Home
  •  

Falha de assinatura de DS do DNS do Microsoft Windows Server 2016 e 1709+

Microsoft.Windows.DNSServer.2016.Rules.DNSSEC.DSSignFailure (Rule)

Regra de geração de alerta para a assinatura DS do DNSSEC

Knowledge Base article:

Resumo

O Servidor DNS não pôde assinar novos registros DS da Zona filho.

Causas

O Servidor DNS não pôde assinar novos registros DS da Zona filho. Os novos registros DS não serão incorporados à Zona e a sondagem de Zona filho para esta Zona foi abortada. Essa operação será tentada novamente no próximo ciclo de sondagem filho do Servidor DNS.

Resoluções

Verifique as configurações de DNSSEC da Zona.

Element properties:

TargetMicrosoft.Windows.DNSServer.2016.Zone
CategoryAlert
EnabledTrue
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
RemotableTrue
Alert Message
DNS do Windows 2016 e 1709+ – Falha na assinatura de DS

ID do Evento: {0}
Origem do Evento: {1}
Log de Eventos: {2}
Descrição do Evento: {3}
Event LogDNS Server

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
Alert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Microsoft.Windows.DNSServer.2016.Rules.DNSSEC.DSSignFailure" Enabled="true" Target="Microsoft.Windows.DNSServer.2016.Zone" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>Alert</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>DNS Server</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="UnsignedInteger">7659</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">Params/Param[2]</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">$Target/Property[Type="Microsoft.Windows.DNSServer.2016.Zone"]/ZoneName$</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>2</Severity>

      <AlertOwner/>

      <AlertMessageId>$MPElement[Name="Microsoft.Windows.DNSServer.2016.Rules.DNSSEC.DSSignFailure.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDisplayNumber$</AlertParameter1>

        <AlertParameter2>$Data/EventSourceName$</AlertParameter2>

        <AlertParameter3>$Data/Channel$</AlertParameter3>

        <AlertParameter4>$Data/EventDescription$</AlertParameter4>

      </AlertParameters>

      <Suppression>

        <SuppressionValue>$Data/LoggingComputer$</SuppressionValue>

        <SuppressionValue>$Data/Params/Param[2]$</SuppressionValue>

      </Suppression>

      <Custom1/>

      <Custom2/>

      <Custom3/>

      <Custom4/>

      <Custom5/>

      <Custom6/>

      <Custom7/>

      <Custom8/>

      <Custom9/>

      <Custom10/>

    </WriteAction>

  </WriteActions>

</Rule>