Home
  •  

Alert On Windows Authentication Failures

Microsoft.Dynamics.CRM.2011.Alert_On_Windows_Authentication_Failures (Rule)

Knowledge Base article:

Summary

The number of attempts to gain access to a Microsoft Dynamics CRM system, which include invalid Windows authentication credentials.

Element properties:

TargetMicrosoft.Dynamics.CRM.2011.Common
CategoryPerformanceHealth
EnabledFalse
Instance NameCRM Authentication
Counter NameWindowsAuthenticationFailuresInTheLastMinute
Frequency60
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
RemotableTrue
Alert Message
Alert on WindowsAuthenticationFailures
Instance {0}
Object {1}
Counter {2}
Has a value {3}
At time {4}

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource System.Performance.OptimizedDataProvider Default
AverageThreshold ConditionDetection System.Performance.AverageThresholdCondition Default
GenerateAlert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Microsoft.Dynamics.CRM.2011.Alert_On_Windows_Authentication_Failures" Enabled="false" Target="Microsoft.Dynamics.CRM.2011.Common" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>PerformanceHealth</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Performance!System.Performance.OptimizedDataProvider">

      <ComputerName>.</ComputerName>

      <CounterName>WindowsAuthenticationFailuresInTheLastMinute</CounterName>

      <ObjectName>CRM Authentication</ObjectName>

      <InstanceName/>

      <AllInstances>false</AllInstances>

      <Frequency>60</Frequency>

      <Tolerance>0</Tolerance>

      <ToleranceType>Absolute</ToleranceType>

      <MaximumSampleSeparation>1</MaximumSampleSeparation>

    </DataSource>

  </DataSources>

  <ConditionDetection ID="AverageThreshold" TypeID="Performance!System.Performance.AverageThresholdCondition">

    <NumSamples>5</NumSamples>

    <Threshold>50</Threshold>

    <Operator>Greater</Operator>

  </ConditionDetection>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertMessageId>$MPElement[Name="AlertMessageIDa3076113c126477c98650ffb657ddb30"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/InstanceName$</AlertParameter1>

        <AlertParameter2>$Data/ObjectName$</AlertParameter2>

        <AlertParameter3>$Data/CounterName$</AlertParameter3>

        <AlertParameter4>$Data/Value$</AlertParameter4>

        <AlertParameter5>$Data/TimeSampled$</AlertParameter5>

      </AlertParameters>

    </WriteAction>

  </WriteActions>

</Rule>