Multiple invalid incoming certificates.
This can happen if a remote server presents an invalid certificate due to an incorrect configuration or an attacker.
No action needed unless the number of failures is large. Contact the administrator of the host sending the invalid certificate and resolve this problem.
Target | Microsoft.LS.2013.Component.Registrar | ||
Category | EventCollection | ||
Enabled | True | ||
Event_ID | 14366 | ||
Event Source | LS Protocol Stack | ||
Alert Generate | True | ||
Alert Severity | Warning | ||
Alert Priority | Low | ||
Remotable | True | ||
Alert Message |
| ||
Event Log | Lync Server |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
CollectEvent | DataSource | Microsoft.Windows.EventProvider | Default |
WriteAlert | WriteAction | System.Health.GenerateAlert | Default |
WriteToDB | WriteAction | Microsoft.SystemCenter.CollectEvent | Default |
WriteToDW | WriteAction | Microsoft.SystemCenter.DataWarehouse.PublishEventData | Default |
<Rule ID="Microsoft.LS.2013.Monitoring.Rule.InfoEvent.Registrar.SIPPROXY_E_TLS_INCOMING_BAD_CERTIFICATE" Enabled="true" Target="Microsoft.LS.2013.Component.Registrar" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="CollectEvent" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Lync Server</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">LS Protocol Stack</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">14366</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WriteToDB" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>
<WriteAction ID="WriteAlert" TypeID="Health!System.Health.GenerateAlert">
<Priority>0</Priority>
<Severity>1</Severity>
<AlertMessageId>$MPElement[Name="Alert_Multiple_invalid_incoming_certificates."]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression>
<SuppressionValue>$Data/EventDisplayNumber$</SuppressionValue>
<SuppressionValue>$Data/PublisherName$</SuppressionValue>
<SuppressionValue>$Data/LoggingComputer$</SuppressionValue>
</Suppression>
</WriteAction>
<WriteAction ID="WriteToDW" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>
</WriteActions>
</Rule>