Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 10001 Source: DCOM

Source
Level
Description
Unable to start a Dcom Server: computer name as <account>. The error: "<error>" Happened while starting this command: <command>
Comments
 
- Error: "The system could not find the environment option that was entered" - This happened when a corrupt profile was copied to the location of the roaming profile of another user and that user was then logged on. Logon as an Administrator, delete local copy of the profile, and configure the roaming profile correctly.
This event can occur if there is not enough memory available or if an error occurred with another file that the COM infrastructure depends on. See MSW2KDB for additional information about this event.
- Account: IWAM_Account, error: "Access is denied", command: "C:\WINNT\system32\dllhost.exe /Processid:{ }" - From a newsgroup post: "Please first test to run this site in IIS process to see if it is able to work, this launches the site under System account but not IWAM: In IIS MMC, right-click the Default Web Site->SUSAdmin vdir and open its properties. In the Virtual Directory dialog set Application Protection to Low (IIS Process). Run iisreset command in Start->Run to restart IIS. Then please test the SUS site again and if it still fails, check event log to see if there is any new error log.
If you hope to deeply troubleshoot the IWAM error, please change the setting back and download Filemon from Sysinternals. Include only “dllhost.exe” in filemon's toolbar->filter. Then browse to the SUS site to reproduce the error and check if this generates any access denied events in filemon. It is also possible that the permission is denied in registry, you may perform test with regmon in the same way.
Furthermore, in Administrative Tools->Local Security Policy->Local Policies->User Rights Assignment, check if IWAM account has been granted with the “Bypass traverse checking” right. By default, the local Everyone group has this permission".
As per Microsoft: Explanation: The server may not be configured properly.
User Action: Check that the server is configured properly. Also, check that the user Id and password are correct and that the application is installed correctly.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...