Server Service Configuration Health Rule

Microsoft.Windows.Server.10.0.OperatingSystem.ServerServiceConfiguration.Rule (Rule)

Knowledge Base article:

Summary

This rule will generate an alert any time a service attempts to start up with an invalid configuration. In this case, the alert has warning-level severity, denoting that while the service’s configuration was detected as invalid, the service was still able to start successfully. However, the service may not be running in the desired configuration.

Causes

This alert occurs when the service’s configuration parameters in the registry are invalid. An invalid configuration may occur for the following reasons:

Resolutions

The first step in resolving this alert is to determine which service generated it.

To determine the service name refer to the description of the alert. This description contains the following information: The value named %1 in the server's registry key %2 was not valid and was ignored.

The %1 and %2 parameters of the event listed above will be populated in the actual alert description. The first part of the second parameter (%2) is the name of the service.

Once the service name has been determined, the parameter that is incorrectly configured can be determined through the first parameter (%1).

After the service and parameter names are known, the support engineer should attempt to determine if the service configuration parameters can be modified through a user interface that the application provides. If so, this is the best way to fix the configuration. In some cases the configuration must be changed to an alternate configuration and then updated to the desired configuration before the correct settings can be configured.

If a user interface is not provided, the support engineer may choose to modify the relevant parameter directly. This is performed in the following registry location and requires advanced knowledge of the parameter configuration options.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\%ServiceName\Parameters\%Parameter Name%

If these options are unable to help resolve the issue, the application vendor may need to be contacted for support.

Element properties:

TargetMicrosoft.Windows.Server.10.0.OperatingSystem
CategoryEventCollection
EnabledTrue
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
RemotableTrue
Alert Message
Server Service is misconfigured
{0}
Event LogSystem

Member Modules:

ID Module Type TypeId RunAs 
EventDS DataSource Microsoft.Windows.EventProvider Default
GenerateAlert WriteAction System.Health.GenerateAlert Default
WriteToDB WriteAction Microsoft.SystemCenter.CollectEvent Default
WriteToDW WriteAction Microsoft.SystemCenter.DataWarehouse.PublishEventData Default

Source Code:

<Rule ID="Microsoft.Windows.Server.10.0.OperatingSystem.ServerServiceConfiguration.Rule" Enabled="true" Target="ServervNext!Microsoft.Windows.Server.10.0.OperatingSystem" ConfirmDelivery="true">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="EventDS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>System</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>EventSourceName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>Server</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>2506</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WriteToDB" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>
<WriteAction ID="WriteToDW" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>
<WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>1</Severity>
<AlertMessageId>$MPElement[Name="Microsoft.Windows.Server.10.0.OperatingSystem.ServerServiceConfiguration.Rule.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/Context/EventDescription$</AlertParameter1>
</AlertParameters>
</WriteAction>
</WriteActions>
</Rule>