Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1002 Source: SclgNtfy

Default group policy object cannot be created. Error <error code> to open GPO Domain EFS Recovery Policy in domain LDAP://DC=bitstorm,DC=local.
I had this error after I installed AD logged on with the account "admin". The account "admin" was created by me before installing AD. I placed "admin" in build-in group "Administrators".  To resolve this error, I uninstalled AD and then logged on with the buil-in administrative account "Administrator". Then I installed AD once more. After reboot I had no errors anymore.
I had this problem after running dcpromo on my Windows 2008 Standard x64 server. Starting the TCP/IP NetBIOS Helper service worked.  For some reason it was stopped and disabled, not sure why.
Following the steps in the Microsoft article ME923977 resolved the problem for me.
Make sure you have the TCP/IP NetBIOS Helper service running.
From the newsgroups: If youre installing a DC which will have only a public interface, unbiding the "ms network client" and the "file & printer sharing services" from that nic will cause errors and prevent you from accessing things like the GPOs. You'll also get errors listed in the event log usually from the SclgNtfy service with the event id 1002.
To get around this problem install the Loopback nic (listed in Add/Remove hardware, Network Adapters, Microsoft>Microsoft Loopback Adapter). Next bind the ms net client and the file & print sharing to it, place it on the top of the connections list in Adapters & bindings. You don't need to assign it any ip info to this nic as the assigned address is sufficient to make everything work. Maybe for speed assign a private range ip.

From a newsgroup post: The problem is that this DC is multi-homed, and for security purposes I had Client for Microsoft Networks and File and Printer sharing for Microsoft Networks unbound from the "public" interface. I needed to change the binding order so that the "private" interface is used first (since it is bound to those services).

Error codes:
- 80070035 - "The network path was not found"
- 80070005 - See the link to Error code 0x80070005.
ME313365 is a more appropriate article than ME257705 since it deals with "domain" EFS. However this article may have a typo in stating that you do not need CA to add EFS Recovery Agents.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.