Core Alert: ERROR - CONSOLIDATION RULE: Consolidate inbound message rejected or authentication failure.
This rule consolidates all application event log error messages due to 'authentication required' verification failure on inbound messages at a BizTalk Receive Port. Verification is expected to fail for a large number of messages in a real denial of service scenario. In order to protect against flooding MOM with alerts related to such messages, these events are consolidated.
| Target | Microsoft.BizTalk.Server.2010.BizTalkRuntimeRole |
| Category | EventCollection |
| Enabled | True |
| Alert Generate | False |
| Remotable | True |
| Event Log | Application |
| ID | Module Type | TypeId | RunAs |
|---|---|---|---|
| Microsoft.BizTalk.Server.2010.ConsolidateInboundMessageFailure.DataSource | DataSource | Microsoft.Windows.EventProvider | Default |
| WriteToDB | WriteAction | Microsoft.SystemCenter.CollectEvent | Default |
| WriteToDW | WriteAction | Microsoft.SystemCenter.DataWarehouse.PublishEventData | Default |
Home<Rule ID="Microsoft.BizTalk.Server.2010.ConsolidateInboundMessageFailure" Enabled="true" Target="BTSLib!Microsoft.BizTalk.Server.2010.BizTalkRuntimeRole" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="Microsoft.BizTalk.Server.2010.ConsolidateInboundMessageFailure.DataSource" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Property[Type="BTSLib!Microsoft.BizTalk.Server.2010.ServerRole"]/ComputerName$</ComputerName>
<LogName>Application</LogName>
<Expression>
<And>
<Expression>
<Or>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">BizTalk Server 2006</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">BizTalk Server 2009</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">BizTalk Server</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</Or>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">5724</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="Integer">EventLevel</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>1</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WriteToDB" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>
<WriteAction ID="WriteToDW" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>
</WriteActions>
</Rule>