Critical Impact

Critical Impact Events and Alerts


Active Directory Active Directory Domain Services Internal Error
    AIS Monitoring Platform has discovered that An Active Directory Domain Services error has occurred. Cause : This problem occurs because one or more of the following conditions are true: The NTFS file system permissions on the root of the drive are too restrictive. The NTFS file system permissions on the NTDS folder are too restrictive. The drive letter of the volume that contains the Active Directory database has changed. The Active Directory database (Ntds.dit) is corrupted. The NTDS folder is compressed.
Active Directory AD Database May Be Corrupted
    AIS Monitoring Platform has detected the database engine cannot update certain indexes in Active Directory. This database problem occurs because of the problems with the code pages and language locales that are used in the Lsass.exe system process
Active Directory Domain Controller Is In USN Rollback State
    AIS Monitoring Platform has discovered that The Active Directory Domain Services database was restored by using an unsupported restoration procedure. Active Directory Domain Services will be unable to log on users while this condition persists. Therefore, the Net Logon service has paused.
Active Directory Ntds Dit Database Corruption Detected
    AIS Monitoring Platform has observed NTDS.DIT corruption which can cause logon failure, access for file server getting denied etc.
Active Directory Database Corruption
    AIS Monitoring Platform has discovered Active Directory database corruption. Database corruption error may be intermittently logged in the Directory Services event log on a Windows Server domain controller. The database engine cannot update certain indexes in Active Directory. This database problem occurs because of the problems with the code pages and language locales that are used in the Lsass.exe system process.
Active Directory Domain Services Not In Running State
    This alert condition indicates that the Active Directory Domain Services service is not running.
Active Directory Domain Services Not In Running State [Unexpected]
    This alert condition indicates that the Active Directory Domain Services service terminated unexpectedly.
AD Connectivity Test Failed Because Could Not Confirm The Identity Of This Server
    AIS Monitoring Platform has discovered that the Domain Controller Diagnostic test for Connectivity check failed with error Connectivity Test failed because Could not confirm the identity of this server.
AD Connectivity Test Failed Because DC Is Not Pointing To A DNS Server
    AIS Monitoring Platform has discovered that the Domain Controller Diagnostic test for Connectivity check failed with an error DC is not pointing to a DNS server. This behavior may occur because a DNS server for one domain controller may not have the required domain controller locator in its zone for another domain controller.
AD DS Active Directory Web Services Was Unable To Determine Global Catalog Server
    AIS Monitoring agent has discovered that Active Directory Web Services was unable to determine global catalog server. Impact : Users may face authentication issues.
AD DS Another DC Believes IT Is Has A More Up To Date Active Directory Domain Services Database Than The Local DC
    AIS Monitoring agent has discovered that another DC in domain believes it is has a more up-to-date Active Directory Domain Services database than the local DC. Impact : Users will face authentication issues.
AD DS Database Has Been Restored Using An Unsupported Restoration Procedure
    AIS Monitoring agent has discovered that Active Directory Domain Services database has been restored using an unsupported restoration procedure. Impact : Affecting the ability to log on, find objects of interest and perform other critical operations.
AD DS Inbound -and- Outbound Replication Has Been Disabled
    AIS Monitoring agent has discovered that Inbound / Outbound replication has been disabled. Impact : Users will face authentication problems.
Cannot Find Domain Controller In Domain
    AIS Monitoring Platform has discovered that the NetDiag DC discovery test is failed with error Cannot find DC in domain. This can be caused if the Netlogon and DFS services are stopped. Domain controllers do not have permission to access Domain Controllers Policy. NTFS file system permissions and share permissions are set incorrectly on the Sysvol share. DNS entries are incorrect for the domain controllers.
Default Domain Controllers Policy Failed
    AIS Monitoring Platform has discovered that there are problems with the Default Domain Controllers Policy. This policy contain Audit Policy and User Rights Assignment policy settings. Users may face permissions issue while accessing domain resources.
DNS Server Could Not Communicate With Network Using Configured Protocols
    AIS Monitoring agent has detected that the DNS server could not communicate with network using configured prootocol. Impact : DNS Query / Name Resolution may not work.
DNS Server Does Not Have A Cache Or Other Database Entry For Root Name Servers
    AIS Monitoring agent has detected that the DNS server does not have a cache or other database entry for root name servers. Impact : DNS server will be unable to contact the root DNS server on startup and will be unable to answer queries for names outside of its own authoritative zones.
