locked
Healthy Response to Event ID 11166 RRS feed

  • Question

  • I am creating an event log monitor to specifically watch for System Event ID 11166("unable to register adapter with DNS") and was wondering if anyone knew the corresponding "healthy" event to add to the monitor for obvious reasons. I'm only planning to run it for as long as it takes to clear up this issue but would like to know this anyway.

     

    Thanks in advance!

     

    Kurt

     

    Tuesday, October 9, 2007 8:28 PM

Answers

  • Hi,

     

    SCE OpsMgr component is designed for healthy monitor. For this issue, I think set up auditing for DNS via GPO editing maybe is a better way to monitor it.

     

    The below steps are just for your reference:

     

    1.    Enable Directory Service Access auditing in your default Domain Policy:

    a) Edit the Domain Security Policy

    b) Navigate to Local Policies -> Audit Policy

    c) Define 'Audit directory service access' for success and failure

    d) Refresh the policy on all Domain Controllers

     

    2. Enable auditing on the DNS zone:

    a) Open ADSIEdit (Start, Run, adsiedit.msc)

    b) Right-click ADSI Edit, and connect to the DC=DomainDnsZones, DC=<domain>,DC=<top level domain> container.

    c) Expand Microsoft DNS, and navigate to the location of the DNS zone

    d) Right-click the zone and choose Properties

    e) On the Security tab, click the Advanced button

    f) Select the Auditing tab, and click Add

    g) Under User or Group, type in Everyone

    h) On the Object tab, select Success and Failure for access types Write All Properties, Read All Properties, Delete, and Delete Subtree.

     

    3. When a record is changed from DNS, Event ID such as 11166 will be logged in the Security Event Log on the related DC.

     

    Hope it helps.

     

    Best regards,

    Xiu Zhang - MSFT

    Microsoft Online Community Support

     

    Thursday, October 11, 2007 7:47 AM

All replies

  • I don't believe Windows logs any DNS registration success events on the client.

     

    -Eric Pepper[MSFT]

    Tuesday, October 9, 2007 10:39 PM
  • Exactly what I was afraid of. Since SCE doesn't let you specify a  monitor without a "Healthy" condition, what do you suggest besides another solution?

     

     

    Wednesday, October 10, 2007 8:35 PM
  • Hi,

     

    SCE OpsMgr component is designed for healthy monitor. For this issue, I think set up auditing for DNS via GPO editing maybe is a better way to monitor it.

     

    The below steps are just for your reference:

     

    1.    Enable Directory Service Access auditing in your default Domain Policy:

    a) Edit the Domain Security Policy

    b) Navigate to Local Policies -> Audit Policy

    c) Define 'Audit directory service access' for success and failure

    d) Refresh the policy on all Domain Controllers

     

    2. Enable auditing on the DNS zone:

    a) Open ADSIEdit (Start, Run, adsiedit.msc)

    b) Right-click ADSI Edit, and connect to the DC=DomainDnsZones, DC=<domain>,DC=<top level domain> container.

    c) Expand Microsoft DNS, and navigate to the location of the DNS zone

    d) Right-click the zone and choose Properties

    e) On the Security tab, click the Advanced button

    f) Select the Auditing tab, and click Add

    g) Under User or Group, type in Everyone

    h) On the Object tab, select Success and Failure for access types Write All Properties, Read All Properties, Delete, and Delete Subtree.

     

    3. When a record is changed from DNS, Event ID such as 11166 will be logged in the Security Event Log on the related DC.

     

    Hope it helps.

     

    Best regards,

    Xiu Zhang - MSFT

    Microsoft Online Community Support

     

    Thursday, October 11, 2007 7:47 AM
  • As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many similar scenarios.

     

    If the issue still persists and you want to return to this question, please reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.

     

    In addition, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems.

     

    Thanks!

     

    Monday, October 15, 2007 8:45 AM