Socket operation failure

Socket_operation_failure_1_Rule (Rule)

Knowledge Base article:

Management Pack
Summary
The Internet Group Management Protocol version 2 (IGMPv2) encountered an error in socket operation.
 
Causes
The most common reasons for this warning are:
  1. The connection has been dropped, because of a network failure or because the system on the other end went down without notice.
  2. The network subsystem has failed.
  3. The Windows Socket Implementation was unable to allocate the needed resources for its internal operation.
 
Resolutions
  1. If the server is low on memory, take appropriate action to increase the available memory. See Help and Support Center for information on low memory.
  2. Stop and restart the Routing and Remote Access service.
  3. If the problem persists, restart the server.
 
Sample Event
Sample Event#1: IGMP was unable to receive an incoming messageon the local interface with IP address %1.The data is the error code.
Sample Event#2: IGMP was unable to send a packet from the interface with IP address %1to the IP address %2.The data is the error code.
Sample Event#3: Igmpv2 was unable to request notification of eventson the socket for the local interface with IP address %1.The data is the error code.
Sample Event#4: IGMP was unable to create a socket for the local interfacewith IP address %1.The data is the error code.
Sample Event#5: IGMP could not bind to port 520 on the socket forthe local interface with IP address %1.The data is the error code.
Sample Event#6: IGMP could not request multicasting on the local interfacewith IP address %1.The data is the error code.
Sample Event#7: IGMP could not set router alert option on the local interfacewith IP address %1.The data is the error code.
Sample Event#8: IGMP could not set the IP header include option on interfacewith IP address %1.The data is the error code.
 
© 2004 Microsoft Corporation, all rights reserved.

Element properties:

TargetMicrosoft.Windows.RemoteAccess.2012.Class.VPNServer
CategoryEventCollection
EnabledTrue
Alert GenerateFalse
RemotableTrue
Event LogSystem

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
WriteToDB WriteAction Microsoft.SystemCenter.CollectEvent Default

Source Code:

<Rule ID="Socket_operation_failure_1_Rule" Enabled="true" Target="Microsoft.Windows.RemoteAccess.2012.Class.VPNServer" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>System</LogName>
<Expression>
<And>
<Expression>
<RegExExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>^(41012|41019|41023|41024|41025|41028|41029|41030)$</Pattern>
</RegExExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>ContainsSubstring</Operator>
<Pattern>IGMPv2</Pattern>
</RegExExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WriteToDB" TypeID="SystemCenter!Microsoft.SystemCenter.CollectEvent"/>
</WriteActions>
</Rule>