Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 14176 Source: MicrosoftWebProxy

Disk cache D:\urlcache\Dir1 failed to initialize. Some errors were encountered when ISA Server restored specific data cache files. ISA Server will now attempt to recover these files. These errors may have occurred because there was not enough time to complete all necessary shutdown operations, when ISA Server was previously shut down. To avoid this in future, you can increase the value of the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WaitToKillServiceTimeout registry key. Identify the reason for cache failure by examining previous recorded events, or the error code. The error code in the Data area of the event properties indicates the cause of the failure (internal code: 504.1312.3.0.1200.50).
See ME887311 to resolve this problem.
Data: 00000005. This behavior may occur if the partition on which the cache is located does not have the appropriate user rights for the Everyone user. The Everyone user must have full access rights to build the Urlcache folder during Setup, or if you change the partition and the cache must be moved.

To resolve this behavior:
Start Windows Explorer, and the search for the Urlcache folder.
If the Dir1.cdat file is missing, change the rights for the Everyone user on the Urlcache folder to Full Control.
Restart all of the ISA Server services.
A file that is named Dir1.cdat is created. If the cache is located on only this partition, the file is the size of the cache that is defined in the ISA Server console. If other drives are defined in the cache configuration, there is an Urlcache folder on each drive that is defined. A Dir1.cdat file is created in each Urlcache folder.
See ME319877.
From a newsgroup post: "These problems can be caused by poor filters. You could try running ISA with them disabled see if it helps. Also, you might be able to get rid of 14176 by increasing the
registry key it talks about from 20000 to 60000, then by 10000 until it disappears."

Data: 57 00 00 00 - no info.
Data: 5c 06 00 00 - From a newsgroup post: Try deleting the Web Proxy cache and recreating it. This problem could be related to a corrupt cache."

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.