Home
  •  

ServiceTerminate

ServiceTerminate_1_Rule (Rule)

Knowledge Base article:

요약

FSCMonitor에서 MSExchangeTransport.exe 프로세스가 예기치 않게 중단되었음을 감지했습니다. MSExchangeTransport 서비스가 오프라인 상태로 바뀝니다.

원인

1. 응용 프로그램 예외로 인한 MSExchangeTransport.exe 중단

2. MSExchangeTransport.exe 프로세스 종료

해결 방법

1. 일부 시스템의 경우 자동으로 복구되며 필요한 작업은 없습니다.

2. 자동으로 복구되지 않으면 Forefront 및 관련 MSExchangeTransport 서비스를 다시 시작해야 합니다.

Element properties:

TargetFSMPack2007_FSE.Forefront_Security_for_Exchange_Server___Edge_Transport_Installation
CategoryEventCollection
EnabledTrue
Event SourceFSCController
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
RemotableTrue
Alert Message
ServiceTerminate
Event LogApplication
CommentMom2005ID='{DCC3FC53-AC3B-47D9-8C9B-8AEE247893E3}';MOM2005ComputerGroupID={349CABD5-7700-4732-962C-63CF8C1B3795}

Member Modules:

ID Module Type TypeId RunAs 
_F6DA1507_12AF_11D3_AB21_00A0C98620CE_ DataSource Microsoft.Windows.EventProvider Default
GenerateAlert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="ServiceTerminate_1_Rule" Comment="Mom2005ID='{DCC3FC53-AC3B-47D9-8C9B-8AEE247893E3}';MOM2005ComputerGroupID={349CABD5-7700-4732-962C-63CF8C1B3795}" Enabled="true" Target="FSMPack2007_FSE.Forefront_Security_for_Exchange_Server___Edge_Transport_Installation" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="_F6DA1507_12AF_11D3_AB21_00A0C98620CE_" TypeID="WindowsLibrary!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="WindowsLibrary!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Application</LogName>

      <Expression>

        <And>

          <Expression>

            <RegExExpression>

              <ValueExpression>

                <XPathQuery Type="Integer">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>MatchesMOM2005RegularExpression</Operator>

              <Pattern>^(5167|5168)$</Pattern>

            </RegExExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>FSCController</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="HealthLibrary!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>2</Severity>

      <AlertName/>

      <AlertDescription/>

      <AlertOwner/>

      <AlertMessageId>$MPElement[Name="ServiceTerminate_1_Rule.AlertMessage"]$</AlertMessageId>

      <AlertParameters/>

      <Suppression/>

      <Custom1>Microsoft Forefront Server Security</Custom1>

      <Custom2>Forefront Security for Exchange Server</Custom2>

      <Custom3>ServicesFailure</Custom3>

      <Custom4/>

      <Custom5/>

      <Custom6/>

      <Custom7/>

      <Custom8/>

      <Custom9/>

      <Custom10/>

    </WriteAction>

  </WriteActions>

</Rule>