Discarded packet from peer

Discarded_packet_from_peer_2_1_Rule (Rule)

Knowledge Base article:

Management Pack
Summary
The DHCP Relay Agent (IPBOOTP) discarded packet(s) from the peer.
 
Causes
The most common reasons for this error are:
  1. The protocol received a packet which is smaller than the minimum size allowed.
  2. The protocol received a packet with invalid information.
 
Resolutions
  1. If the server is low on memory, take appropriate action to increase the available memory. See Help and Support Center for information on low memory.
  2. Verify the sender of the packet and if necessary reconfigure it to send packets with valid parameters.
 
Sample Event
Sample Event#1: IPBOOTP has discarded a packet received on the local interfacewith IP address %1. The packet had a hop-count of %2, which isgreater than the maximum value allowed in packets received forthis interface.The hop-count field in a DHCP REQUEST packet indicates how many timesthe packet has been forwarded from one relay-agent to another.
Sample Event#2: IPBOOTP has discarded a packet received on the local interfacewith IP address %1. The packet had a seconds-since-boot of %2,which is less than the minimum value needed for packets to beforwarded on this interface.The seconds-since-boot field in a DHCP REQUEST packet indicateshow long the DHCP client machine which sent the packet has beentrying to obtain an IP address.
Sample Event#3: IPBOOTP received a packet which was smaller than the minimum sizeallowed for DHCP packets. The packet has been discarded.It was received on the local interface with IP address %1,and it came from a machine with IP address %2.
Sample Event#4: IPBOOTP received a packet containing an invalid op-code.The packet has been discarded. It was received on the local interfacewith IP address %1, and it came from a machine with IP address %2.
Sample Event#5: IPBOOTP could not schedule the processing of a packet receivedon the local interface with IP address %1. The packet was receivedfrom a machine with IP address %2.This error may have been caused by a memory allocation failure.The data is the error code.
Sample Event#6: IPBOOTP could not schedule a task to be executed.This error may have been caused by a memory allocation failure.The data is the error code.
 
© 2004 Microsoft Corporation, all rights reserved.

Element properties:

TargetMicrosoft.Windows.RemoteAccess.2012.Class.VPNServer
CategoryEventCollection
EnabledTrue
Alert GenerateFalse
RemotableTrue
Event LogSystem

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
WriteToDB WriteAction Microsoft.SystemCenter.CollectEvent Default

Source Code:

<Rule ID="Discarded_packet_from_peer_2_1_Rule" Enabled="true" Target="Microsoft.Windows.RemoteAccess.2012.Class.VPNServer" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>System</LogName>
<Expression>
<And>
<Expression>
<RegExExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>^(30016|30017|30023|30024|30025|30026)$</Pattern>
</RegExExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>ContainsSubstring</Operator>
<Pattern>IPBOOTP</Pattern>
</RegExExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WriteToDB" TypeID="SystemCenter!Microsoft.SystemCenter.CollectEvent"/>
</WriteActions>
</Rule>