Home
  •  

Alert for event Id: 14366 ('SIPPROXY_E_TLS_INCOMING_BAD_CERTIFICATE')

Microsoft.LS.2013.Monitoring.Rule.InfoEvent.Registrar.SIPPROXY_E_TLS_INCOMING_BAD_CERTIFICATE (Rule)

Knowledge Base article:

Summary

Multiple invalid incoming certificates.

Causes

This can happen if a remote server presents an invalid certificate due to an incorrect configuration or an attacker.

Resolutions

No action needed unless the number of failures is large. Contact the administrator of the host sending the invalid certificate and resolve this problem.

Element properties:

TargetMicrosoft.LS.2013.Component.Registrar
CategoryEventCollection
EnabledTrue
Event_ID14366
Event SourceLS Protocol Stack
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityLow
RemotableTrue
Alert Message
[LYNC] Multiple invalid incoming certificates.
{0}

Please see the 'Product Knowledge' and the 'Alert Context' tab on Alert Properties view for more information.
Event LogLync Server

Member Modules:

ID Module Type TypeId RunAs 
CollectEvent DataSource Microsoft.Windows.EventProvider Default
WriteAlert WriteAction System.Health.GenerateAlert Default
WriteToDB WriteAction Microsoft.SystemCenter.CollectEvent Default
WriteToDW WriteAction Microsoft.SystemCenter.DataWarehouse.PublishEventData Default

Source Code:

<Rule ID="Microsoft.LS.2013.Monitoring.Rule.InfoEvent.Registrar.SIPPROXY_E_TLS_INCOMING_BAD_CERTIFICATE" Enabled="true" Target="Microsoft.LS.2013.Component.Registrar" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="CollectEvent" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Lync Server</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">LS Protocol Stack</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="UnsignedInteger">14366</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="WriteToDB" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="WriteAlert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>0</Priority>

      <Severity>1</Severity>

      <AlertMessageId>$MPElement[Name="Alert_Multiple_invalid_incoming_certificates."]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue>$Data/EventDisplayNumber$</SuppressionValue>

        <SuppressionValue>$Data/PublisherName$</SuppressionValue>

        <SuppressionValue>$Data/LoggingComputer$</SuppressionValue>

      </Suppression>

    </WriteAction>

    <WriteAction ID="WriteToDW" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>

  </WriteActions>

</Rule>