Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1000 Source: CluSvc

Microsoft Clustering Service suffered an unexpected fatal error at line 1366 of source module D:\nt\private\cluster\service\dm\dminit.c. The error code was <error code>.
In our case, this event ID occurred in the System log on the passive node in a Windows 2K cluster after the server was rebooted.
The "D:\nt\private\cluster\service\dm\dminit.c." appearing in the event description is not related to the actual drive in the cluster configuration but it is the location of the source file (dminit.c) of the program during its development by Microsoft.

Error code 6:
From a newsgroup post: "Along with this event log, you should have a corresponding log entry in your
cluster.log file that starts with the text: [DM] Could not reopen key. Have a look in the cluster log and see what key it's having trouble opening and perhaps if it provides a more descriptive error regarding the failure. Remember that the cluster log is stored in GMT, so you will need to conver the timezones to find the log entry."

From another post: "This error could be an indication that the cluster service cannot access the
clusdb file and/or that file may be corrupt. Since you're able to start the cluster service after a short period of time, I'd guess that the file is not corrupt. I would verify that all of your shared storage and related hardware is configured properly and that the machines can access the cluster drives without any problems. Also, be sure that you aren't booting both cluster nodes at the same time, it is best to stagger them just a bit so they do not both try to start the cluster service at the same time and potentially fight over arbitration of the quorum drive."

Error code -1073741790
From a newsgroup post: "Use the registry check point file to replace the local ClusDB and bring the node back into the cluster. Follow the procedure in ME224999."

Error code 2 - no info

Error code -1073741727 (in a GeoSpan/MSCS configuration)
From a newsgroup post: "The Domain Local Policy was overwriting the computer's local policy and GeoSpan's local permissions were overwritten. Once we added GeoSpan to the Domain security policy we were immediately able to reset the quorum and get back in business."

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.