No registry policy will be applied.
Sample Event:
Windows cannot access the registry information at %1. (%2).
The registry for the Group Policy object (GPO) could not be opened. This failure may be transient, and it may correct itself. This failure may be related to replication problems in the Active Directory® directory service.
To enable UserEnv logging, see Knowledge Base article 221833, “How to Enable User Environment Debug Logging in Retail Builds of Windows,” at http://go.microsoft.com/fwlink/?LinkId=25636. The log file provides details for the specific error.
Knowledge Base article 221833, “How to Enable User Environment Debug Logging in Retail Builds of Windows,” at http://go.microsoft.com/fwlink/?LinkId=25636
For more information, see:
Target | Microsoft.Windows.Server.2003.AD.DomainControllerRole | ||
Category | EventCollection | ||
Enabled | True | ||
Event_ID | 1043 | ||
Event Source | UserEnv | ||
Alert Generate | True | ||
Alert Severity | Error | ||
Alert Priority | Normal | ||
Remotable | True | ||
Alert Message |
| ||
Event Log | Application | ||
Comment | Mom2005ID='{B8CFC87E-010A-4A18-8CF2-7FE5766F2ECC}';MOM2005GroupID= |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
DS | DataSource | Microsoft.Windows.EventProvider | Default |
CollectEventData | WriteAction | Microsoft.SystemCenter.CollectEvent | Default |
CollectEventDataWarehouse | WriteAction | Microsoft.SystemCenter.DataWarehouse.PublishEventData | Default |
GenerateAlert | WriteAction | System.Health.GenerateAlert | Default |
<Rule ID="Windows_cannot_access_information_in_the_registry_5_Rule" Comment="Mom2005ID='{B8CFC87E-010A-4A18-8CF2-7FE5766F2ECC}';MOM2005GroupID=" Enabled="onEssentialMonitoring" Target="AD2003Core!Microsoft.Windows.Server.2003.AD.DomainControllerRole" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Application</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>1043</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>UserEnv</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>2</Severity>
<AlertOwner>$Data/PublisherName$</AlertOwner>
<AlertMessageId>$MPElement[Name="Windows_cannot_access_information_in_the_registry_5_Rule.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression>
<SuppressionValue/>
</Suppression>
</WriteAction>
<WriteAction ID="CollectEventData" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>
<WriteAction ID="CollectEventDataWarehouse" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>
</WriteActions>
</Rule>