Home
  •  

A large number of failed validations occurred.

OCS_UserPin_Service_47025_EE (Rule)

Knowledge Base article:

Summary

A large number of failed validations occurred.

Causes

This could happen because of an attacker is trying to lockout an user.

Resolutions

Please refer to the logs to see if the validation is failing for the same user. If it is consider disabling the user.

Element properties:

TargetMicrosoft_Office_Communications_Server_2007_R2_Enterprise_Edition
CategoryEventCollection
EnabledTrue
Event_ID47025
Event SourceOCS UserPin Service
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
RemotableTrue
Alert Message
A large number of failed validations occurred.
{0}
Event LogOffice Communications Server

Member Modules:

ID Module Type TypeId RunAs 
CollectEvent DataSource Microsoft.Windows.EventProvider Default
WriteAlert WriteAction System.Health.GenerateAlert Default
WriteToDB WriteAction Microsoft.SystemCenter.CollectEvent Default
WriteToDW WriteAction Microsoft.SystemCenter.DataWarehouse.PublishEventData Default

Source Code:

<Rule ID="OCS_UserPin_Service_47025_EE" Enabled="true" Target="Microsoft_Office_Communications_Server_2007_R2_Enterprise_Edition" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="CollectEvent" TypeID="SCWindowsLibrary!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="SCWindowsLibrary!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Office Communications Server</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">OCS UserPin Service</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="UnsignedInteger">47025</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="WriteToDB" TypeID="SCSystemLibrary!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="WriteAlert" TypeID="SCHealth!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>2</Severity>

      <AlertMessageId>$MPElement[Name="A_large_number_of_failed_validations_occurred_"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue>$Data/EventDisplayNumber$</SuppressionValue>

        <SuppressionValue>$Data/PublisherName$</SuppressionValue>

      </Suppression>

    </WriteAction>

    <WriteAction ID="WriteToDW" TypeID="SCDataWarehouseLibrary!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>

  </WriteActions>

</Rule>