EventID.Net
 
home| search| account| evlog| eventreader| it admin tasks| tcp/ip ports| documents | contributors| about us 
 
Event ID/Source search
Event ID: Event Source:
Keyword search
Example: Windows cannot unload your registry file
EventID.Net Splunk Add-on

Splunk Add-onBuild a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.

read more...
 
Event ID: 13515 Source: NtFrs
Source: NtFrs
Type: Warning
Description:
The File Replication Service may be preventing the computer NEMESIS from becoming a domain controller while the system volume is being initialized and then shared as SYSVOL. Type net share to check for the SYSVOL share. The File Replication Service has stopped preventing the computer from becoming a domain controller once the SYSVOL share appears. The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume. The initialization of the system volume can be bypassed by first typing regedt32 and setting the value of SysvolReady to 1 and then restarting the Netlogon service. WARNING - BYPASSING THE SYSTEM VOLUME INITIALIZATION IS NOT RECOMMENDED. Applications may fail in unexpected ways. The value SysvolReady is located by clicking on HKEY_LOCAL_MACHINE and then clicking on System, CurrentControlSet, Services, Netlogon, and Parameters. T2001-03-27,22:47:18,127.0.0.1,5,4,EvntSLog:214520: [AUF] Tue Mar 27 22:47:17 2001: KANT/Security (578) - Privileged object operation: Object Server: Security Object Handle: 4294967295 Process ID: 1656 Primary User Name: DOMPDC$ Primary Domain:CORPDOM Primary Logon ID: (0x0,0x3E7) Client User Name: adrian Client Domain: CORPDOM Client Logon ID: (0x0,0x5ECEE65) Privileges: SeIncreaseBasePriorityPrivilege
English: Request a translation of the event description in plain English.
Concepts to understand:
What is the role of File Replication Service?
What is the role of the Netlogon share?
Comments:
EventID.Net
Windows 2000 does not support the SYSVOL folder on a mounted volume. The File Replication service takes the full path of the SYSVOL folder and opens a journal on that volume to track changes. Also, a number of functions internal to the File Replication service use the volume handle as an argument. With a mounted volume, the SYSVOL folder and the data it contains actually resides on another volume entirely; the journal cannot track changes and the internal File Replication service functions mentioned earlier do not work.
Click if the comment is good!
Private comment: Subscribers only. See example of private comment
Links: ME255759
Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...
Feedback: Send comments or solutions - Notify me when updated

Printer friendly

  • Subscribe
    SubscribeSubscribe to EventID.Net now!
    Already a subscriber? Login here!

 





 

 

Recommend Us


  • Quick Tip
    Connect to EventID.Net directly from the Microsoft Event Viewer!
    Instructions


Customer services

Contact us
Support
Terms of Use

Help & FAQ

Sales FAQ
EventID.Net FAQ
Advertise with us

Articles

Managing logs
Recommended books
Newsletter

Links

Follow us on Facebook
Firegen Log Analyzers
Link to us


© Copyright 2001-2017 EventID.Net