Home
  •  

IP Resync Critical Events

Microsoft.HostIntegrationServer.2010.IPResync_CriticalEvents (Rule)

Captures critical events and generates a critical alert

Knowledge Base article:

Summary

The HIS TCP/IP Resync service encountered and error and is not available to handle new resync requests. Review the specific event that raised this alert to determine possible causes and resolutions.

Causes

Events 10002, 10004:

The HIS TCP/IP Resync service did not start properly. The security account the service is running under does not have proper privileges.

Events 10009, 10010, 10011, 10012:

The HIS TCP/IP Resync service encountered an error connecting to, disconnecting from, querying, or modifying the distributed unit of work SQL log.

The SQL server instance is not available.

The account the service is running under does not have privileges to connect to the SQL server.

The network is not available.

The database specified for use by the service is not available.

Event 10014: The HIS TCP/IP Resync service has stopped.

An internal error occurred from which the service could not recover.

The service was intentionally stopped by an administrator.

Resolutions

Events 10002, 10004:

Verify the security account the HIS TCP/IP Resync service is configured to run under is a member of either the HIS Runtime Users or HIS Administrators group.

Restart the service.

Events 10009, 10010, 10011, 10012:

Verify the SQL Server machine and SQL Server instance that house the distributed unit of work database are running and accessible by the security account used by the HIS TCP/IP Resync service.

If the distributed unit of work database cannot be found, recreate it by running the Configuration Wizard and restart the HIS TCP/IP Resync service.

Verify the network is active.

Restart the HIS TCP/IP Resync service.

Event 10014:

Restart the HIS TCP/IP Resync service.

Element properties:

TargetMicrosoft.HostIntegrationServer.2010.IPResync
CategoryEventCollection
EnabledTrue
Event SourceHIS TCP/IP Resync
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
RemotableTrue
Alert Message
IP Resync alert for Critical Events
Server: {0}
Event ID: {1}
Event Description: {2}
Event LogApplication

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
Alert WriteAction System.Health.GenerateAlert Default
WriteToDB WriteAction Microsoft.SystemCenter.CollectEvent Default
WriteToDW WriteAction Microsoft.SystemCenter.DataWarehouse.PublishEventData Default

Source Code:

<Rule ID="Microsoft.HostIntegrationServer.2010.IPResync_CriticalEvents" Enabled="true" Target="Microsoft.HostIntegrationServer.2010.IPResync" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Application</LogName>

      <Expression>

        <And>

          <Expression>

            <RegExExpression>

              <ValueExpression>

                <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>MatchesRegularExpression</Operator>

              <Pattern>^(10002|10004|10009|10010|10011|10012)$</Pattern>

            </RegExExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">HIS TCP/IP Resync</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="WriteToDB" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="WriteToDW" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>

    <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>2</Severity>

      <AlertMessageId>$MPElement[Name="AlertMessageID79301fe8bb2c49be85e2aac018bf76cb"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/LoggingComputer$</AlertParameter1>

        <AlertParameter2>$Data/EventDisplayNumber$</AlertParameter2>

        <AlertParameter3>$Data/EventDescription$</AlertParameter3>

      </AlertParameters>

    </WriteAction>

  </WriteActions>

</Rule>