Home
  •  

Windows cannot access information in the registry

Windows_cannot_access_information_in_the_registry_5_Rule (Rule)

Knowledge Base article:

Summary

No registry policy will be applied.

Sample Event:

Windows cannot access the registry information at %1. (%2).

Causes

The registry for the Group Policy object (GPO) could not be opened. This failure may be transient, and it may correct itself. This failure may be related to replication problems in the Active Directory® directory service.

Resolutions

To enable UserEnv logging, see Knowledge Base article 221833, “How to Enable User Environment Debug Logging in Retail Builds of Windows,” at http://go.microsoft.com/fwlink/?LinkId=25636. The log file provides details for the specific error.

External

Knowledge Base article 221833, “How to Enable User Environment Debug Logging in Retail Builds of Windows,” at http://go.microsoft.com/fwlink/?LinkId=25636

For more information, see:

Element properties:

TargetMicrosoft.Windows.Server.2003.AD.DomainControllerRole
CategoryEventCollection
EnabledTrue
Event_ID1043
Event SourceUserEnv
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
RemotableTrue
Alert Message
Windows cannot access information in the registry
{0}
Event LogApplication
CommentMom2005ID='{B8CFC87E-010A-4A18-8CF2-7FE5766F2ECC}';MOM2005GroupID=

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
CollectEventData WriteAction Microsoft.SystemCenter.CollectEvent Default
CollectEventDataWarehouse WriteAction Microsoft.SystemCenter.DataWarehouse.PublishEventData Default
GenerateAlert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Windows_cannot_access_information_in_the_registry_5_Rule" Comment="Mom2005ID='{B8CFC87E-010A-4A18-8CF2-7FE5766F2ECC}';MOM2005GroupID=" Enabled="onEssentialMonitoring" Target="AD2003Core!Microsoft.Windows.Server.2003.AD.DomainControllerRole" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Application</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>1043</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>UserEnv</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>2</Severity>

      <AlertOwner>$Data/PublisherName$</AlertOwner>

      <AlertMessageId>$MPElement[Name="Windows_cannot_access_information_in_the_registry_5_Rule.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue/>

      </Suppression>

    </WriteAction>

    <WriteAction ID="CollectEventData" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="CollectEventDataWarehouse" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>

  </WriteActions>

</Rule>