| Event ID: | 26 | Source: | Application Popup | Description: | Application popup: Windows - Delayed Write Failed : Windows was unable to save all the data for the file C:\users\wilf.tresbitt\desktop\periodic_table.xls. The data has been lost. This error may be ca |
|---|---|---|---|---|---|
| Event ID: | 26 | Source: | Application Popup | Description: | Application popup: Message from sAMAccountName - 19/01/2012 12:53 : Please logoff! I need to reboot this server! |
| Event ID: | 333 | Source: | Application Popup | Description: | An I/O operation initiated by the Registry failed unrecoverably. The Registry could not read in, or write out, or flush, one of the files that contain the system's image of the Registry. |
| Event ID: | 39 | Source: | Cdm | Description: | The CDM redirector has timed out a request to SessionID 8. |
| Event ID: | 1239 | Source: | ClusSvc | Description: | The Cluster service account does not have the following required user rights: Act as part of the operating system These user rights were granted to the Cluster service account during cluster s |
| Event ID: | 49 | Source: | CPQTeamMP | Description: | HP Network Team #1: PROBLEM: This Teaming Miniport-Edge Configuration Parameters section of the Registry is either missing the VlanDefaultTag Parameter, or the Parameter is unreadable. Setting value t |
| Event ID: | 8 | Source: | crypt32 | Description: | Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specif |
| Event ID: | 1002 | Source: | Dhcp | Description: | The IP address lease 172.16.68.138 for the Network Card with network address 005056990007 has been denied by the DHCP server 172.16.2.1 (The DHCP Server sent a DHCPNACK message). |
| Event ID: | 1020 | Source: | DHCP-Server | Description: | Scope, 10.125.11.128, is 86 percent full with only 6 IP addresses remaining. |
| Event ID: | 1046 | Source: | DhcpServer | Description: | The DHCP/BINL service on the local machine, belonging to the Windows Administrative domain ad.fqdn.local, has determined that it is not authorized to start. It has stopped servicing clients. The fol |
| Event ID: | 1059 | Source: | DhcpServer | Description: | The DHCP service failed to see a directory server for authorization. |
| Event ID: | 34 | Source: | Disk | Description: | The driver disabled the write cache on device \Device\Harddisk0\DR0. |
| Event ID: | 119 | Source: | Disk | Description: | The driver for device \Device\Harddisk0\DR0 delayed non-paging Io requests for 15 ms to recover from a low memory condition. |
| Event ID: | 1006 | Source: | DNS Client Events | Description: | The client was unable to validate the following as active DNS server(s) that can service this client. The server(s) may be temporarily unavailable, or may be incorrectly configured. 192.168.1.254 |
| Event ID: | 1014 | Source: | DNS Client Events | Description: | Name resolution for the name u1329184239356.s1137849806.i1.v8.r4.t6.wdm.sg.ripe.net timed out after none of the configured DNS servers responded. |
| Event ID: | 11164 | Source: | DnsApi | Description: | The system failed to register host (A) resource records (RRs) for network adapter with settings: Adapter Name : {B3F49D34-A130-44F7-96A9-15AE32FCBD8D} Host Name : LOCALCOMPUTERNAME Prim |
| Event ID: | 514 | Source: | ESE | Description: | Information Store (4788) Storage Group 1: Log sequence numbers for this instance have almost been completely consumed. The current log generation is 918000 (0x000E01F0) which is approaching the maximu |
| Event ID: | 6000 | Source: | EventLog | Description: | The SomethingApp log file is full. |
| Event ID: | 6008 | Source: | EventLog | Description: | The previous system shutdown at 01:33:47 on 03/06/2011 was unexpected. |
| Event ID: | 6011 | Source: | EventLog | Description: | The NetBIOS name and DNS host name of this machine have been changed from OLDNAME to NEWNAME. |
| Event ID: | 6013 | Source: | EventLog | Description: | The system uptime is 31449600 seconds. |
| Event ID: | 3006 | Source: | EvntAgnt | Description: | Error reading log event record. Handle specified is 615160. Return code from ReadEventLog is 1130. |
| Event ID: | 770 | Source: | Foundation Agents | Description: | The Host Remote Alerter detected an error while attempting to retrieve data from key = CompaqHostOsPerfComponentLogicalDisk in the registry. The data contains the error code. |
| Event ID: | 129 | Source: | HpCISSs2 | Description: | The description for Event ID ( 129 ) in Source ( HpCISSs2 ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote c |
