Home
  •  

AK179597

Alert_AK179597 (Rule)

Secure channel failure detected

Knowledge Base article:

External

http://go.microsoft.com/fwlink/?LinkId=221411

Element properties:

TargetMicrosoft.KnowledgeServices.Windows.Server.2008.AD.DomainControllerRole
CategoryAlert
EnabledTrue
Event_ID5722
Event SourceNETLOGON
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
RemotableTrue
Alert Message
Secure channel failure detected
<Details>
<Content>
A computer in this domain is failing to authenticate. This problem often happens when the password locally on the computer does not match the password stored in Active Directory for that computer account. This can cause any services on that computer that run as System or Network Service to fail to run properly. To resolve this issue, locate the computer name listed below and follow the steps in the content link to get the computer password to match what is in Active Directory.
</Content>
<CollectedInformation>
<Info>
<Name>Computer Name</Name>
<Value>{0}</Value>
</Info>
<Info>
<Name>Computer Account</Name>
<Value>{1}</Value>
</Info>
<Info>
<Name>Error Code</Name>
<Value>{2}</Value>
</Info>
</CollectedInformation>
</Details>
Event LogSystem

Member Modules:

ID Module Type TypeId RunAs 
event DataSource Microsoft.Windows.EventProvider Default
Alert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Alert_AK179597" Enabled="true" Target="MicrosoftKnowledgeServicesWindowsServerADLibrary!Microsoft.KnowledgeServices.Windows.Server.2008.AD.DomainControllerRole" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>Alert</Category>

  <DataSources>

    <DataSource ID="event" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>System</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">NETLOGON</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">5722</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertMessageId>$MPElement[Name="AlertMessage2e4bd3b509384e2285ce15862efdeeea"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventData/DataItem/*[local-name()='EventData']/*[local-name()='Data'][1]$</AlertParameter1>

        <AlertParameter2>$Data/EventData/DataItem/*[local-name()='EventData']/*[local-name()='Data'][2]$</AlertParameter2>

        <AlertParameter3>$Data/EventData/DataItem/*[local-name()='EventData']/*[local-name()='Data'][3]$</AlertParameter3>

      </AlertParameters>

      <Suppression>

        <SuppressionValue>$Data/EventData/DataItem/*[local-name()='EventData']/*[local-name()='Data'][1]$</SuppressionValue>

      </Suppression>

      <Custom1>SupportTopic=TBD</Custom1>

      <Custom2/>

      <Custom3/>

      <Custom4/>

      <Custom5/>

      <Custom6/>

      <Custom7/>

      <Custom8/>

      <Custom9/>

      <Custom10>1.0.0.0</Custom10>

    </WriteAction>

  </WriteActions>

</Rule>