MSSQL on Windows: SQL Server Service Broker or Database Mirroring is running in FIPS compliance mode

Microsoft.SQLServer.Windows.EventRule.DBEngine.SQL_Server_Service_Broker_or_Database_Mirroring_is_running_in_FIPS_compliance_mode_5_Rule (Rule)

The rule triggers an alert when SQL Server Service Broker or Database Mirroring is running in FIPS compliance mode. Note that this rule is disabled by default. Use overrides to enable it when necessary.

Knowledge Base article:

Summary

SQL Server Service Broker or Database Mirroring is running in Federal Information Processing Standard (FIPS) compliance mode. This alert is raised when SQL Server logs MSSQLSERVER event ID 28077 to the Windows application log. The Windows application log specifies whether the message is related to Service Broker or Database Mirroring.

Resolutions

This message is informational only. There is no action required.

If this rule is not a concern for the database:

Disable the rule for this specific database or all databases

Overridable Parameters

Name	Description	Default Value
Enabled	Enables or disables the workflow.	No
Interval (seconds)	The recurring interval of time in seconds in which to run the workflow.	300
Priority	Defines Alert Priority.	0
Severity	Defines Alert Severity.	0
Synchronization Time	The synchronization time specified by using a 24-hour format. May be omitted.
Timeout (seconds)	Specifies the time the workflow is allowed to run before being closed and marked as failed.	200
Timeout for query execution (seconds)	The workflow will fail and register an event, if the query execution takes longer than the specified period.	60
Timeout for database connection (seconds)	The workflow will fail and register an event, if it cannot access the database during the specified period.	15

Element properties:

Target

Microsoft.SQLServer.Windows.DBEngine

Category

EventCollection

Enabled

False

Alert Generate

True

Alert Severity

Information

Alert Priority

Low

Remotable

True

Alert Message

MSSQL on Windows: SQL Server Service Broker or Database Mirroring is running in FIPS compliance mode

{2}

Comment

Mom2017ID='{49362F00-4B10-49A2-B20D-1346289BFFB2}';MOM2017GroupID={467ECC75-C5DA-42BD-955C-A73BBB51AF74}

Member Modules:

ID	Module Type	TypeId	RunAs
_F6DA1507_12AF_11D3_AB21_00A0C98620CE_	DataSource	Microsoft.SQLServer.Windows.DataSource.EventCollectionFiltered	Default
GenerateAlert	WriteAction	System.Health.GenerateAlert	Default

Source Code:

<Rule ID="Microsoft.SQLServer.Windows.EventRule.DBEngine.SQL_Server_Service_Broker_or_Database_Mirroring_is_running_in_FIPS_compliance_mode_5_Rule" Target="SqlDiscW!Microsoft.SQLServer.Windows.DBEngine" Enabled="false" ConfirmDelivery="true" Remotable="true" Comment="Mom2017ID='{49362F00-4B10-49A2-B20D-1346289BFFB2}';MOM2017GroupID={467ECC75-C5DA-42BD-955C-A73BBB51AF74}">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="_F6DA1507_12AF_11D3_AB21_00A0C98620CE_" Comment="{F6DA1507-12AF-11D3-AB21-00A0C98620CE}" TypeID="Microsoft.SQLServer.Windows.DataSource.EventCollectionFiltered">

      <MachineName>$Target/Property[Type="SqlCoreLib!Microsoft.SQLServer.Core.DBEngine"]/MachineName$</MachineName>

      <NetbiosComputerName>$Target/Property[Type="SqlCoreLib!Microsoft.SQLServer.Core.DBEngine"]/NetbiosComputerName$</NetbiosComputerName>

      <InstanceName>$Target/Property[Type="SqlCoreLib!Microsoft.SQLServer.Core.DBEngine"]/InstanceName$</InstanceName>

      <ConnectionString>$Target/Property[Type="SqlCoreLib!Microsoft.SQLServer.Core.DBEngine"]/ConnectionString$</ConnectionString>

      <InstanceVersion>$Target/Property[Type="SqlCoreLib!Microsoft.SQLServer.Core.DBEngine"]/Version$</InstanceVersion>

      <InstanceEdition>$Target/Property[Type="SqlCoreLib!Microsoft.SQLServer.Core.DBEngine"]/Edition$</InstanceEdition>

      <MonitoringType>$Target/Property[Type="SqlDiscW!Microsoft.SQLServer.Windows.DBEngine"]/MonitoringType$</MonitoringType>

      <SqlExecTimeoutSeconds>60</SqlExecTimeoutSeconds>

      <SqlTimeoutSeconds>15</SqlTimeoutSeconds>

      <TimeoutSeconds>200</TimeoutSeconds>

      <IntervalSeconds>300</IntervalSeconds>

      <SyncTime/>

      <EventDisplayNumber>28077</EventDisplayNumber>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>0</Priority>

      <Severity>0</Severity>

      <AlertMessageId>$MPElement[Name="Microsoft.SQLServer.Windows.EventRule.DBEngine.SQL_Server_Service_Broker_or_Database_Mirroring_is_running_in_FIPS_compliance_mode_5_Rule.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Target/Property[Type="SqlCoreLib!Microsoft.SQLServer.Core.DBEngine"]/MachineName$</AlertParameter1>

        <AlertParameter2>$Target/Property[Type="SqlCoreLib!Microsoft.SQLServer.Core.DBEngine"]/InstanceName$</AlertParameter2>

        <AlertParameter3>Event ID: $Data/Property[@Name='EventID']$. $Data/Property[@Name='Message']$</AlertParameter3>

      </AlertParameters>

      <Suppression>

        <SuppressionValue/>

      </Suppression>

    </WriteAction>

  </WriteActions>

</Rule>