DNS Server Has Encountered A Critical Error From Active Directory, Check If The Active Directory Is Functioning Properly
    AIS Monitoring agent has detected that the DNS server has encountered a critical error from the Active Directory. Impact : DNS Server may not able to retrieve information for AD DS-integrated zones.
DNS Server Was Unable To Complete Directory Service Enumeration Of Zone
    AIS Monitoring agent has detected the DNS server was unable to complete directory service enumeration of zone. Impact : DNS query for internal zones will fail.
DNS Server Was Unable To Create The Built In Directory Partition
    AIS Monitoring agent has discovered that DNS server was unable to create the built-in directory partition. Impact : DNS will not able to create any new zones, forward or reverse
DNS Server Was Unable To Initialize Active Directory Security Interfaces
    AIS Monitoring agent has detected the DNS server was unable to initialize Active Directory security interfaces. Impact: DNS service may not function correctly.
DNS Server Was Unable To Open Active Directory
    AIS Monitoring agent has detected the DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Impact: DNS server will not able to open in integrated zone for lookup, update and change.
Domain Controller Is Not Considered Suitable
    AIS Monitoring Platform has discovered that the Domain controller diagnostic Advertising test failed with error Domain Controller is not considered suitable. This problem occurs because the domain controller that is present in the domain is not identifying itself as the domain controller. This indicates that the Sysvol and the Netlogon folders are not shared. This problem may occur when the policies and scripts that are stored in the WindowsSysvol\Sysvol\DomainName folder are not available.
Global Catalog Is Not Reachable
    AIS Monitoring Platform has discovered that the Domain Controller Diagnostic test for FSMO check failed with error A Global Catalog Server could not be located. This might also impact the exchange server on the network. The mail flow can stop if GC is not responding.
HOST SPN Test Failed
    AIS Monitoring Platform has discovered that the Domain Controller Diagnostic test for MachineAccount check failed with error HOST SPN test failed. This behavior occurs if the SMB signing settings for the Workstation service and for the Server service contradict each other.
Infrastructure Master Owner, Not Found In Domain
    AIS Monitoring Platform has discovered that the Domain Controller Diagnostic test for FSMO check failed with an error Infrastructure Master Owner, not found in domain. This may be due to infrastructure master is not available. This may be caused by a network connectivity problem. It may also be due to a failure of the computer holding the infrastructure master role. Or, the user who is attempting to change group membership does not have the necessary administrative credentials.
Kerberos Key Distribution Center Not In Running State
    This alert condition indicates that the Kerberos Key Distribution Center service is not running.
Kerberos Key Distribution Center Not In Running State [Unexpected]
    This alert condition indicates that the Kerberos Key Distribution Center service terminated unexpectedly.
Microsoft Azure AD Sync Not In Running State
    Microsoft Azure AD Sync- Not In Running State
Microsoft Azure AD Sync Not In Running State [Unexpected]
    Microsoft Azure AD Sync- Not In Running State [Unexpected]
Microsoft Local Security Authority Server Detected LSASRV Errors
    AIS Monitoring Platform has discovered Microsoft Local Security Authority Server detected LSASRV errors. This issue occurs because the logon account for the Remote Procedure Call (RPC) service is changed from the Local System account to the NetworkService account in Windows Server 2003 with SP1. When the RPC service runs under the NetworkService account, the Impersonate a client after authentication policy must include the Administrators group account and the SERVICE group account.
Netlogon Service Not In Running State
    This alert condition indicates that the Netlogon service is not running.
Netlogon Service Not In Running State [Unexpected]
    This alert condition indicates that the Netlogon service terminated unexpectedly.
Schema Owner Not Available On Network
    AIS Monitoring Platform has discovered that the Domain Controller Diagnostic test for FSMO check failed with Schema Owner, but is deleted. This indicates Schema owner is not available on Network. This issue may occur if Setup cannot contact the Schema Master or the other operations master role holders. To confirm that this is the cause of this issue, verify that the operations master role holders are well known to the domain and that the server that assigned this role exists and is accessible.
Windows IPSec Driver Has Entered Block Mode
    Saaz Intelimon had detected IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions
Last modified April 17, 2020