| Event ID: | 15002 | Source: | HTTP | Description: | Unable to write to the log file ex090718.log for site W3SVC1. Disk may be full. If this is a network path, make sure that network connectivity is not broken. |
| Event ID: | 3621 | Source: | IMAService | Description: | The server running Citrix Presentation Server failed to connect to the Data Store. Error - IMA_RESULT_DBCONNECT_FAILURE The database is down or there is a network failure. |
| Event ID: | 3635 | Source: | IMAService | Description: | The server running Citrix Presentation Server failed to connect to the data store. The database is down or there is a network failure. Error: IMA_RESULT_DBCONNECT_FAILURE Indirect: 0 Server: DSN f |
| Event ID: | 11 | Source: | KDC | Description: | There are multiple accounts with name MSSQLSvc/server99.ad.fqdn.local:1433 of type DS_SERVICE_PRINCIPAL_NAME. |
| Event ID: | 26 | Source: | KDC | Description: | While processing an AS request for target service krbtgt, the account sAMAccountName did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 2). The requested etype |
| Event ID: | 27 | Source: | KDC | Description: | While processing a TGS request for the target server krbtgt/FQDN.EXAMPLE.COM, the account ACCOUNT@FQDN.EXAMPLE.COM did not have a suitable key for generating a Kerberos ticket (the missing key has an |
| Event ID: | 4 | Source: | Kerberos | Description: | The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/remotecomputer.fqdn.tld. The target name used was REMOTEPC. This indicates that the password used to encrypt the kerberos |
| Event ID: | 6 | Source: | Kerberos | Description: | The kerberos SSPI package generated an output token of size 311A bytes, which was too large to fit in the 2EE0 buffer provided by process id 0. If the condition persists, please contact your system a |
| Event ID: | 11 | Source: | l2nd | Description: | HP NC370i: Network controller configured for 1Gb full-duplex link. |
| Event ID: | 17 | Source: | l2nd | Description: | HP NC382i #2: Ndis is resetting the miniport driver. |
| Event ID: | 40960 | Source: | LSASRV | Description: | The Security System detected an authentication error for the server LDAP/DC1.fqdn.example.local/fqdn.example.local@FQDN.EXAMPLE.LOCAL. The failure code from authentication protocol Kerberos was "The |
| Event ID: | 258 | Source: | McLogEvent | Description: | The update failed; see event log. |
| Event ID: | 4624 | Source: | Microsoft Windows security | Description: | An account was successfully logged on. Subject: Security ID: SYSTEM Account Name: WIN7LAPTOP$ Account Domain: ADDOMAIN Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: A |
| Event ID: | 4616 | Source: | Microsoft Windows security auditing | Description: | The system time was changed. Subject: Security ID: LOCAL SERVICE Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x220 N |
| Event ID: | 3019 | Source: | MRxSmb | Description: | The redirector failed to determine the connection type. |
| Event ID: | 11309 | Source: | MSExchangeActiveSyncNotify | Description: | An internal error has occurred. Consult the debug trace log for more information. |
| Event ID: | 1159 | Source: | MSExchangeIS | Description: | Database error 0xfffffdf9 occurred in function JTAB_BASE::EcUpdate while accessing the database "Storage Group 1\Priv1". |
| Event ID: | 9523 | Source: | MSExchangeIS Mailbox Store | Description: | The Microsoft Exchange Database "Storage Group 1\Priv1" has been started. |
| Event ID: | 9539 | Source: | MSExchangeIS Mailbox Store | Description: | The Microsoft Exchange Information Store database "Storage Group 1\Priv1" was stopped. |
| Event ID: | 8 | Source: | MSFTPSVC | Description: | FTP Server could not create a client worker thread for user at host 10.15.4.79. The connection to this user is terminated. The data is the error. |
| Event ID: | 10 | Source: | MSFTPSVC | Description: | User user@domain.fqdn at host 192.168.99.99 has timed-out after 120 seconds of inactivity. |
| Event ID: | 13 | Source: | MSFTPSVC | Description: | User NTDOMAIN\fred failed to log on, could not access the home directory /. |
| Event ID: | 100 | Source: | MSFTPSVC | Description: | The server was unable to logon the Windows NT account 'USER99' due to the following error: Logon failure: account currently disabled. The data is the error code. |
| Event ID: | 101 | Source: | MSFTPSVC | Description: | The server was unable to add the virtual root '' for the directory 'd:\inetpub\ftproot' due to the following error: The system cannot find the file specified. The data is the error code. |
