Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 101 Source: ESE

Source
Level
Description
Information Store (<PID>) The database engine stopped.
Comments
 
Depending on the application that is using it, the stopping of an ESE database might be a "normal" event or may be an indication of a problem such as corrupt or missing files, antivirus scanning interfering with the proper operation of ESE and so on. In most cases, there are other events in the application log that may pinpoint the exact problem. This event simply states that ESE database stopped. See the link to the "What is the role of ESE?" for information about the purpose of this application.

There are several applications that use ESE. The process listed at the beginning of the event description provides a clue to the actual application that is affected by the stopping of ESE. For example:
- wuauclt - Windows Update
- svchost - The Windows Service Host - used by several applications that need to run as a service. Unfortunately this doesn't provide any information about the actual application.
- ntfrs - File Replication System

In the particular case of Exchange, the start or stop of the ESE is part of normal operations. If Exchange works fine, then this event can be ignored.
See ME328639 for a situation in which this event occurs.
See the link to "EventID 101 from source ESE98" for information regarding this event.

See ME843092 for more details.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...