Home
  •  

TN3270 Critical Events

Microsoft.HostIntegrationServer.2010.TN3270_CriticalEvents (Rule)

Captures critical events and generates a critical alert

Knowledge Base article:

Summary

Updates the health of the TN3270 component based on events generated by the TN3270 Server.

Causes

Event 103:

The TN3270 service has encountered a fatal error and will terminate.

Event 203:

The TN3270 service has encountered a problem interfacing with the Windows Sockets API.

Event 504:

The TN3270 service uses the Host Integration Server RUI interface to communicate with a host computer. The RUI interface has failed to initialize.

Event 514:

The TN3270 service was unable to allocate memory for a session. Each session requires a set amount of memory in order to allocate the session successfully. The computer may be running low on memory.

Event 802:

The TN3270 service retrieves configuration information from the SNA configuration file. The configuration file has become corrupt and needs to be rebuilt.

The configuration file was updated but not all of the configuration information was written correctly

The write process was interrupted

Event 1040:

A security function has failed during the client-server handshake. The session will not be allocated.

Event 1070:

A client connection to a secured TN3270 server port has failed. The client certificate does not match the server certificate.

Resolutions

Events 103, 203, 504, 1040:

Review the source computer’s event log for any associated error/warning events. Make any required changes and re-start the service using SNA Manager or Service Control Manager.

Event 514:

Reduce the number of concurrent applications running on the server or provide more memory.

Event 802:

Use the SNACFG utility to examine the TN3270 record and verify the information for that record is correct.

Event 1070:

Verify that the client and server certificates are correct and retry the connection.

Element properties:

TargetMicrosoft.HostIntegrationServer.2010.TN3270
CategoryEventCollection
EnabledTrue
Event SourceTN3270 Server
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
RemotableTrue
Alert Message
TN3270 Alertc for Critical Events
Server: {0}
Event ID: {1}
Event Description: {2}
Event LogApplication

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
Alert WriteAction System.Health.GenerateAlert Default
WriteToDB WriteAction Microsoft.SystemCenter.CollectEvent Default
WriteToDW WriteAction Microsoft.SystemCenter.DataWarehouse.PublishEventData Default

Source Code:

<Rule ID="Microsoft.HostIntegrationServer.2010.TN3270_CriticalEvents" Enabled="true" Target="Microsoft.HostIntegrationServer.2010.TN3270" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Application</LogName>

      <Expression>

        <And>

          <Expression>

            <RegExExpression>

              <ValueExpression>

                <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>MatchesRegularExpression</Operator>

              <Pattern>^(103|203|504|514|802|1040|1070)$</Pattern>

            </RegExExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">TN3270 Server</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="WriteToDB" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="WriteToDW" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>

    <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>2</Severity>

      <AlertMessageId>$MPElement[Name="AlertMessageID61eb16d1cf3b44a28439a76fc0941731"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/LoggingComputer$</AlertParameter1>

        <AlertParameter2>$Data/EventDisplayNumber$</AlertParameter2>

        <AlertParameter3>$Data/EventDescription$</AlertParameter3>

      </AlertParameters>

    </WriteAction>

  </WriteActions>

</Rule>