| Event ID: | 17188 | Source: | MSSQL$INSTANCE | Description: | SQL Server cannot accept new connections, because it is shutting down. The connection has been closed. [CLIENT: 192.168.0.142] |
| Event ID: | 4321 | Source: | NetBT | Description: | The name "LOCALPCNAME:20" could not be registered on the Interface with IP address 172.16.68.146. The machine with the IP address 172.16.68.138 did not allow the name to be claimed by this machine. |
| Event ID: | 3096 | Source: | NETLOGON | Description: | The primary Domain Controller for this domain could not be located. |
| Event ID: | 5722 | Source: | NETLOGON | Description: | Description: The session setup from the computer ComputerName failed to authenticate. The name of the account referenced in the security database is AccountName$. The following error occurred: Acces |
| Event ID: | 5807 | Source: | NETLOGON | Description: | During the past 4.23 hours there have been 13 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, the |
| Event ID: | 1000 | Source: | NTDS General | Description: | Microsoft Active Directory startup complete, version 5.2.3790.4808 |
| Event ID: | 1079 | Source: | NTDS General | Description: | Internal event: Active Directory could not allocate enough memory to process replication tasks. Replication might be affected until more memory is available. User Action Increase the amount of |
| Event ID: | 1394 | Source: | NTDS General | Description: | All problems preventing updates to the Active Directory Database have been cleared. New updates to the Active Directory database are succeeding. The Net Logon service has restarted. |
| Event ID: | 1519 | Source: | NTDS General | Description: | Internal Error: Active Directory could not perform an operation because the database has run out of version storage. Additional Data Internal ID: 2020f05 |
| Event ID: | 1539 | Source: | NTDS General | Description: | The local domain controller could not disable the software-based disk write cache on the following hard disk. Hard disk: c: Data might be lost during system failures. |
| Event ID: | 1869 | Source: | NTDS General | Description: | Active Directory has located a global catalog in the following site. Global catalog: \\LON-DC15.fqdn.example.com Site: LONDONCITY |
| Event ID: | 50 | Source: | Ntfs | Description: | {Delayed Write Failed} Windows was unable to save all the data for the file . The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try |
| Event ID: | 55 | Source: | Ntfs | Description: | The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Data01. |
| Event ID: | 4377 | Source: | NtServicePack | Description: | Windows Server 2003 Hotfix KB896424 was installed. |
| Event ID: | 1002 | Source: | PerfDisk | Description: | Unable to allocate a dynamic memory buffer |
| Event ID: | 1016 | Source: | Perflib | Description: | The data buffer created for the "TermService" service in the "C:\WINDOWS\system32\perfts.dll" library is not aligned on an 8-byte boundary. This may cause problems for applications that are trying to |
| Event ID: | 1017 | Source: | Perflib | Description: | Performance counter data collection from the "RemoteAccess" service has been disabled due to one or more errors generated by the performance counter library for that service. The error(s) that forced |
| Event ID: | 2003 | Source: | Perflib | Description: | The configuration information of the performance library "C:\WINNT\system32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. |
| Event ID: | 2012 | Source: | PerfOS | Description: | Unable to get system process information from system. The status code returned is in the first DWORD in the Data section. |
| Event ID: | 257 | Source: | PlugPlayManager | Description: | Timed out sending notification of target device change to window of "C:\WINDOWS\Explorer.EXE" |
| Event ID: | 15 | Source: | Removable Storage Service | Description: | RSM cannot manage library CdRom1. The database is corrupt. |
| Event ID: | 1001 | Source: | Save Dump | Description: | The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0x80000003, 0x80832de1, 0xf78da848, 0x00000000). A dump was saved in: E:\Path\To\MiniDump\Mini050510-01.dmp. |
| Event ID: | 1704 | Source: | SceCli | Description: | Security policy in the Group policy objects has been applied successfully. |
| Event ID: | 36872 | Source: | Schannel | Description: | No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example |
| Event ID: | 36882 | Source: | Schannel | Description: | The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection re |
