Unit Monitors

Name Enabled Target Class Alert Message Description
Unit Monitor   DirectAccess_Server_Security_AuthFailuresIPv6_Critical
1
 
DirectAccess server System   This alarm indicates that the "Failed Main Mode Negotiations" counter (under the ‘IPsec AuthIP IPv6’ object in perfmon) has exceeded critical levels.
Unit Monitor   DirectAccess_Server_Security_AuthFailuresIPv6_Warning
1
 
DirectAccess server System   This alarm indicates that the "Failed Main Mode Negotiations" counter (under the ‘IPsec AuthIP IPv6’ object in perfmon) has exceeded warning levels.
Unit Monitor   IPHTTPS_Gateway_AvailabilityIPHLPSVC
1
 
IPHTTPS Gateway IPHTTPS_Gateway_AvailabilityIPHLPSVC This is a critical (red) alarm generated because the IP Helper (iphlpsvc) service crashed. The iphlpsvc service provides tunnel connectivity using the Connectivity Platform, IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. The alarm is cleared when the service comes back up. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer.
Unit Monitor   ISATAP_Router_AvailabilityIPHLPSVC
1
 
ISATAP Router ISATAP_Router_AvailabilityIPHLPSVC This is a critical (red) alarm generated because the IP Helper (iphlpsvc) service crashed.
Unit Monitor   Network Security ICMP Queue Overflow Warning
1
 
Network Security   This is a warning (yellow) alarm that is raised when the "Inbound Rate Limit Discarded ICMPv6 Packets/sec" counter (under the ‘IPSec DOS Protection’ object in perfmon) exceeds a defined threshold. "Inbound RateLimit Discarded ICMPv6 Packets/sec" is the rate at which ICMPv6 packets are received on a public interface and discarded because they exceeded the rate limit for ICMPv6 packets per second.
Unit Monitor   Network Security IKE DoSP
1
 
Network Security   This is a warning (yellow) alarm for potential DoS attack and is raised when "IKE DoS-prevention mode started" event (Event Id: 4646, Event Source: Microsoft Windows security auditing, Event Log Channel: Security) is generated. The alarm is cleared when the same event is generated again.
Unit Monitor   Network Security QueueOverflow Warning
1
 
Network Security   This is a warning (yellow) alarm that is raised when the "Inbound Rate Limit Discarded IPv6 IPsec Authenticated Packets/sec" counter (under the ‘IPSec DOS Protection’ object in perfmon) exceeds a defined threshold. "Inbound Rate Limit DiscardedPv6 IPsec Authenticated Packets/sec" is the rate at which authenticated IKEv1, IKEv2, AuthIP, or ESP IPv6 packets are received on a public interface and discarded because they exceed the rate limit for IPv6 IPsec authenticated packets per second. An authenticated packet is an IPsec packet with an associated state entry. A state entry is a pair of IPv6 addresses that is authorized to pass through from a public to an internal interface.
Unit Monitor   Network Security RateLimitDiscardUnAuth
1
 
Network Security   This is a warning (yellow) alarm indicating that the "Inbound Rate Limit Discarded IPv6 IPsec Unauthenticated Packets/sec" counter (under the ‘IPSec DOS Protection’ object in perfmon) has exceeded a defined threshold. "Inbound Rate Limit Discarded IPv6 IPsec Unauthenticated Packets/sec" is the rate at which unauthenticated IKEv1, IKEv2, AuthIP, or ESP IPv6 packets received on a public interface were discarded because they exceeded the rate limit for IPv6 IPsec unauthenticated packets per second. An unauthenticated packet is an IPsec packet without an associated state entry. A state entry is a pair of IPv6 addresses that is authorized to pass through from a public to an internal interface.
Unit Monitor   Network Security ReplayAttack
1
 
Network Security   This is a warning (yellow) alarm that is raised when the "Packets That Failed Replay Detection/sec" counter (under the 'IPsec Driver' object in perfmon) exceeds a defined threshold. "Packets That Failed Replay Detection/sec" is the rate of packets that contained an invalid sequence number since the computer was last started. Increases in this counter might indicate a network problem or replay attack.
Unit Monitor   Network Security SpoofingAttack
1
 
Network Security   This is a warning (yellow) alarm that is raised when the "Incorrect SPI Packets/sec" counter (under the 'IPsec Driver' object in perfmon) exceeds a defined threshold. "Incorrect SPI Packets/sec" is the rate of packets for which the Security Parameter Index (SPI) was incorrect since the computer was last started. A large number of packets with bad SPIs within a short amount of time might indicate a packet spoofing attack.
Unit Monitor   Network Security State Utilization critical level
1
 
Network Security   This alarm indicates that the "Current State Entries" counter (under the ‘IPSec DOS Protection’ object in perfmon) has exceeded critical levels. "Current state Entries" is the number of active state entries in the table. A state entry is a pair of IPv6 addresses that is authorized to pass through from a public to an internal interface.
Unit Monitor   Network Security State utilization warning level
1
 
Network Security   This alarm indicates that the "Current State Entries" counter (under the ‘IPSec DOS Protection’ object in perfmon) has exceeded warning levels. "Current state Entries" is the number of active state entries in the table. A state entry is a pair of IPv6 addresses that is authorized to pass through from a public to an internal interface
Unit Monitor   Network_Security_AvailabilityBFE
1
 
Network Security Network_Security_AvailabilityBFE This is a critical (red) alarm generated because the Base Filtering Engine (BFE) service crashed. The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. The alarm is cleared when the service comes back up. Disabling the BFE service will significantly reduce the security of the system and will also result in unpredictable behavior in IPsec management and firewall applications.
Unit Monitor   Network_Security_AvailabilityIKEEXT
1
 
Network Security Network_Security_AvailabilityIKEEXT This is a critical (red) alarm generated because the IKE and AuthIP IPsec Keying Modules (IKEEXT) service crashed.
Unit Monitor   Router_6to4_AvailabilityIPHLPSVC
1
 
6to4 Router Router_6to4_AvailabilityIPHLPSVC This is a critical (red) alarm generated because the IP Helper (iphlpsvc) service crashed.
Unit Monitor   Teredo_Relay_AvailabilityIPHLPSVC
1
 
Teredo Relay Teredo_Relay_AvailabilityIPHLPSVC This is a critical (red) alarm generated because the IP Helper (iphlpsvc) service crashed.
Unit Monitor   Teredo_Server_AvailabilityIPHLPSVC
1
 
Teredo Server Teredo_Server_Availability_IPHLPSVC This is a critical (red) alarm generated because the IP Helper (iphlpsvc) service crashed. The iphlpsvc service provides tunnel connectivity using the Connectivity Platform, IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo),and IP-HTTPS. The alarm is cleared when the service comes back up. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer.

See Also for Windows 2008 R2 Direct Access Server Management Pack


Downloads for Windows 2008 R2 Direct Access Server Management Pack