Home
  •  

AD CPU Overload Script Parameters are configured incorrectly

AD_CPU_Overload_Script_Parameters_are_configured_incorrectly (Rule)

Knowledge Base article:

Summary

The override settings (parameters) of the AD Processor Overload (lsass) Monitor are set incorrectly.

Resolutions

Check and fix the overrides for AD Processor Overload (lsass) for this managed node. At least one parameter is outside the supported range.

Element properties:

TargetMicrosoft.Windows.Server.2000.AD.DomainControllerRole
CategoryEventCollection
EnabledTrue
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
RemotableFalse
Alert Message
Script Parameters are configured incorrectly.
{0}
Event LogOperations Manager

Member Modules:

ID Module Type TypeId RunAs 
EventDS DataSource Microsoft.Windows.EventProvider Default
GenerateAlert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="AD_CPU_Overload_Script_Parameters_are_configured_incorrectly" Enabled="onStandardMonitoring" Target="AD2000Core!Microsoft.Windows.Server.2000.AD.DomainControllerRole" ConfirmDelivery="false" Remotable="false" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="EventDS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Operations Manager</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>Params/Param[1]</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>AD CPU Overload</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <RegExExpression>

              <ValueExpression>

                <XPathQuery>EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>MatchesMOM2005RegularExpression</Operator>

              <Pattern>^(66)$</Pattern>

            </RegExExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertOwner>$Data/PublisherName$</AlertOwner>

      <AlertMessageId>$MPElement[Name="AD_CPU_Overload_Script_Parameters_are_configured_incorrectly.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue/>

      </Suppression>

    </WriteAction>

  </WriteActions>

</Rule>