Alert symptom: a Windows service running on Forefront UAG was stopped.
A Windows service that is required in order to run Forefront UAG is not started.
Start the relevant service on the Forefront UAG server:
1. In the Windows Control Panel double-click Administrative Tools, then double-click Services.
2. Right-click the applicable service, then click Start.
| Target | Microsoft.Forefront.UAG.Server |
| Category | EventCollection |
| Enabled | True |
| Event_ID | 4 |
| Event Source | Microsoft Forefront UAG |
| Alert Generate | False |
| Remotable | True |
| Event Log | Application |
| ID | Module Type | TypeId | RunAs |
|---|---|---|---|
| DS | DataSource | Microsoft.Windows.EventProvider | Default |
| WriteToDW | WriteAction | Microsoft.SystemCenter.DataWarehouse.PublishEventData | Default |
Home<Rule ID="Microsoft.Forefront.UAG.Server.Collection.ServiceShutdown" Enabled="true" Target="Microsoft.Forefront.UAG.Server" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Application</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">4</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">Microsoft Forefront UAG</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WriteToDW" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>
</WriteActions>
</Rule>