| Event ID: | 528 | Source: | Security | Description: | Successful Logon: User Name: joe.bloggs Domain: ADDOMAIN Logon ID: (0x0,0x2CFFB3DE) Logon Type: 7 Logon Process: User32 Authentication Package: Negotiate Workstation Name: LOC |
| Event ID: | 529 | Source: | Security | Description: | Logon Failure: Reason: Unknown user name or bad password User Name: sAMAccountNAme Domain: NTDOMAIN Logon Type: 7 Logon Process: User32 Authentication Package: Negotiate Works |
| Event ID: | 538 | Source: | Security | Description: | User Logoff: User Name: LOCALCOMPUTERNAME$ Domain: NTDOMAIN Logon ID: (0x0,0x893B977D) Logon Type: 3 |
| Event ID: | 539 | Source: | Security | Description: | Logon Failure: Reason: Account locked out User Name: wilf.tresbitt Domain: USERNTDOMAIN Logon Type: 10 Logon Process: User32 Authentication Package: Negotiate Workstation Name: |
| Event ID: | 540 | Source: | Security | Description: | Successful Network Logon: User Name: LOCALCOMPUTERNAME$ Domain: NTDOMAIN Logon ID: (0x0,0x893B977D) Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workst |
| Event ID: | 861 | Source: | Security | Description: | The Windows Firewall has detected an application listening for incoming traffic. Name: - Path: C:\WINDOWS\system32\svchost.exe Process identifier: 904 User account: NETWORK SERVICE User d |
| Event ID: | 36 | Source: | Serial | Description: | While validating that \Device\Serial0 was really a serial port, the contents of the divisor latch register was identical to the interrupt enable and the receive registers. The device is assumed not to |
| Event ID: | 2504 | Source: | Server | Description: | The server could not bind to the transport \Device\NetBT_Tcpip_{E8F639B8-9C12-47D0-8597-28ED5BE0C84C}. |
| Event ID: | 7000 | Source: | Service Control Manager | Description: | The DgiVecp service failed to start due to the following error: The system cannot find the file specified. |
| Event ID: | 7024 | Source: | Service Control Manager | Description: | The SNMP Service terminated with service specific error 3. |
| Event ID: | 7036 | Source: | Service Control Manager | Description: | The McAfee McShield service entered the paused state. |
| Event ID: | 7011 | Source: | Service Control Manager Eventlog Provider | Description: | A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service. |
| Event ID: | 520 | Source: | smtpsvc | Description: | Virtual Server 1: The specified mail drop directory (X:\EXCHSRVR\Mailroot\vsi1PickUp) is not valid. Cannot start the SMTP service in mail-drop mode. |
| Event ID: | 1001 | Source: | SNMP | Description: | The SNMP Service has started successfully. |
| Event ID: | 1003 | Source: | SNMP | Description: | The SNMP Service has stopped successfully. |
| Event ID: | 1004 | Source: | SNMP | Description: | The SNMP Service configuration has been updated successfully. |
| Event ID: | 1100 | Source: | SNMP | Description: | The SNMP Service is ignoring the manager snmpbox01 because its name could not be resolved. |
| Event ID: | 1102 | Source: | SNMP | Description: | The SNMP Service is ignoring extension agent dll c:\path\to\ext-agent.dll because it is missing or misconfigured. |
| Event ID: | 2000 | Source: | Srv | Description: | The server's call to a system service failed unexpectedly. |
| Event ID: | 2011 | Source: | Srv | Description: | The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter. |
| Event ID: | 2012 | Source: | Srv | Description: | While transmitting or receiving data, the server encountered a network error. Occassional errors are expected, but large amounts of these indicate a possible error in your network configuration. The |
| Event ID: | 2013 | Source: | Srv | Description: | The C: disk is at or near capacity. You may need to delete some files. |
| Event ID: | 2019 | Source: | Srv | Description: | The server was unable to allocate from the system nonpaged pool because the pool was empty. |
| Event ID: | 0 | Source: | sshd | Description: | The following information is part of the event: sshd: PID 940: starting service `sshd' failed: fork: 11, Resource temporarily unavailable. |
| Event ID: | 1204 | Source: | Storage Agents | Description: | Drive Array Accelerator Status Change. The array accelerator board attached to the array controller in Slot 0 has a new status of 3. (Accelerator status values: 1=other, 2=notConfigured, 3=enabled, |
| Event ID: | 1204 | Source: | Storage Agents | Description: | Drive Array Accelerator Status Change. The array accelerator board attached to the array controller in Slot 0 has a new status of 4. (Accelerator status values: 1=other, 2=notConfigured, 3=enabled, |
