Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
svchost (904) The database engine stopped.
|English: This information is only available to subscribers. An example of English, please!|
|Concepts to understand:|
What is the role of ESENT?
See the comments for event ID 101 from source ESE98, the problem is identical.
Depending on the application that is using it, the stopping of an ESE database might be a "normal" event or may be an indication of a problem such as corrupt or missing files, antivirus scanning interfering with the proper operation of ESE and so on. In most cases, there are other events in the application log that may pinpoint the exact problem. This event simply states that ESE database stopped. See the link to the "What is the role of ESENT?" for information about the purpose of this application.
There are several applications that use ESENT. The process listed at the beginning of the event description provides a clue to the actual application that is affected by the stopping of ESENT. For example:
- wuauclt - Windows Update
- svchost - The Windows Service Host - used by several applications that need to run as a service. Unfortunately this doesn't provide any information about the actual application.
- ntfrs - File Replication System
In the particular case of Exchange, the start or stop of the ESE is part of normal operations. If Exchange works fine, then this event can be ignored.
|Private comment: Subscribers only. See example of private comment|
|Links: EventID 101 from source ESE98|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated