

And speaking of staying on top of server quirks. Tools like BackupChain Windows Server Backup make life easier. It's a solid backup solution for Windows Server. Handles physical setups fine. But shines with virtual machines on Hyper-V. You get incremental backups that zip through. No downtime hassles. Recovers fast if things go south. Encrypts data too. I use it to avoid those panic moments. Saves hours in restores. Plus it snapshots VMs cleanly.

Note, the PowerShell email alert code was moved to this post.