Welcome to Management Pack Wiki! Your documentation pro for SCOM Management Packs
0 comment(s) Post a comment

DirectAccess server System Class

  • ID:  DirectAccess_Server_Class
  • Description:  DirectAccess is an optional feature of Windows Server 2008 R2 that will host, manage, and either terminate or pass-through IPsec sessions. The DirectAccess server is a server function and cannot be installed on a client computer running Windows 7
  • Class Hierarchy: 
    Object
    Configuration Item
    Logical Entity
    Local Application
    Windows Local Application
    DirectAccess server System

  • Attributes:  Public, Hosted
Login
This alarm indicates that the 'Failed Main Mode Negotiations' counter (under the ‘IPsec AuthIP IPv6’ object in perfmon) has exceeded critical levels. This alarm indicates that the 'Failed Main Mode Negotiations' counter (under the ‘IPsec AuthIP IPv6’ object in perfmon) has exceeded warning levels. This is a critical (red) alarm generated because the IP Helper (iphlpsvc) service crashed.  This is a critical (red) alarm generated because the IP Helper (iphlpsvc) service crashed. The iphlpsvc service provides tunnel connectivity using the Connectivity Platform, IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. The alarm is cleared when the service comes back up. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer. This is a critical (red) alarm generated because the IP Helper (iphlpsvc) service crashed. This is a critical (red) alarm generated because the Base Filtering Engine (BFE) service crashed. The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. The alarm is cleared when the service comes back up. Disabling the BFE service will significantly reduce the security of the system and will also result in unpredictable behavior in IPsec management and firewall applications.  This is a critical (red) alarm generated because the IKE and AuthIP IPsec Keying Modules (IKEEXT) service crashed. This alarm indicates that the 'Current State Entries' counter (under the ‘IPSec DOS Protection’ object in perfmon) has exceeded critical levels. 'Current state Entries' is the number of active state entries in the table. A state entry is a pair of IPv6 addresses that is authorized to pass through from a public to an internal interface. This alarm indicates that the 'Current State Entries' counter (under the ‘IPSec DOS Protection’ object in perfmon) has exceeded warning levels. 'Current state Entries' is the number of active state entries in the table. A state entry is a pair of IPv6 addresses that is authorized to pass through from a public to an internal interface This is a warning (yellow) alarm that is raised when the 'Inbound Rate Limit Discarded ICMPv6  Packets/sec' counter (under the ‘IPSec DOS Protection’ object in perfmon) exceeds a defined threshold. 'Inbound RateLimit Discarded ICMPv6 Packets/sec' is the rate at which ICMPv6 packets are received on a public interface and discarded because they exceeded the rate limit for ICMPv6 packets per second. This is a warning (yellow) alarm that is raised when the 'Inbound Rate Limit Discarded IPv6 IPsec Authenticated Packets/sec' counter (under the ‘IPSec DOS Protection’ object in perfmon) exceeds a defined threshold. 'Inbound Rate Limit DiscardedPv6 IPsec Authenticated Packets/sec' is the rate at which authenticated IKEv1, IKEv2, AuthIP, or ESP IPv6 packets are received on a public interface and discarded because they exceed the rate limit for IPv6 IPsec authenticated packets per second. An authenticated packet is an IPsec packet with an associated state entry. A state entry is a pair of IPv6 addresses that is authorized to pass through from a public to an internal interface. This is a warning (yellow) alarm for potential DoS attack and is raised when 'IKE DoS-prevention mode started' event (Event Id: 4646, Event Source: Microsoft Windows security auditing, Event Log Channel: Security) is generated. The alarm is cleared when the same event is generated again. This is a warning (yellow) alarm indicating that the 'Inbound Rate Limit Discarded IPv6 IPsec Unauthenticated Packets/sec' counter (under the ‘IPSec DOS Protection’ object in perfmon) has exceeded a defined threshold.  'Inbound Rate Limit Discarded IPv6 IPsec Unauthenticated Packets/sec' is  the rate at which unauthenticated IKEv1, IKEv2, AuthIP, or ESP IPv6 packets received on a public interface were discarded because they exceeded the rate limit for IPv6 IPsec unauthenticated packets per second. An unauthenticated packet is an IPsec packet without an associated state entry. A state entry is a pair of IPv6 addresses that is authorized to pass through from a public to an internal interface. This is a warning (yellow) alarm that is raised when the 'Packets That Failed Replay  Detection/sec' counter (under the 'IPsec Driver' object in perfmon) exceeds a defined threshold. 'Packets That Failed Replay Detection/sec' is the rate of packets that contained an invalid sequence number since the computer was last started. Increases in this counter might indicate a network problem or replay attack. This is a warning (yellow) alarm that is raised when the 'Incorrect SPI Packets/sec' counter (under the 'IPsec Driver' object in perfmon) exceeds a defined threshold. 'Incorrect SPI Packets/sec' is the rate of packets  for which the Security Parameter Index (SPI) was incorrect since the computer was last started. A large number of packets with bad SPIs within a short amount of time might indicate a packet spoofing attack. This is a critical (red) alarm generated because the IP Helper (iphlpsvc) service crashed. This is a critical (red) alarm generated because the IP Helper (iphlpsvc) service crashed. The iphlpsvc service provides tunnel connectivity using the Connectivity Platform, IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo),and IP-HTTPS. The alarm is cleared when the service comes back up. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer. DirectAccess is an optional feature of Windows Server 2008 R2 that will host, manage, and either terminate or pass-through IPsec sessions. The DirectAccess server is a server function and cannot be installed on a client computer running Windows 7 Defines the basic properties of computers running Windows operating systems 6to4 (RFC 3056) is an IPv6 transition technology that provides IPv6 connectivity across the IPv4 Internet for hosts or sites that have a public IPv4 address. For more information, see the “IPv6 Transition Technologies” whitepaper at http://technet.microsoft.com/en-us/library/bb726951.aspx IP-HTTPS is a new protocol for Windows 7 and Windows Server 2008 R2 that allows hosts behind a Web proxy server or firewall to establish connectivity by tunneling IPv6 packets inside an IPv4-based HTTPS session. HTTPS is used instead of HTTP so that Web proxy servers will not attempt to examine the data stream and terminate the connection ISATAP (RFC 4214) is an IPv6 transition technology that is used to provide IPv6 connectivity between IPv6/IPv4 hosts across an IPv4-only intranet. ISATAP can be used for DirectAccess to provide IPv6 connectivity to ISATAP hosts across your intranet. For more information about ISATAP, see the “IPv6 Transition Technologies” whitepaper at http://technet.microsoft.com/en-us/library/bb726951.aspx Network Security component uses IPsec policies for authentication and encryption of DirectAccess connections. Multiple policies can be applied to a computer simultaneously, each providing a different function. The result of all of these policies working together is a DirectAccess client that can securely communicate with the DirectAccess server and intranet servers Teredo (RFC 4380) is an IPv6 transition technology that provides IPv6 connectivity across the IPv4 Internet for hosts that are located behind an IPv4 network address translation (NAT) device and are assigned a private IPv4 address. For more information, see http://www.microsoft.com/technet/network/ipv6/teredo.mspx Teredo (RFC 4380) is an IPv6 transition technology that provides IPv6 connectivity across the IPv4 Internet for hosts that are located behind an IPv4 network address translation (NAT) device and are assigned a private IPv4 address. For more information, see http://www.microsoft.com/technet/network/ipv6/teredo.mspx

