Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
The description for Event ID ( 0 ) in Source ( DWMRCS ) could not be found. It contains the following insertion string(s):
DameWare Mini Remote Control
, Failed Version Negotiations.
Date: 01/17/04 10:46:27
Logon As ID:
OS Product ID:
OS Registered Owner:
OS Registered Organization:
Host Name from Peer:
IP Addresse(s) from Peer:
IP Address: <ip address>
Protocol Version - DWRCC.EXE: 0.000000-0.000000
Protocol Version - DWRCS.EXE: 3.660000-0.000000
Product Version - DWRCS.EXE: 126.96.36.199
Authentication Type: NT Challenge/Response
Last Error Code: 203
Last Error Code (WSA): 203
Absolute timeout setting: 0 minutes
Connect/Logon timeout setting: 90000 miliseconds
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is causing the “The description for Event ID ( … ) in Source ( …. ) cannot be found… “?
What is an authentication protocol?
From a newsgroup post: "Installing the Microsoft 329170 hotfix may cause this problem. You might try the following troubleshooting steps:
1. Boot to Safe Mode.
2. Disable the following services on startup.
Dameware Mini Remote Control (DWMRCS)
File is located in c:\winnt\system32\dwrcs.exe -service
HXD Service (HackerwareDefender051)
File is located in c:\winnt\system32\rkit.exe
See also ME303383.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated