Regla de supervisión de puerta de enlace de Microsoft ATA 1.7: la puerta de enlace de ATA no se pudo autenticar en el controlador de dominio.
La puerta de enlace de ATA no pudo autenticarse en el controlador de dominio.
1. Confirme que el registro de DNS de controladores de dominio esté configurado correctamente en el servidor de DNS.
Target | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | ||
Category | AvailabilityHealth | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | Error | ||
Alert Priority | Normal | ||
Remotable | True | ||
Alert Message |
|
ID | Module Type | TypeId | RunAs |
---|---|---|---|
ATALogFile | DataSource | Microsoft.AdvancedThreatAnalytics.LogFileProvider | Default |
Alert | WriteAction | System.Health.GenerateAlert | Default |
<Rule ID="Microsoft.AdvancedThreatAnalytics.1_7.Gateway.ActiveDirectoryAuthenticationFailure" Enabled="true" Target="Microsoft.AdvancedThreatAnalytics.1_7.Gateway" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>AvailabilityHealth</Category>
<DataSources>
<DataSource ID="ATALogFile" TypeID="Microsoft.AdvancedThreatAnalytics.LogFileProvider">
<LogFileDirectory>$Target/Property[Type="Microsoft.AdvancedThreatAnalytics.1_7.Gateway"]/InstallationPath$\Logs</LogFileDirectory>
<LogFilePattern>Microsoft.Tri.Gateway-Errors.log</LogFilePattern>
<PublisherName>System.DirectoryServices.Protocols.LdapException</PublisherName>
<ErrorStringContains>A local error occurred</ErrorStringContains>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>2</Severity>
<AlertMessageId>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Gateway.ActiveDirectoryAuthenticationFailure.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventData/DataItem/LogFileName$</AlertParameter1>
<AlertParameter2>$Data/EventData/DataItem/LogFileDirectory$</AlertParameter2>
<AlertParameter3>$Data/PublisherName$</AlertParameter3>
<AlertParameter4>$Data/EventDescription$</AlertParameter4>
</AlertParameters>
<Suppression>
<SuppressionValue>$Data/LoggingComputer$</SuppressionValue>
<SuppressionValue>$Data/EventDescription$</SuppressionValue>
</Suppression>
</WriteAction>
</WriteActions>
</Rule>