Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
The data buffer created for the <service name> service in the <DLL name> library is not aligned on an 8-byte boundary. This may cause problems for applications that are trying to read the performance data buffer. Contact the manufacturer of this library or service to have this problem corrected or to get a newer version of this library.
|English: This information is only available to subscribers. An example of English, please!|
|Concepts to understand:|
What is a DLL?
What are the performance counters?
As per Microsoft: "When developing and debugging your Performance Monitor extensible counter on Windows 2000, the system may automatically disable it, generating event id 1016." See ME249138.
We got several reports on this error occurring on regular systems (not used for development or debugging), especially MS SQL 7 on Windows 2000 Server.
- Service: IAS - The event was reported when the system was restarted after a power failure. The IAS service was not started (the startup mode configured to "Manual").
- Service: EXOLEDB - The event was reported when the system was restarted after a power failure.
See ME942955 for a hotfix applicable to Microsoft Windows Server 2003.
We had this error and it was because of Trend Micro SMEX 7.0. After we applied ScanMail for Microsoft Exchange 7.0 Patch 5, the problem was solved. The read the readme for the patch see “ScanMail for Microsoft Exchange 7.0 Patch 5 Readme”.
- Service: AppleTalk - See ME324712 for more information.
- Service: ESENT - See ME828341.
- Service: BlackBerry Server - See the link to "BlackBerry Support Article Number: KB-00674".
- Service: MSMQ - See the link to "Veritas Support Document ID: 273250".
- Service: MQSeriesServices - Read IBM Support Reference #: IC45158.
ME247226 has information on how to fully uninstall a performance monitor extension.
As per Microsoft: "Windows requires performance counters to conform to 8-byte data block sizes. The specified service does not conform to this requirement". See MSW2KDB for more details on this event.
In our case, the event for "EXCOLEDB" and "MsExchangeChat" was being generated every 6-8 minutes. We simply used a utility "ExCtrLst.exe" from Win2K Resource Kit to disable corresponding performance counters. Same can be done by going directly to the registry under HTLM\System\CurrentControlSet\Services\<Service_Name>\Performance and creating a new DWORD value " Disable Performance Counters " (keep the spaces) use REG_Dword = 1 to disable or 0 to re-enable.
In my case, the problem appeared after I installed a performance monitoring software, namely "Performance Monitoring Protocol" developed by Eastbow Lab.
Woodrow Wayne Collins
Article ME226494 describes how to control the error checking and reporting by registry settings and list the possible event information. This is useful for testing and validating a Performance Monitor Extension. This is also helpful to diagnose problems with performance monitor extensions that are installed as part of a vendor's server application or device driver.
When the performance data buffer returned by a performance extension DLL is not aligned on an 8-byte boundary, the performance library (PERFLIB) part of ADVAPI32.dll will report a warning 1016 to the Application Log in Event Viewer.
ME262335 explains how a performance extension DLL can align the performance data on an 8-byte boundary.
As per ME280074:
"Microsoft SQL Server 7.0 uses 4-byte alignment for performance data. However, starting with Windows 2000 and later, the alignment changes to 8-byte alignment. Because Microsoft Windows 2000 was released after Microsoft SQL Server 7.0, 8-byte alignment is only propagated in versions of SQL Server released after Windows 2000, starting with SQL Server 2000.
Because this problem is fixed in SQL Server 2000, upgrading to SQL Server 2000 resolves the problem."
If you use Windows NT Performance Monitor to check the performance of the Microsoft Mobile Information Server or the Microsoft SharePoint Portal Server or Microsoft Exchange Server 5.5 see Microsoft article ME288077 for solution.
|Private comment: Subscribers only. See example of private comment|
|Links: BlackBerry Support Article Number: KB-00674, Veritas Support Document ID: 273250, IBM Support Reference #: IC45158, ScanMail for Microsoft Exchange 7.0 Patch 5 Readme, ScanMail for Microsoft Exchange Product Updates|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated