Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1015 Source: Winlogon

Source
Level
Description
A critical system process, <process name>, failed with status code <code>. The machine must now be restarted.
Comments
 
- Process: C:\WINDOWS\system32\lsass.exe, - On Windows Server 2003 Service Pack 2 (SP2) with IIS 6.0 installed and hotfixes KBKB970430 or update KB973917 applied, this issue occurs because a bug in one of the Windows system files (Strmfilt.dll). A hotfix is availble - see ME979730.
- Proccess: lsass.exe, code: c0000354 - See ME911185 for a hotfix applicable to Microsoft Windows Server 2003. Also, see ME897648 for a hotfix applicable to Microsoft Windows Server 2003 and Microsoft Windows XP, and ME870997 for a hotfix applicable to Microsoft Windows 2000 and Microsoft Windows XP.
- Process: lsass.exe, code: c0000005 - See ME955410 and ME927342 for hotfixes applicable to Microsoft Windows Server 2003.
As per Microsoft: "The system default profile appears when nobody is logged on. This event record indicates that the changes that the user made to the default profile were not saved to the local system. The user will have to use the system default profile at the next logon session". See MSW2KDB for more details.

As per Microsoft: "This problem may occur when an inheritable Deny access control entry (ACE) is applied to an organizational unit (OU) that inherits only to user objects but applies to all properties. The access violation occurs when a principal that this Deny ACE applies to queries users in the OU". See ME818080 and ME886174 for two hotfixes applicable to Microsoft Windows Server 2003.
Process: C:\WINDOWS\system32\lsass.exe, Code: c0000005 - Occurs when a 16-bit application is run on a Windows Server 2003 Terminal server.
See also the comments for Error code 0xc0000005.


Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...