MSSQL 2016: SQL Server Service Broker could not query the FIPS compliance mode flag from the registry

Microsoft.SQLServer.2016.SQL_Server_Service_Broker_could_not_query_the_FIPS_compliance_mode_flag_from_the_registry_5_Rule (Rule)

The rule triggers an alert when SQL Server Service Broker could not query the FIPS compliance mode flag from the registry.

Knowledge Base article:

Summary

SQL Server Service Broker could not to check the Windows registry for Federal Information Processing Standard (FIPS) compliance mode.

Causes

The registry query returned an error. The Windows application log identifies this message as MSSQLSERVER event ID 28076. This error shows the error that the registry query returned.

Resolutions

Correct the problem that caused the registry query to fail.

Overrideable Parameters

Name	Description	Default Value
Enabled	Enables or disables the workflow.	Yes
Priority	Defines Alert Priority.	1
Severity	Defines Alert Severity.	2

Element properties:

Target

Microsoft.SQLServer.2016.DBEngine

Category

EventCollection

Enabled

True

Event_ID

28076

Event Source

$Target/Property[Type="SQL2016Core!Microsoft.SQLServer.2016.DBEngine"]/ServiceName$

Alert Generate

True

Alert Severity

Error

Alert Priority

Normal

Remotable

True

Alert Message

MSSQL 2016: SQL Server Service Broker could not query the FIPS compliance mode flag from the registry

{0}

Event Log

Application

Comment

Mom2016ID='{68CB33D7-C3D5-49C6-AFB1-1DBE0BD30EB6}';MOM2016GroupID={467ECC75-C5DA-42BD-955C-A73BBB51AF74}

Member Modules:

ID	Module Type	TypeId	RunAs
_F6DA1507_12AF_11D3_AB21_00A0C98620CE_	DataSource	Microsoft.Windows.EventProvider	Default
GenerateAlert	WriteAction	System.Health.GenerateAlert	Default

Source Code:

<Rule ID="Microsoft.SQLServer.2016.SQL_Server_Service_Broker_could_not_query_the_FIPS_compliance_mode_flag_from_the_registry_5_Rule" Target="SQL2016Core!Microsoft.SQLServer.2016.DBEngine" Enabled="true" ConfirmDelivery="true" Remotable="true" Comment="Mom2016ID='{68CB33D7-C3D5-49C6-AFB1-1DBE0BD30EB6}';MOM2016GroupID={467ECC75-C5DA-42BD-955C-A73BBB51AF74}">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="_F6DA1507_12AF_11D3_AB21_00A0C98620CE_" Comment="{F6DA1507-12AF-11D3-AB21-00A0C98620CE}" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Application</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>28076</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>$Target/Property[Type="SQL2016Core!Microsoft.SQLServer.2016.DBEngine"]/ServiceName$</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>2</Severity>

      <AlertMessageId>$MPElement[Name="Microsoft.SQLServer.2016.SQL_Server_Service_Broker_could_not_query_the_FIPS_compliance_mode_flag_from_the_registry_5_Rule.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>Event ID: $Data/EventDisplayNumber$. $Data/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue/>

      </Suppression>

    </WriteAction>

  </WriteActions>

</Rule>