Home
  •  

检测到 SMB 恢复密钥筛选器 ChkDsk

Microsoft.Windows.FileServices.Service.SMB.6.3.ResumeKeyFilterChkDskDetected (UnitMonitor)

监视恢复密钥筛选器数据库加载的状态

Knowledge Base article:

摘要

恢复密钥检测到已在一个或更多个卷上执行 CHKDSK 并已丢弃这些卷的数据库。

原因

如果管理员已在包含持续可用的文件共享的卷上执行 CHKDSK,或系统已自动完全运行 CHKDSK,恢复密钥将无法安全恢复已打开的文件句柄。

解决方案

如果应用程序在受影响的卷的文件共享上具有已打开的持续可用句柄,这些句柄将被关闭。解决该问题后,应用程序管理员将需要采取恢复操作来重新建立这些句柄。可采取的恢复操作包括:重新启动虚拟机、重新附加数据库和重新启动应用程序

Element properties:

TargetMicrosoft.Windows.FileServices.Service.SMB.6.3.Clustered
Parent MonitorMicrosoft.Windows.FileServices.Service.SMB.6.3.ContinuousAvailability
CategoryAvailabilityHealth
EnabledTrue
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.Windows.2SingleEventLog2StateMonitorType
RemotableTrue
AccessibilityPublic
Alert Message
恢复密钥检测到 CHKDSK
恢复密钥在一个或更多个卷上检测到 CHKDSK,将丢弃这些卷的数据库。
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.Windows.FileServices.Service.SMB.6.3.ResumeKeyFilterChkDskDetected" TypeID="Windows!Microsoft.Windows.2SingleEventLog2StateMonitorType" Accessibility="Public" Target="Microsoft.Windows.FileServices.Service.SMB.6.3.Clustered" ParentMonitorID="Microsoft.Windows.FileServices.Service.SMB.6.3.ContinuousAvailability" Remotable="true">

  <Category>AvailabilityHealth</Category>

  <AlertSettings AlertMessage="Microsoft.Windows.FileServices.Service.SMB.6.3.ResumeKeyFilterChkDskDetected.AlertMessage">

    <AlertOnState>Error</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>Error</AlertSeverity>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="ResumeKeyFilterChkDskDetectedFailed" MonitorTypeStateID="FirstEventRaised" HealthState="Error"/>

    <OperationalState ID="ResumeKeyFilterChkDskDetectedOK" MonitorTypeStateID="SecondEventRaised" HealthState="Success"/>

  </OperationalStates>

  <Configuration>

    <FirstComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</FirstComputerName>

    <FirstLogName>Microsoft-Windows-ResumeKeyFilter/Operational</FirstLogName>

    <FirstExpression>

      <And>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="String">PublisherName</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="String">Microsoft-Windows-ResumeKeyFilter</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="UnsignedInteger">1010</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

      </And>

    </FirstExpression>

    <SecondComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</SecondComputerName>

    <SecondLogName>Microsoft-Windows-ResumeKeyFilter/Operational</SecondLogName>

    <SecondExpression>

      <And>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="String">PublisherName</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="String">Microsoft-Windows-ResumeKeyFilter</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="UnsignedInteger">1002</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

      </And>

    </SecondExpression>

  </Configuration>

</UnitMonitor>