Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
The description for Event ID ( 1 ) in Source ( LGTO_Sync ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description see Help and Support for details. The following information is part of the event: Sync Stop done.
|English: Request a translation of the event description in plain English.|
According to a VMware technical article, this issue occurs due to the LGTO sync service that is part of the VMware tools. To workaround this behavior you must disable the LGTO Sync service.
To disable the LGTO Sync service:
1. Open the Windows Device Manager.
2. Click View > Show Hidden Devices.
3. Expand Non-Plug and Play Drivers.
4. Find the Sync Driver device. To verify that you have found the correct device edit the properties and click the Driver tab. The Driver tab shows information similar to:
Service name: LGTO_Sync
Display name: Sync Driver
5. Once you have found the correct service Click Cancel to go back to the Device manager.
6. Right-click the device and select Disable.
7. Reboot the virtual machine.
Note: The LGTO Sync service is not applicable with Windows 64bit.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated