Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1012 Source: WinLogon

Source
Level
Description
The automatic certificate enrollment subsystem could not access local resources needed for enrollment. Enrollment will not be performed. (<error code>) <error description>.
Comments
 
- Error code: 0x80090332, description: "The security context could not be established due to a failure in the requested quality of service" - This event appeared on the domain controller with all the FSMO roles, which was running Windows 2000 Server SP4. It was fixed by using DCPROMO to demote/re-promote one domain controller at a time and seizing the FSMO roles.
On a Dell TS, the file vxsvcerror.log.tmp was stored in the Default User folder. vxsvc.exe (Dells Array Manager disk management plugin) had this file open and locked, causing subsequent file copy operations from Default User to fail. Uninstalling and re-installing Dell Array Manager and then recreating the affected user profile directories solved this event for me.
When my users were trying to logon to this system that was getting this error, anyone other then an administrator could not logon. I came to find out that someone has deleted the Default User folder under Documents and Settings. I added in a Default User folder from another Win2k system and the problem cleared up.
See ME839880 for details on this event.

From a newsgroup post: "In our case, the clients accessing the TS with Win2k boxes were randomly kicked off and then reconnected immediately. The only account that never got disconnected was the administrator account. I found out that we had copied over profiles from the old server. I deleted then recreated all the accounts and profiles, and that got rid of the error".
- Error: 0x80070005, error description: Access is denied - We found that deleting the contents of the saved roaming profile resolved the problem.


For us, this error was occurring on all Windows 2000 machines in our domain, Windows XP and Windows 2003 were fine. We had configured an auto-enrollment policy for the machine certificate template (to be used for TLS sessions to our LCS servers). The reason these errors were generated on Windows 2000 was that our Active Directory OU names contained a comma. For example: “Boston, Massachusetts”. When I renamed the OU to: “Boston Massachusetts” all was well.
Error: 0x8007054b, Error description: "The specified domain either does not exist or could not be contacted." This is related to user profile problems. The event happens when having a roaming profile and no domain controller can be contacted. Please see event ID 1054.
You will receive this event when you logon with win2000 workstation to a domain with a mandatory profile without renaming first the USER.DAT file to USER.MAN on the server.
Error: 0x80070005, Error description: "Access is denied". The "Access Denied" message can be caused by a bad or corrupted local profile at the server when attempting to "terminal service" into the server.  Delete the local profile of the account that is affected.
I got this error on a W2k terminal server when trying to log on with a user with a roaming terminal services profile.  Turns out the user account has to have full permissions on his roaming profiles folder, not just modify permissions.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...