Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1005 Source: MSExchangeCluster

Exchange HTTP Virtual Server Instance <value> (ADEXCHANGE1): The IsAlive check for this resource failed.
This problem occurs if Exchange Server 2007 is installed on a computer that has more than 4 gigabytes (GB) of RAM, because of a problem in the Windows kernel. See ME928368 for a hotfix applicable to Microsoft Windows Server 2003.

This issue may occur when the following conditions are true:
1.McAfee Access Protection is installed in your organization.
2.The McAfee Access Protection settings are managed from a configuration server.
3.The node to which Exchange Server fails over lost connection with the configuration server. Therefore, the node uses default port blocking settings. By default, McAfee Access Protection blocks port 25 to prevent mass mailer worms.
See ME922252 and ME925464 to solve this problem.

This issue is known to occur when you install McAfee VirusScan Enterprise 8.0 or McAfee VirusScan Enterprise 8.0i on Exchange Server servers. See ME908864 for details.

See MSEX2K3DB for additional information about this event.
I had this error after installing SP1 on a cluster with Windows 2003 and Exchange 2003. See ME841561 for a hotfix that will solve this problem.
From a newsgroup post: "First thing I'd check is whether you can actually telnet to port 25 directly and make a good connection: "telnet <IP address of the virtual server> 25". If that does not work, you definitely have a problem, as the cluster service will fail in exactly the same way your telnet attempt did. Some AntiVirus/AntiSpam software has been known to block access to port 25 in an effort to prevent the SMTP service being used to relay spam. Double check that you do not have this feature enabled if you have any 3rd-party AntiVirus/AntiSpam software installed".

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.