Home
  •  

Synchronization Threshold Violation

Microsoft.ActiveDirectoryFederationServices.2016.WIDSyncSynchronizationThresholdViolationRule (Rule)

Knowledge Base article:

Summary

AD FS detected that the Federation Service has more than 100 trusts configured and that the data in the AD FS configuration database for this Federation Service is stored and synchronized using Windows Internal Database technology.

Causes

The farm deployment is trying to synchronize using a WID database, and it has more than 100 claim trust provider trusts or more than 100 relying party trusts.

Resolutions

Move to SQL Server for improved database synchronization performance when you need to support more than 100 claim trust provider trusts or more than 100 relying party trusts.

For more information about how to do this, see AD FS operations documentation on the TechNet Wiki site.

Element properties:

TargetMicrosoft.ActiveDirectoryFederationServices.2016.WIDSync
CategoryConfigurationHealth
EnabledTrue
Event_ID382
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
RemotableTrue
Alert Message
Synchronization Threshold Violation
AD FS detected that the Federation Service has more than '{0}' '{1}' trusts configured and that the data in the AD FS configuration database for this Federation Service is stored and synchronized using Windows Internal Database technology.
Event Log$Target/Host/Property[Type="Microsoft.ActiveDirectoryFederationServices.2016.FederationServer"]/ADFSEventLog$

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
Alert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Microsoft.ActiveDirectoryFederationServices.2016.WIDSyncSynchronizationThresholdViolationRule" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices.2016.WIDSync" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>ConfigurationHealth</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>$Target/Host/Property[Type="Microsoft.ActiveDirectoryFederationServices.2016.FederationServer"]/ADFSEventLog$</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="UnsignedInteger">382</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <RegExExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>MatchesMOM2005RegularExpression</Operator>

              <Pattern>(^AD FS$)</Pattern>

            </RegExExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertName/>

      <AlertDescription/>

      <AlertOwner/>

      <AlertMessageId>$MPElement[Name="Microsoft.ActiveDirectoryFederationServices.2016.WIDSyncSynchronizationThresholdViolationRule.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/Params/Param[1]$</AlertParameter1>

        <AlertParameter2>$Data/Params/Param[2]$</AlertParameter2>

      </AlertParameters>

      <Suppression>

        <SuppressionValue>$Data/EventDisplayNumber$</SuppressionValue>

      </Suppression>

      <Custom1/>

      <Custom2/>

      <Custom3/>

      <Custom4/>

      <Custom5/>

      <Custom6/>

      <Custom7/>

      <Custom8/>

      <Custom9/>

      <Custom10/>

    </WriteAction>

  </WriteActions>

</Rule>