Home
  •  

Alert for event Id: 25076 ('MEDIATIONSERVER_INCOMING_GATEWAY_TLS_NEGOTIATION_FAILED')

Microsoft.LS.2019.Monitoring.Rule.InfoEvent.MediationServer.MEDIATIONSERVER_INCOMING_GATEWAY_TLS_NEGOTIATION_FAILED (Rule)

Knowledge Base article:

Summary

TLS negotiation failed with a incoming connection from an unknown Trunk.

Causes

A Trunk peer may not be configured to send connections to the port Mediation Server is listening to, or the certificate of the Trunk peer is not recognized by the Mediation Server.

Resolutions

Check that the Mediation server and Trunk certificates are configured correctly. Check if the MEDIATIONSERVER_MAJOR_CONFIGURATION_ALARM (Event ID: 25057) has been fired. Check whether the remote endpoint a known peer.

Element properties:

TargetMicrosoft.LS.2019.Component.MediationServer
CategoryEventCollection
EnabledTrue
Event_ID25076
Event SourceLS Mediation Server
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityLow
RemotableTrue
Alert Message
[Skype] TLS negotiation failed with a incoming connection from an unknown Trunk.
{0}

Please see the 'Product Knowledge' and the 'Alert Context' tab on Alert Properties view for more information.
Event LogLync Server

Member Modules:

ID Module Type TypeId RunAs 
CollectEvent DataSource Microsoft.Windows.EventProvider Default
WriteAlert WriteAction System.Health.GenerateAlert Default
WriteToDB WriteAction Microsoft.SystemCenter.CollectEvent Default
WriteToDW WriteAction Microsoft.SystemCenter.DataWarehouse.PublishEventData Default

Source Code:

<Rule ID="Microsoft.LS.2019.Monitoring.Rule.InfoEvent.MediationServer.MEDIATIONSERVER_INCOMING_GATEWAY_TLS_NEGOTIATION_FAILED" Enabled="true" Target="SFBDiscovery!Microsoft.LS.2019.Component.MediationServer" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="CollectEvent" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Lync Server</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">LS Mediation Server</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="UnsignedInteger">25076</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="WriteToDB" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="WriteAlert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>0</Priority>

      <Severity>1</Severity>

      <AlertMessageId>$MPElement[Name="Alert_TLS_negotiation_failed_with_a_incoming_connection_from_an_unknown_Trunk."]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue>$Data/EventDisplayNumber$</SuppressionValue>

        <SuppressionValue>$Data/PublisherName$</SuppressionValue>

        <SuppressionValue>$Data/LoggingComputer$</SuppressionValue>

      </Suppression>

    </WriteAction>

    <WriteAction ID="WriteToDW" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>

  </WriteActions>

</Rule>