Home
  •  

Windows 2012 R2 DNS SEC - Zone Replication Failure

Microsoft.Windows.Server.DNS.2012R2.Rules.DNSSEC.ReplicationFailed (Rule)

This rule checks for Replication failure in zone in Windows Server 2012 R2

Knowledge Base article:

Summary

The DNS server was unable to sign zone changes replicated from another domain controller node in Zone. The administrator should review the zone configuration. Replication change processing for this zone has been aborted. In the meantime, This operation will be retried on the next DNS server polling cycle.

Element properties:

TargetMicrosoft.Windows.Server.DNS.Zone
CategoryEventCollection
EnabledTrue
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
RemotableTrue
Alert Message
Windows 2012 R2 DNS SEC - Zone Replication Failure
The DNS server encountered Replication failure in the Zone {1} in Server {0}
Event LogDNS Server

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
Alert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Microsoft.Windows.Server.DNS.2012R2.Rules.DNSSEC.ReplicationFailed" Enabled="true" Target="Microsoft.Windows.Server.DNS.Zone" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>DNS Server</LogName>

      <Expression>

        <And>

          <Expression>

            <Or>

              <Expression>

                <SimpleExpression>

                  <ValueExpression>

                    <XPathQuery>EventSourceName</XPathQuery>

                  </ValueExpression>

                  <Operator>Equal</Operator>

                  <ValueExpression>

                    <Value>Microsoft-Windows-DNS-Server-Service</Value>

                  </ValueExpression>

                </SimpleExpression>

              </Expression>

              <Expression>

                <SimpleExpression>

                  <ValueExpression>

                    <XPathQuery>EventSourceName</XPathQuery>

                  </ValueExpression>

                  <Operator>Equal</Operator>

                  <ValueExpression>

                    <Value>DNS</Value>

                  </ValueExpression>

                </SimpleExpression>

              </Expression>

            </Or>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>7656</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">Params/Param[2]</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">$Target/Property[Type="Microsoft.Windows.Server.DNS.Zone"]/ZoneName$</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>2</Severity>

      <AlertOwner/>

      <AlertMessageId>$MPElement[Name="Microsoft.Windows.Server.DNS.2012R2.Rules.DNSSEC.ReplicationFailed.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</AlertParameter1>

        <AlertParameter2>$Data/Params/Param[2]$</AlertParameter2>

      </AlertParameters>

    </WriteAction>

  </WriteActions>

</Rule>