Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1009 Source: W3SVC

A process serving application pool "<application>" terminated unexpectedly. The process id was "<ID>". The process exit code was "<error code>".
Error code: 0xffffffff - This event may be recorded after installing KB 982666. Reapply Windows Server 2003 Service Pack 2 to resolve this issue. See EV100146 for more details.
We just had this happen on one of our clients, and a reboot fixed the issue. I also had the following other event IDs associated with this problem: event ID 2269 from W3SVC-WP and event ID 1002 from W3SVC.
Error code 0xffffffff - As per Microsoft, "Internet Information Services 6.0 may not function correctly after installing KB973917". This appears to be a problem that comes to light after installing December 2009 updates. See ME2009746 for details.
Error code: 0xffffffff - See ME930461.
Error code: 0xc00000005 - This event can occur when you use an Internet Server API (ISAPI) filter that calls the GetServerVariable function to retrieve the AUTH_TYPE server variable before the user is authenticated. ME892988 provides a hotfix applicable to Microsoft IIS 6.0.

Other articles for this error code: ME918329, ME919789, ME919790, ME933343 and the link to "Citrix Support Document ID: CTX104784".

Error code: 0xff - This problem occurs when the Application Center Request Forwarder Filter (fFiltExt.dll) incorrectly processes incoming HTTP 1.0 requests. The filter may incorrectly process these requests when the servers that are running Application Center 2000 communicate through a server that is running ISA Server. See ME895983 for details about this issue.
In my case, I had to add the NetworkService Account to the DCOM Component "IIS Admin Service", give it full rights and restart the Default Applicication Pool in IIS and it worked.

Error code: 0xe0434f4d - This problem occurs because the default policy for unhandled exceptions has changed in the .NET Framework 2.0. See ME911816 for more details.

Error code: 0xffffffff - This problem occurs when the version of the Asp.dll file does not match the version of other Microsoft Internet Information Services (IIS) files. See ME919090 for more details. Another instance of this problem is described in ME920720 (it occurs if you do not reinstall Windows Server 2003 SP1 after you install IIS 6).
Error code: 0xffffffff - As per Microsoft: "This issue may occur if the server that is running Microsoft Internet Information Services (IIS) 6.0 is also a domain controller. The problem occurs because the Application pool is using the NT Authority\Network Service account, and the NT Authority\Network Service account may not have permissions to access the required folders". See ME842493 to fix this problem.

If you have Symantec Mail Security 4.0x for Microsoft Exchange set up on a Windows 2003 server, then see "Symantec Support Document ID:2003123017082454" to fix this problem.

From a newsgroup post: "I was trying to move the default web root from “C:\Inetpub\wwwroot” to “D:\Inetpub\wwwroot”. In the process, something went wrong. The problem I was seeing was that every time I tried to access the web site (any page) I would get back a "Service Unavailable" page (no error message - that's the whole page). The Event log showed several EventIDs with the source W3CSVC, including this one. The problem turned out to be Group Policy. We had a GPO configured, that set the "Logon As A Service" right only to Admin users. Since "Network Service" isn't an admin (for good reason), it failed. I moved the server into a new OU with an overriding GPO, and everything fell into place. Look at ME812614 for the default permissions and user rights for IIS 6.0".

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.