This rule will generate an alert any time a service attempts to start up with an invalid configuration. In this case, the alert has warning-level severity, denoting that while the service’s configuration was detected as invalid, the service was still able to start successfully. However, the service may not be running in the desired configuration.
This alert occurs when the service’s configuration parameters in the registry are invalid. An invalid configuration may occur for the following reasons:
The service itself experienced an error while updating the configuration settings.
The configuration value may have been incorrectly modified through manual administrative action.
Another application incorrectly modified the service’s configuration settings.
The first step in resolving this alert is to determine which service generated it.
To determine the service name refer to the description of the alert. This description contains the following information: The value named %1 in the server's registry key %2 was not valid and was ignored.
The %1 and %2 parameters of the event listed above will be populated in the actual alert description. The first part of the second parameter (%2) is the name of the service.
Once the service name has been determined, the parameter that is incorrectly configured can be determined through the first parameter (%1).
After the service and parameter names are known, the support engineer should attempt to determine if the service configuration parameters can be modified through a user interface that the application provides. If so, this is the best way to fix the configuration. In some cases the configuration must be changed to an alternate configuration and then updated to the desired configuration before the correct settings can be configured.
If a user interface is not provided, the support engineer may choose to modify the relevant parameter directly. This is performed in the following registry location and requires advanced knowledge of the parameter configuration options.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\%ServiceName\Parameters\%Parameter Name%
If these options are unable to help resolve the issue, the application vendor may need to be contacted for support.
Target | Microsoft.Windows.Server.10.0.OperatingSystem | ||
Category | EventCollection | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | Warning | ||
Alert Priority | Normal | ||
Remotable | True | ||
Alert Message |
| ||
Event Log | System |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
EventDS | DataSource | Microsoft.Windows.EventProvider | Default |
GenerateAlert | WriteAction | System.Health.GenerateAlert | Default |
WriteToDB | WriteAction | Microsoft.SystemCenter.CollectEvent | Default |
WriteToDW | WriteAction | Microsoft.SystemCenter.DataWarehouse.PublishEventData | Default |
<Rule ID="Microsoft.Windows.Server.10.0.OperatingSystem.ServerServiceConfiguration.Rule" Enabled="true" Target="ServervNext!Microsoft.Windows.Server.10.0.OperatingSystem" ConfirmDelivery="true">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="EventDS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>System</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>EventSourceName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>Server</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>2506</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WriteToDB" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>
<WriteAction ID="WriteToDW" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>
<WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>1</Severity>
<AlertMessageId>$MPElement[Name="Microsoft.Windows.Server.10.0.OperatingSystem.ServerServiceConfiguration.Rule.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/Context/EventDescription$</AlertParameter1>
</AlertParameters>
</WriteAction>
</WriteActions>
</Rule>