Home
  •  

Aggregate Memory Failure Monitor

Microsoft.Windows.Client.Win10.Computer.WMD_MemoryFailed.Monitor (UnitMonitor)

Monitor reports memory failures detected by Windows Memory Diagnostics

Knowledge Base article:

Summary

This rule generates an alert when Windows 10 detects errors in the physical memory of the computer.

Causes

The machine has crashed and has triggered Windows Memory Diagnostic. This has run and detected that there is an irreversible memory corruption. This can cause the system to not boot, or to be unstable, or to run with much lower performance.

Resolutions

Please investigate the machine and potentially change the memory hardware.

Element properties:

TargetMicrosoft.Windows.Client.Win10.Aggregate.Computer
Parent MonitorSystem.Health.AvailabilityState
CategoryStateCollection
EnabledTrue
Alert GenerateTrue
Alert SeverityError
Alert PriorityLow
Alert Auto ResolveTrue
Monitor TypeMicrosoft.Windows.SingleEventLogManualReset2StateMonitorType
RemotableTrue
AccessibilityPublic
Alert Message
A Windows 10 computer has problems with its physical memory
Windows 10 has run a diagnostic and detected a problem in the physical memory of the computer. This memory failure has caused the system to crash spontaneously. This could continue, or cause the system to run significantly slower due to the lowered amount of available memory. Please investigate the system immediately, and resolve the hardware problem. To get a bigger picture of the state of memory health, and to get a list of the machines that are suffering, please view the Windows 10 Memory Failure Report.
RunAsSystem.PrivilegedMonitoringAccount

Source Code:

<UnitMonitor ID="Microsoft.Windows.Client.Win10.Computer.WMD_MemoryFailed.Monitor" RunAs="System!System.PrivilegedMonitoringAccount" Accessibility="Public" ParentMonitorID="SystemHealth!System.Health.AvailabilityState" Target="Microsoft.Windows.Client.Win10.Aggregate.Computer" TypeID="Windows!Microsoft.Windows.SingleEventLogManualReset2StateMonitorType" Remotable="true" Enabled="true" Priority="Normal" ConfirmDelivery="false">

  <Category>StateCollection</Category>

  <AlertSettings AlertMessage="Microsoft.Windows.Client.Win10.Computer.WMD_MemoryFailed.Monitor.AlertMessage">

    <AlertOnState>Error</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Low</AlertPriority>

    <AlertSeverity>Error</AlertSeverity>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="MemoryFine" HealthState="Success" MonitorTypeStateID="ManualResetEventRaised"/>

    <OperationalState ID="MemoryFailed" HealthState="Error" MonitorTypeStateID="EventRaised"/>

  </OperationalStates>

  <Configuration>

    <ComputerName>$Target/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$</ComputerName>

    <LogName>System</LogName>

    <Expression>

      <And>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery>PublisherName</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value>Microsoft-Windows-MemoryDiagnostics-Results</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery>EventDisplayNumber</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value>1102</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

      </And>

    </Expression>

  </Configuration>

</UnitMonitor>