Microsoft Windows Server AD RMS 2016 and above Public Private Key Mismatch Event Rule - Microsoft.ADRMS.10.PublicPrivateKeyMismatchEvent.Rule (Rule)

Microsoft.ADRMS.10.PublicPrivateKeyMismatchEvent.Rule (Rule)

Knowledge Base article:

Summary

The private key does not match the public key extracted from the corresponding trusted publishing domain server licensor certificate.

External

http://technet.microsoft.com/en-us/library/cc726075(WS.10).aspx

Element properties:

Target

Microsoft.ADRMS.10.Server

Category

Alert

Enabled

False

Event_ID

126

Event Source

Active Directory Rights Management Services

Alert Generate

True

Alert Severity

Error

Alert Priority

Normal

Remotable

True

Alert Message

Microsoft Windows Server AD RMS 2016 and above Public Private Key Mismatch Event Rule

Event Description: {0}

Event Log

Application

Member Modules:

ID	Module Type	TypeId	RunAs
Event	DataSource	Microsoft.Windows.EventProvider	Default
Alert	WriteAction	System.Health.GenerateAlert	Default

Source Code:

<Rule ID="Microsoft.ADRMS.10.PublicPrivateKeyMismatchEvent.Rule" Enabled="false" Target="MicrosoftADRMS2016Discovery!Microsoft.ADRMS.10.Server" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100"> <Category>Alert</Category> <DataSources> <DataSource ID="Event" TypeID="Windows!Microsoft.Windows.EventProvider"> <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName> <LogName>Application</LogName> <Expression> <And> <Expression> <SimpleExpression> <ValueExpression> <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery> </ValueExpression> <Operator>Equal</Operator> <ValueExpression> <Value Type="UnsignedInteger">126</Value> </ValueExpression> </SimpleExpression> </Expression> <Expression> <SimpleExpression> <ValueExpression> <XPathQuery Type="String">PublisherName</XPathQuery> </ValueExpression> <Operator>Equal</Operator> <ValueExpression> <Value Type="String">Active Directory Rights Management Services</Value> </ValueExpression> </SimpleExpression> </Expression> </And> </Expression> </DataSource> </DataSources> <WriteActions> <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert"> <Priority>1</Priority> <Severity>2</Severity> <AlertOwner/> <AlertMessageId>$MPElement[Name="Microsoft.ADRMS.10.PublicPrivateKeyMismatchEvent.Rule.AlertMessage"]$</AlertMessageId> <AlertParameters> <AlertParameter1>$Data/EventDescription$</AlertParameter1> </AlertParameters> <Suppression> <SuppressionValue>$Data/EventDisplayNumber$</SuppressionValue> <SuppressionValue>$Data/PublisherName$</SuppressionValue> <SuppressionValue>$Data/EventDescription$</SuppressionValue> </Suppression> <Custom1/> <Custom2/> <Custom3/> <Custom4/> <Custom5/> <Custom6/> <Custom7/> <Custom8/> <Custom9/> <Custom10/> </WriteAction> </WriteActions> </Rule>