Download diagram as a Visio file

Properties

Display Name Description
Asset Status Asset status
Display Name Display name of the object.
Notes Notes
Object Status Object status

Discovered By

Name Description
DirectAccess Server discovery DirectAccess is an optional feature of Windows Server 2008 R2 that will host, manage, and either terminate or pass-through IPsec sessions. For DirectAccess server to be discovered the following registry key needs to be created on the machine and set to a value of 1: HKLM\Software\Microsoft\DAServer\Management. The DirectAccess server will be discovered only if the machine is discovered to be a Windows 2008 R2.

Relations

Health Source
NameClassType
DirectAccess Server - IPHTTPS Gateway DirectAccess server System Hosting
DirectAccess Server - ISATAP Router DirectAccess server System Hosting
DirectAccess Server - Network Security DirectAccess server System Hosting
DirectAccess Server - 6to4 Router DirectAccess server System Hosting
DirectAccess Server - Teredo Relay DirectAccess server System Hosting
DirectAccess Server - Teredo Server DirectAccess server System Hosting
Owned By User Configuration Item Reference
Affects Customers Configuration Item Reference
Serviced By User Configuration Item Reference
Contains Configuration Item Configuration Item Membership
Is Related to Configuration Item Configuration Item Reference
Config Item References Location Configuration Item Reference
Entity Watched By Perspective Object Reference

Health Target
NameClassType
Hosts Windows Local Application Windows Local Application Hosting

Class Knowledgebase

Summary

DirectAccess is an optional feature of Windows Server 2008 R2 that will host, manage, and either terminate or pass-through IPsec sessions. The DirectAccess server is a server function and cannot be installed on a client computer running Windows 7

External References
This class does not contain any external references.

See Also for Windows 2008 R2 Direct Access Server Management Pack


Downloads for Windows 2008 R2 Direct Access Server Management Pack

Post a comment