The RPC Filtering engine could not load an RPC filter rule. The rule may have been deleted, the rule may be corrupted, or the system may be experiencing a low-resource condition.
Check the system for a low-resource condition. If no low-resource condition exists, delete and then reinstall the RPC filter.
The registry keys for this filter may have been changed. If you know the change that was made to the registry, revert the change or delete and then reinstall the RPC Filter.
To perform these procedures, you must have membership in Administrators, or you must have been delegated the appropriate authority.
Check the system for a low-resource condition
To check the system for a low-resource condition:
Right-click the taskbar, and then click Task Manager.
Click the Performance tab, and look for the amount of physical memory used under Memory and Physical Memory Usage History. If the amount of memory used is high, consider increasing the size of the page file. You can also end a process to free up memory resources.
To increase the size of the page file:
Click Start, click Control Panel, and then double-click System.
Under Tasks, click Advanced System Settings. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
Click the Advanced tab. Under Performance, click Settings.
In the Performance Options dialog box, click the Advanced tab.
Under Virtual Memory, click Change.
Clear the Automatically manage paging file size for all drives check box.
Under Drive [Volume Label], click the drive that contains the paging file that you want to change.
Click Custom size, type a new size in megabytes in the Initial size (MB) or Maximum size (MB) box, click Set, and then click OK.
To end a process to free memory:
Right-click the taskbar, and then click Task Manager.
Click the Processes tab, and then click Show processes from all users (at the bottom). If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
Be careful when you end processes. If you end a process that is associated with an open program, the program will close and you will lose unsaved data. If you end a process that is associated with a system service, part of the system might not function properly.
Try to identify processes that are leaking memory by looking for a process with unusually high memory consumption. Select a process to end, and then click End Process. For more information about how to identify a process that is leaking memory, see Using Performance Monitor to Identify a Pool Leak ( http://go.microsoft.com/fwlink/?LinkId=105512).
Delete and then reinstall an RPC Filter
Before you add an RPC filter, uninstall (delete) the existing filter.
To delete an existing RPC filter:
Open an elevated Command Prompt window. Click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
At the command prompt, type netsh rpc filter delete filter filterkey=, and then specify the unique filter ID after the equal sign (=).
To add an RPC filter:
Open an elevated Command Prompt window. Click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
RPC filter rules (and associated conditions, if any) must be added before you can create an RPC filter. At the command prompt, type netsh rpc filter add rule, and then specify the parameters for the rule.
To add a condition to a RPC filter rule, at the command prompt, type netsh rpc filter add condition, and then specify the parameters for the condition.
When you have successfully created the rule or rules, use the following command to add the RPC filter. At the command prompt, type netsh rpc filter add filter, and then specify the parameters for the filter.
To confirm that your filter was added, at the command prompt, type netsh rpc filter show filter. If your filter was added successfully, it appears in the list of RPC filters.
To see Help for this command, type netsh rpc filter /?, and then press ENTER.
For more information about using the netsh command for RPC, see Netsh commands for RPC ( http://go.microsoft.com/fwlink/?LinkId=105638).
| Target | Microsoft.Windows.Server.2008.AppServer.RPC | ||
| Category | EventCollection | ||
| Enabled | True | ||
| Event Source | PEventLogFw | ||
| Alert Generate | True | ||
| Alert Severity | Error | ||
| Alert Priority | Normal | ||
| Remotable | True | ||
| Alert Message |
| ||
| Event Log | Application |
| ID | Module Type | TypeId | RunAs |
|---|---|---|---|
| DS | DataSource | Microsoft.Windows.EventProvider | Default |
| Alert | WriteAction | System.Health.GenerateAlert | Default |
Home<Rule ID="Microsoft.Windows.Server.2008.AppServer.RPC.EventCollection.2.3.4" Enabled="onStandardMonitoring" Target="Microsoft.Windows.Server.2008.AppServer.RPC" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Application</LogName>
<Expression>
<And>
<Expression>
<RegExExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>^(2|3|4)$</Pattern>
</RegExExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">PEventLogFw</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="Alert" TypeID="SystemHealth!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>2</Severity>
<AlertName/>
<AlertDescription/>
<AlertOwner/>
<AlertMessageId>$MPElement[Name="Microsoft.Windows.Server.2008.AppServer.RPC.EventCollection.2.3.4.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression>
<SuppressionValue>$Data/LoggingComputer$</SuppressionValue>
</Suppression>
<Custom1/>
<Custom2/>
<Custom3/>
<Custom4/>
<Custom5/>
<Custom6/>
<Custom7/>
<Custom8/>
<Custom9/>
<Custom10/>
</WriteAction>
</WriteActions>
</Rule>