Home
  •  

Windows 2012 R2 DNS SEC - Error while signing Zone

Microsoft.Windows.Server.DNS.2012R2.Rules.DNSSEC.ZoneSignFailure (Rule)

This rule checks for errors while signing zone in Windows Server 2012 R2

Knowledge Base article:

Summary

The zone has failed to sign properly. The administrator should resign the zone. In the meantime, the zone will continue to return the DNSSEC records for the portion of zone that was successfully signed. However such a state can cause blackouts for the portions of zone which could not be signed.

Element properties:

TargetMicrosoft.Windows.Server.DNS.Zone
CategoryEventCollection
EnabledTrue
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
RemotableTrue
Alert Message
Windows 2012 R2 DNS SEC - Error while signing Zone
The DNS server encountered an error while signing the Zone {1} in Server {0}
Event LogDNS Server

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
Alert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Microsoft.Windows.Server.DNS.2012R2.Rules.DNSSEC.ZoneSignFailure" Enabled="true" Target="Microsoft.Windows.Server.DNS.Zone" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>DNS Server</LogName>

      <Expression>

        <And>

          <Expression>

            <Or>

              <Expression>

                <SimpleExpression>

                  <ValueExpression>

                    <XPathQuery>EventSourceName</XPathQuery>

                  </ValueExpression>

                  <Operator>Equal</Operator>

                  <ValueExpression>

                    <Value>Microsoft-Windows-DNS-Server-Service</Value>

                  </ValueExpression>

                </SimpleExpression>

              </Expression>

              <Expression>

                <SimpleExpression>

                  <ValueExpression>

                    <XPathQuery>EventSourceName</XPathQuery>

                  </ValueExpression>

                  <Operator>Equal</Operator>

                  <ValueExpression>

                    <Value>DNS</Value>

                  </ValueExpression>

                </SimpleExpression>

              </Expression>

            </Or>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>7652</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">Params/Param[1]</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">$Target/Property[Type="Microsoft.Windows.Server.DNS.Zone"]/ZoneName$</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>2</Severity>

      <AlertOwner/>

      <AlertMessageId>$MPElement[Name="Microsoft.Windows.Server.DNS.2012R2.Rules.DNSSEC.ZoneSignFailure.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</AlertParameter1>

        <AlertParameter2>$Data/Params/Param[1]$</AlertParameter2>

      </AlertParameters>

    </WriteAction>

  </WriteActions>

</Rule>