This rule generates an alert if the System Center Data Access service reports that it is unable to write security audit events to the security event log.
The Data Access service is unable to log audit events to the security event log.
The failure may have happened due to insufficient user rights for the Data Access service account.
Steps to fix this problem: 1) Open the "Local Security Policy" MMC snap-in. 2) Go to Local Policies -> User Rights Assignment. 3) Double-click "Generate Security Audits". 4) Add the Data Access service account to the list of accounts allowed to generate security audits. 5) Restart the Data Access service.
Target | Microsoft.SystemCenter.RootManagementServer | ||
Category | Alert | ||
Enabled | True | ||
Event_ID | 26338 | ||
Event Source | OpsMgr SDK Service | ||
Alert Generate | True | ||
Alert Severity | Error | ||
Alert Priority | High | ||
Remotable | True | ||
Alert Message |
| ||
Event Log | Operations Manager |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
DS | DataSource | Microsoft.Windows.EventProvider | Default |
GenerateAlert | WriteAction | System.Health.GenerateAlert | Default |
<Rule ID="Microsoft.SystemCenter.SDKService.UnableToGenerateAuditEvents.Alert" Enabled="true" Target="SCLibrary!Microsoft.SystemCenter.RootManagementServer" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>Alert</Category>
<DataSources>
<DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Operations Manager</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">OpsMgr SDK Service</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">26338</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="Health!System.Health.GenerateAlert">
<Priority>2</Priority>
<Severity>2</Severity>
<AlertName/>
<AlertDescription/>
<AlertMessageId>$MPElement[Name="Microsoft.SystemCenter.SDKService.UnableToGenerateAuditEvents.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression/>
</WriteAction>
</WriteActions>
</Rule>