Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 11197 Source: Dnsapi

The system failed to update and remove host (A) resource records (RRs) for network adapter
with settings:

   Adapter Name : {CAC3572C-E236-458F-A83A-FD08EB144674}
   Host Name : <computer name>
   Primary Domain Suffix : <domain name>
   DNS server list :
     <ip address>
   Sent update to server : <ip address>
   IP Address(es) :
     <ip address>

The reason the update request failed was because of a system problem. For specific error code, see the record data displayed below.

Data: 51 27 00 00
The "specific error code" mentioned in the event description is in most cases 0x2751 (or 10065 in decimal) and this means that the computer was unable to determine a route to the IP address that it tried to reach. For example if there is no default gateway and the computer is asked to connect to a host that it's not located on the same network segment a similar error code will be generated by the TCP/IP stack. So, to return to this message, what this means is that the computer tried to update its records in DNS but for some reason was unable to determine how to get there (i.e. if the network card is disabled surely there is "no route" to any host).
Check the permissions of the computer in the Forward Lookup Zone on the DNS. Make sure DOMAIN\COMPUTERNAME$ has the write permission. A symptom is the presence of an account that is no longer authenticated by the server.
Look at your zone files, forward and reverse lookup and make sure that there is only one entry for reverse IP and only one forward name lookup. Also, check the security of these entries to make sure the user can update them.
As per Microsoft: "The update request for an A record could not be completed. Possible causes include:
- There is no network connectivity.
- The zone file is not configured to accept updates.
- The zone could not be found.
- The server is unavailable". See MSW2KDB for more details on this event.

As per Microsoft: "Event ID 11197 is generated every time that the network protocol stack is rebuilt". If this problem appears when you install Microsoft Virtual Server 2005, Microsoft states that this problem appears because the installation of Virtual Server 2005 networking causes the network protocol stack to be rebuilt in Windows. See ME843237 for details on this issue.
This error is generally reported when a network card has been disabled.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.