Registry operation failure

Registry_operation_failure_1_Rule (Rule)

Knowledge Base article:

Management Pack
Summary
The Routing and Remote Access service could not start because it could not access required registry value(s).
 
Causes
The most common reasons for this error are:
  1. The registry key does not exist.
  2. The queried value does not exist in the registry.
  3. The SYSTEM account does not have read/write permissions for a registry key.
  4. The value of a required registry key is incorrect.
  5. The subkeys under the registry key could not be opened for one of the above reasons.
 
Resolutions
Open the Registry Editor, and verify the values of the following registry keys: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Parameters HKEY_LOCAL_MACHINE\Microsoft\RAS\SecurityHost HKEY_LOCAL_MACHINE\Microsoft\RAS\AdminDll HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Accounting HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Authenication HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\RouterManagers HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\DemandDialManager HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Interfaces HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RasMan\PPP HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RasMan\PPP\ControlProtocols HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\PPP\EAP Values to verify:
  1. Verify that the System account has read/write permission for each registry key. To check the permissions:
    1. Right-click each registry key, and click Permissions.
    2. Check whether the System account has read/write permissions for the key. If it does not, add them.
  2. Verify that the paths to all DLLs are correct. If a path to a DLL contains any environmental variables (such as %systemroot%), verify that the variables are valid for the operating system. Environmental variables might need to be expanded.
 
Sample Event
Sample Event #1: Cannot access registry key values.
Sample Event #2: Cannot open the RAS security host Registry key. The following error occurred: %1
Sample Event #3: Cannot access Registry value for %1.
Sample Event #4: Cannot access the Registry key %1.
Sample Event #5: Cannot enumerate keys of Registry key %1.
Sample Event #6: Cannot open the RAS third party administration host DLL Registry key.The following error occurred: %1
Sample Event #7: Cannot enumerate Registry key values. %1
Sample Event #8: Cannot open or obtain information about the PPP key or one of its subkeys. %1
 
© 2004 Microsoft Corporation, all rights reserved.

Element properties:

TargetMicrosoft.Windows.RemoteAccess.2012.Class.VPNServer
CategoryEventCollection
EnabledTrue
Event SourceRemoteAccess
Alert GenerateFalse
RemotableTrue
Event LogSystem

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
WriteToDB WriteAction Microsoft.SystemCenter.CollectEvent Default

Source Code:

<Rule ID="Registry_operation_failure_1_Rule" Enabled="true" Target="Microsoft.Windows.RemoteAccess.2012.Class.VPNServer" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>System</LogName>
<Expression>
<And>
<Expression>
<RegExExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>^(20002|20091|20099|20100|20112|20003|20069)$</Pattern>
</RegExExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">RemoteAccess</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WriteToDB" TypeID="SystemCenter!Microsoft.SystemCenter.CollectEvent"/>
</WriteActions>
</Rule>