Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1065 Source: Microsoft-Windows-GroupPolicy

Level
Description
The processing of Group Policy failed. Windows could not evaluate the Windows Management Instrumentation (WMI) filter for the Group Policy object CN={8DAF4BF0-5352-44D6-B332-0A5748E52905}CN=PoliciesCN=SystemDC=AmerLANDC=local. This could be caused by RSOP being disabled  or Windows Management Instrumentation (WMI) service being disabled stopped or other WMI errors. Make sure the WMI service is started and the startup type is set to automatic. New Group Policy objects or settings will not process until this event has been resolved.
Comments
 
We got this on Windows 2008 R2.

Run wbemtest.exe connect to namespace root\cimv2 run query:

Select * from WIN32_OperatingSystem

If an error occurs, you can download and use Microsofts WMIDiag utility. In our case we got WMI error 0x800705af (The paging file is too small for this operation to complete). WMI was hogging all available memory (512MB). Restart of Winmgmt service fixed it for the moment.

See EV100229 (WMI leaks memory on Server 2008 R2 monitored agents) for a possible fix. Also, ME981314 has details about a hotfix.
Here is how to fix this:
1. See T727317 for get error wmi if error 0x80041010
2. Go to System32 within the Windows folder and navigate to the WBEM folder.
3. Now open up your system manager by right clicking on your My Computer shortcut in the Start Menu and select Manage.
4. Go to the Services tab and find Windows Management Instrumentation. Stop the service. Your system will complain that other services depend on it. Say okay when it asks and wait until the services are stopped.
5. Make sure that Windows Management Instrumentation is stopped.
6. Go back to the WBEM folder and find the Repository folder. Copy the folder and save to another location on the computer. You will see UAC prompts if you have UAC enabled. Accept the prompts.
7. Delete the Repository folder in the WBEM folder.
8. Close all programs and open windows. Reatart your computer.
9. Log on. Do not open any programs and let the system sit idle for 10 minutes. Your system is recreating the Repository folder.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...