Home
  •  

[DEPRECATED] Miscellaneous NetLogon Errors

Miscellaneous_NetLogon_Errors_1_Rule (Rule)

Knowledge Base article:

Additional

Netlogon service is responsible for advertising the DC’s required records in DNS as well as providing access to the Sysvol. The Net Logon service is also used by the Active Directory® directory service to establish a secure channel between domain controllers and directory clients. The Net Logon service contains DC Locator, which is used to advertise the availability of domain controllers in Domain Name System (DNS) so that clients can locate the domain controller that is located closest to them.

Element properties:

TargetMicrosoft.Windows.Server.2003.AD.DomainControllerRole
CategoryEventCollection
EnabledFalse
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
RemotableTrue
Alert Message
[DEPRECATED] Miscellaneous NetLogon Errors
{0}
Event LogSystem
CommentMom2005ID='{6224D76E-2F71-4DAE-9184-197D2A22B859}';MOM2005GroupID=

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
CollectEventData WriteAction Microsoft.SystemCenter.CollectEvent Default
CollectEventDataWarehouse WriteAction Microsoft.SystemCenter.DataWarehouse.PublishEventData Default
GenerateAlert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Miscellaneous_NetLogon_Errors_1_Rule" Comment="Mom2005ID='{6224D76E-2F71-4DAE-9184-197D2A22B859}';MOM2005GroupID=" Enabled="false" Target="AD2003Core!Microsoft.Windows.Server.2003.AD.DomainControllerRole" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>System</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>Netlogon</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <RegExExpression>

              <ValueExpression>

                <XPathQuery>EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>DoesNotMatchMOM2005BooleanRegularExpression</Operator>

              <Pattern>^(3097|3210|5513|5516|5517|5704|5706|5719|5720|5721|5722|5723|5737|5741|5772|5773|5774|5775|5776|5779|5782|5783|5788|5789|5790|5791|5800|5801|5805|5806|5808|5809|11150|11162|11151|11155|11163|11167|11152|11153|11164|11165|11154|11166)$</Pattern>

            </RegExExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">Params/Param[3]</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">Error</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>2</Severity>

      <AlertOwner>$Data/PublisherName$</AlertOwner>

      <AlertMessageId>$MPElement[Name="Miscellaneous_NetLogon_Errors_1_Rule.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue/>

      </Suppression>

    </WriteAction>

    <WriteAction ID="CollectEventData" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="CollectEventDataWarehouse" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>

  </WriteActions>

</Rule>