Home
  •  

Microsoft Windows Server DNS Zone Transfer Aborted

Microsoft.Windows.Server.DNS.Zone.TransferAborted (Rule)

Alert generating rule for a zone.

Knowledge Base article:

Summary

Domain Name System (DNS) enhances fault tolerance and load balancing by providing for server redundancy. For any given zone, a DNS server can act as a primary master server, which is the authority for a zone, or as a secondary server, which obtains its zone data from the zone's primary master server or another secondary server. This process is known as zone transfer.

Causes

A zone transfer was aborted.

Resolutions

Reinitiate zone transfer

If a zone transfer for a secondary zone from the local DNS server is failing, initiate the zone transfer at the secondary DNS server.

To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To initiate a zone transfer at a remote secondary DNS server:

1.On the DNS server, open DNS Manager. To open DNS Manager, click Start, click Administrative Tools, and then click DNS.

2.In the console tree, right-click DNS, and then click Connect to DNS Server.

3.Click The following computer, type the DNS name or IP address of the secondary DNS server, and then click OK.

4.In the console tree, expand the secondary DNS server, and then expand the folder containing the zone.

5.Right-click the zone, and then click Transfer from master.

External

http://technet.microsoft.com/en-us/library/dd349623(v=ws.10).aspx

Element properties:

TargetMicrosoft.Windows.Server.DNS.Zone
CategoryAlert
EnabledTrue
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
RemotableTrue
Alert Message
Windows DNS - Zone Transfer Aborted

Event ID: {0}
Event Source: {1}
Event Log: {2}

Event Description: {3}
Event LogDNS Server

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
Alert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Microsoft.Windows.Server.DNS.Zone.TransferAborted" Enabled="true" Target="Microsoft.Windows.Server.DNS.Zone" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>Alert</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>DNS Server</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="UnsignedInteger">6002</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">Params/Param[2]</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">$Target/Property[Type="Microsoft.Windows.Server.DNS.Zone"]/ZoneName$</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertOwner/>

      <AlertMessageId>$MPElement[Name="Microsoft.Windows.Server.DNS.Zone.TransferAborted.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDisplayNumber$</AlertParameter1>

        <AlertParameter2>$Data/EventSourceName$</AlertParameter2>

        <AlertParameter3>$Data/Channel$</AlertParameter3>

        <AlertParameter4>$Data/EventDescription$</AlertParameter4>

      </AlertParameters>

      <Suppression>

        <SuppressionValue>$Data/LoggingComputer$</SuppressionValue>

        <SuppressionValue>$Data/Params/Param[2]$</SuppressionValue>

      </Suppression>

      <Custom1/>

      <Custom2/>

      <Custom3/>

      <Custom4/>

      <Custom5/>

      <Custom6/>

      <Custom7/>

      <Custom8/>

      <Custom9/>

      <Custom10/>

    </WriteAction>

  </WriteActions>

</Rule>