This Rule collects data when the SharePoint timer job is executed and discovers that the SharePoint Administration service is disabled.
To get the most current Knowledge Article from the Microsoft TechNet site, visit:
http://go.microsoft.com/fwlink/?LinkId=245039
View all current alerts from this object using this link:
View Alerts
Target | Microsoft.SharePoint.2019.SPServiceInstance.Admin |
Category | EventCollection |
Enabled | True |
Event_ID | 7399 |
Event Source | Microsoft-SharePoint Products-SharePoint Foundation |
Alert Generate | False |
Remotable | True |
Event Log | Microsoft-SharePoint Products-Shared/Operational |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
DS | DataSource | Microsoft.Windows.EventProvider | Default |
WriteToDB | WriteAction | Microsoft.SystemCenter.CollectEvent | Default |
WriteToDW | WriteAction | Microsoft.SystemCenter.DataWarehouse.PublishEventData | Default |
<Rule ID="Microsoft.SharePoint.2019.SharePoint_Administration_service_is_disabled" Enabled="true" Target="MOSS19Core!Microsoft.SharePoint.2019.SPServiceInstance.Admin" ConfirmDelivery="false" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Microsoft-SharePoint Products-Shared/Operational</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">7399</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">Microsoft-SharePoint Products-SharePoint Foundation</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WriteToDB" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>
<WriteAction ID="WriteToDW" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>
</WriteActions>
</Rule>