Home
  •  

Microsoft Windows Server AD RMS 2016 and above Certificate Chain Invalid Event Rule

Microsoft.ADRMS.10.CertificateChainInvalidEvent.Rule (Rule)

Knowledge Base article:

Summary

An invalid certificate chain was found in the trusted publishing domain or trusted user domain.

External

http://technet.microsoft.com/en-us/library/cc726145(WS.10).aspx

Element properties:

TargetMicrosoft.ADRMS.10.Server
CategoryAlert
EnabledFalse
Event_ID184
Event SourceActive Directory Rights Management Services
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
RemotableTrue
Alert Message
Microsoft Windows Server AD RMS 2016 and above Certificate Chain Invalid Event Rule
Event Description: {0}
Event LogApplication

Member Modules:

ID Module Type TypeId RunAs 
Event DataSource Microsoft.Windows.EventProvider Default
Alert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Microsoft.ADRMS.10.CertificateChainInvalidEvent.Rule" Enabled="false" Target="MicrosoftADRMS2016Discovery!Microsoft.ADRMS.10.Server" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>Alert</Category>

  <DataSources>

    <DataSource ID="Event" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Application</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="UnsignedInteger">184</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">Active Directory Rights Management Services</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>2</Severity>

      <AlertOwner/>

      <AlertMessageId>$MPElement[Name="Microsoft.ADRMS.10.CertificateChainInvalidEvent.Rule.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue>$Data/EventDisplayNumber$</SuppressionValue>

        <SuppressionValue>$Data/PublisherName$</SuppressionValue>

        <SuppressionValue>$Data/EventDescription$</SuppressionValue>

      </Suppression>

      <Custom1/>

      <Custom2/>

      <Custom3/>

      <Custom4/>

      <Custom5/>

      <Custom6/>

      <Custom7/>

      <Custom8/>

      <Custom9/>

      <Custom10/>

    </WriteAction>

  </WriteActions>

</Rule>