| Event ID: | 1206 | Source: | Storage Agents | Description: | Drive Array Accelerator Battery Failed. The array accelerator board attached to the array controller in Slot 0 is reporting a battery failure. [SNMP TRAP: 3040 in CPQIDA.MIB] |
| Event ID: | 50 | Source: | TermDD | Description: | The RDP protocol component WD detected an error in the protocol stream and has disconnected the client. |
| Event ID: | 1114 | Source: | TermServDevices | Description: | Error communicating with the Spooler system service. Open the Services snap-in and confirm that the Print Spooler service is running. |
| Event ID: | 1012 | Source: | TermService | Description: | Remote session from client name RDPCLIENT exceeded the maximum allowed failed logon attempts. The session was forcibly terminated. |
| Event ID: | 1004 | Source: | TWPopup | Description: | The following requested video mode was not available: 3840 x 1080 x 24 BPP The video mode has been set to the following mode: 2612 x 734 x 24 BPP Video mode restricted by system administrator. |
| Event ID: | 1074 | Source: | USER32 | Description: | The process winlogon.exe has initiated the restart of computer LOCALCOMPUTERNAME on behalf of user NTDOMAIN\sAMAccountName for the following reason: No title for this reason could be found Reason Co |
| Event ID: | 1076 | Source: | USER32 | Description: | The reason supplied by user DOMAIN\sAMAccountName for the last unexpected shutdown of this computer is: Other (Unplanned) Reason Code: 0xa000000 Bug ID: 1234 Bugcheck String: Comment: I power |
| Event ID: | 1054 | Source: | Userenv | Description: | Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). |
| Event ID: | 1109 | Source: | Userenv | Description: | CN=User Name,OU=Org Unit,OU=Org Unit,DC=domain,DC=fqdn from a different forest logged onto this machine. Cross Forest Group Policy processing is disabled and loopback processing has been enforced in t |
| Event ID: | 1517 | Source: | Userenv | Description: | Windows saved user DOMAIN\sAMAccountName registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry w |
| Event ID: | 100 | Source: | vmauthd | Description: | Cannot connect to VMX: Z:\Virtual Machines\Nixbox\Nixbox.vmx |
| Event ID: | 3 | Source: | vmdebug | Description: | VMDebug driver (version 7.3.4.3) was not enabled. This driver is required by the replay debugging feature of VMware Workstation. If you are using other VMware products or not using replay debugging, |
| Event ID: | 49 | Source: | volmgr | Description: | Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. |
| Event ID: | 8 | Source: | VolSnap | Description: | The flush and hold writes operation on volume C: timed out while waiting for a release writes command. |
| Event ID: | 25 | Source: | VolSnap | Description: | The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not bein |
| Event ID: | 35 | Source: | VolSnap | Description: | The shadow copies of volume D: were aborted because the shadow copy storage failed to grow. |
| Event ID: | 8193 | Source: | VSS | Description: | Volume Shadow Copy Service error: Unexpected error calling routine RegSaveKeyExW. hr = 0x800703f8. |
| Event ID: | 1009 | Source: | W3SVC | Description: | A process serving application pool 'DefaultAppPool' terminated unexpectedly. The process id was '5076'. The process exit code was '0xc0000005'. |
| Event ID: | 1120 | Source: | W3SVC | Description: | The World Wide Web Publishing Service failed to obtain cache counters from HTTP.SYS. The reported performance counters do not include performance counters from HTTP.SYS for this gathering. The data |
| Event ID: | 1121 | Source: | W3SVC | Description: | The World Wide Web Publishing Service failed to obtain site performance counters from HTTP.SYS. The reported performance counters do not include counters from HTTP.SYS for this gathering. The data f |
| Event ID: | 243 | Source: | Win32K | Description: | A desktop heap allocation failed. |
| Event ID: | 244 | Source: | Win32K | Description: | Failed to create a desktop due to desktop heap exhaustion. |
| Event ID: | 16 | Source: | Windows Update Agent | Description: | Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establ |
| Event ID: | 0 | Source: | XenApp Services | Description: | Site path: D:\inetpub\wwwroot\Citrix\PNAgent. The Citrix servers reported that they are too busy to provide access to the selected published resource. This message was reported from the XML Service |
123