A large number of failed validations occurred.
This could happen because of an attacker is trying to lockout an user.
Please refer to the logs to see if the validation is failing for the same user. If it is consider disabling the user.
Target | Microsoft_Office_Communications_Server_2007_R2_Enterprise_Edition | ||
Category | EventCollection | ||
Enabled | True | ||
Event_ID | 47025 | ||
Event Source | OCS UserPin Service | ||
Alert Generate | True | ||
Alert Severity | Error | ||
Alert Priority | Normal | ||
Remotable | True | ||
Alert Message |
| ||
Event Log | Office Communications Server |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
CollectEvent | DataSource | Microsoft.Windows.EventProvider | Default |
WriteAlert | WriteAction | System.Health.GenerateAlert | Default |
WriteToDB | WriteAction | Microsoft.SystemCenter.CollectEvent | Default |
WriteToDW | WriteAction | Microsoft.SystemCenter.DataWarehouse.PublishEventData | Default |
<Rule ID="OCS_UserPin_Service_47025_EE" Enabled="true" Target="Microsoft_Office_Communications_Server_2007_R2_Enterprise_Edition" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="CollectEvent" TypeID="SCWindowsLibrary!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="SCWindowsLibrary!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Office Communications Server</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">OCS UserPin Service</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">47025</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WriteToDB" TypeID="SCSystemLibrary!Microsoft.SystemCenter.CollectEvent"/>
<WriteAction ID="WriteAlert" TypeID="SCHealth!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>2</Severity>
<AlertMessageId>$MPElement[Name="A_large_number_of_failed_validations_occurred_"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression>
<SuppressionValue>$Data/EventDisplayNumber$</SuppressionValue>
<SuppressionValue>$Data/PublisherName$</SuppressionValue>
</Suppression>
</WriteAction>
<WriteAction ID="WriteToDW" TypeID="SCDataWarehouseLibrary!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>
</WriteActions>
</Rule>