This Rule generates alerts when The Microsoft Firewall service was unable to connect to the SQL database
The Firewall service generates this alert when the OLEDB connection object could not be opened. An OLEDB connection is used by the Firewall service to insert records to the SQL database. The first parameter of the alert contains the name of the logging component (Firewall or Web Proxy).
Opening OLEDB connection can fail under the following circumstances:
The service does not have appropriate permission.
Low resources on the computer.
The specified SQL server does not exist.
The SQL service (MSSQL) is not started on the SQL server.
There is a connectivity problem to the SQL server.
Authentication to the SQL server failed.
The specified database or table does not exist on the SQL server.
SQL server does not support encryption.
Close other programs that are running. Use the Task Manager to check programs and processes using large amounts of system resources.
Verify that the specified SQL server;is accessible.
Start MSSQL service on the SQL server.
Verify that the specified database and table exist on the SQL server.
Enable SSL encryption on the SQL server.
Change the provided user credentials.
Add a firewall policy rule that allows traffic to the SQL server.
For more information about TMG Server logs, refer to the "Logs" topic in the TMG Server on-line help.
Target | Microsoft.Forefront.TMG.Logging.SQLDatabase |
Category | EventCollection |
Enabled | True |
Alert Generate | False |
Remotable | True |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
DS | DataSource | Microsoft.Forefront.TMG.Rule.AlertGenerate.DS | Default |
WA | WriteAction | Microsoft.Forefront.TMG.Rule.AlertGenerate.WA | Default |
<Rule ID="Microsoft.Forefront.TMG.The_Microsoft_Firewall_was_unable_to_connect_to_the_SQL_database.Rule" Enabled="true" Target="Microsoft.Forefront.TMG.Logging.SQLDatabase" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="DS" TypeID="Microsoft.Forefront.TMG.Rule.AlertGenerate.DS">
<ComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Application</LogName>
<EventsPattern>^(21203|21202)$</EventsPattern>
<EventType>1</EventType>
<SourcePattern>Microsoft Forefront TMG Firewall</SourcePattern>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WA" TypeID="Microsoft.Forefront.TMG.Rule.AlertGenerate.WA">
<AlertMessageId>$MPElement[Name="Microsoft.Forefront.TMG.The_Microsoft_Firewall_was_unable_to_connect_to_the_SQL_database.AlertMessage"]$</AlertMessageId>
<DomainName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/DomainDnsName$</DomainName>
<Priority>2</Priority>
<Severity>2</Severity>
</WriteAction>
</WriteActions>
</Rule>