Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1 Source: sr

Source
Level
Description
The System Restore filter encountered the unexpected error "<error code>" while processing the file "<file name>" on the volume "<volume name>". It has stopped monitoring the volume.
Comments
 
See ME302796 - "Troubleshooting System Restore in Windows XP".

Error code 0xC0000040 - This issue may occur under a rare set of circumstances -- specifically, when a program or programs try to simultaneously access and modify the same file in a way that creates a conflict with the functions of the System Restore utility. See ME812119.

Errror code: 0xC000007F - This may indicate that there is not enough space on the disk.
Error code 0xC0000056 - As it turns out I had System restore enabled on a data drive that was hosting several DFS shares and the DFS shares were being rebuilt. My solution was to only leave System Restore enabled on the C: drive.
Error code 0xC000009A - This error may indicate a lack of resources required to perform the restore task. Verify the available memory and any other resources that may have reached a high utilization threshold. A reboot may help as well. One user reported related events (event id 10005 from DCOM and 12292 from VSS related to the Volume Shadow Copy Service).
As per Microsoft: "System Restore encountered an error when backing up a protected file. This error causes System Restore to stop copying files and purge all existing restore points. System Restore will automatically restart after the next restore point is created". See MSW2KDB for additional information about this event.

- Error code 0xC000000D - See ME942912.
- Error code 0xC0000024 - From a newsgroup post: "I turned off system restore, restarted, and turned it on again. From then on, this event did not occur. I was getting the error every few hours but now I have not got the error for 2 days".
- Error code 0xC0000035 - When you restart Windows XP, the Change.log file that System Restore uses to track activity is renamed Change.log.<number>, where <number> is the next available number, up to 1000. If the number has reached 1000, Windows XP cannot rename the file and System Restore is disabled. See ME903264 and WITP84145 to solve this problem.


- Error code 0xC0000023 - This problem occurred on my RAM disk where I store the cache of my web browser. I fixed it by disactivating the restore service, setting the size of the cache to less than the size of the RAM disk and reactivating the service.
- Error code 0xc0000368 - This may indicate that the System Restore service is trying to process a NTFS junction that points to an unavailable location (in my case, an unmounted PGP volume).
- Error code 0xC0000002 - In my case, the solution was to empty the recycle bin of the encrypted volume. The user had two SpyProof disks.
- Error code 0xc000000d - See ME888402 for a hotfix applicable to Microsoft Windows XP.

From a newsgroup post: "I recently suffered from the identical problem, and tracked the offending “.lnk” file in my sr event log entry down to RealOne v.2 player's recent clips history folder. The “.lnk” file in my case contained multiple fields, a “C:\Program Files\...” path to realplay.exe, followed by a “/startpos:00.00.00.0” parameter, and then a path to the clip file itself. I purged RealOne’s history list and switched off the clip history option in all users on my home system, and so far, the problem has not recurred".
Error code 0xC0000369, file "ntuser.ini" - no info.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...