Home
  •  

Regra de Coleta para evento com CertificationAuthority e ID 26

Microsoft.Windows.CertificateServices.CARole.2016.CertSvcEvents.26 (Rule)

Serviços de Certificados iniciados

Knowledge Base article:

Resumo

As Autoridades de Certificação (ACs) precisam de recursos de sistema e componentes do sistema operacional adequados para funcionarem. Se um servidor tiver memória ou espaço em disco insuficiente, ou se os componentes do sistema operacional ficarem indisponíveis, tentativas de iniciar os Serviços de Certificados do Active Directory (AD CS) podem falhar.

Causas

Essa é uma condição normal. Nenhuma outra ação é necessária.

Element properties:

TargetMicrosoft.Windows.CertificateServices.CARole.2016
CategoryEventCollection
EnabledTrue
Event_ID26
Event SourceMicrosoft-Windows-CertificationAuthority
Alert GenerateFalse
RemotableTrue
Event LogApplication

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
WriteToDB WriteAction Microsoft.SystemCenter.CollectEvent Default

Source Code:

<Rule ID="Microsoft.Windows.CertificateServices.CARole.2016.CertSvcEvents.26" Enabled="true" Target="CSDisc!Microsoft.Windows.CertificateServices.CARole.2016" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Application</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="UnsignedInteger">26</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">Microsoft-Windows-CertificationAuthority</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="WriteToDB" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>

  </WriteActions>

</Rule>