Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1903 Source: HHCTRL

Source
Level
Description
The description for Event ID ( 1903 ) in Source ( HHCTRL ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer.
Comments
 
This problem may appear if you install security update ME896358 or security update ME890175. See ME892675 to resolve this problem.
In one case, this Event ID occurred on a Windows 2003 SP1 computer that was configured as an 800xA Aspect Server. TightVNC had not been installed and it did not exist as a service. A Virus Scan was run on the computer and found nothing. Installing MS05-026 did not fix this problem. When the Windows Scheduled Task job ran, this Event ID appeared twice. Apart from this, the batch command completed normally. It did not appear when the batch command that is run by this job was run from the Windows command line.
A valid copy of WINZIP32.EXE from WinZip 9.0 SR-1 was being run with parameters from the batch file:
WINZIP32.EXE -a -r <target zip file> <source>.
The use of command line switches is not documented but does work. They are similar to the switches for the old PKZip. One anomaly I found was that unlike some versions of PKZip, specification of the -p or -P switch with the -r switch was not mandatory. Both -p and -P had the effect of the -P switch. Leaving off this switch has the effect of the -p switch. The version of WinZip used has to be a registered version (i.e. not a trial version) when run from a Windows Task Scheduler job otherwise it will prompt to accept the license agreement and this will cause the batch file to pause and eventually time out.
I looked at freeware ZIP utilities but these either did not run from the command line or were old and did not fully support Windows long file names.

Ignore this event if you can tolerate it appearing each time that WinZip is run from the WTS. Alternately, purchasing and using the WinZip command line Support Add-On 1.1 for WinZip 9.0 will avoid this event.
Installing TightVNC-1.3dev7 takes care of these events.
This event flooded my Application log until I tracked the problem down to the TightVNC Server service. I figured the culprit was a service once I realized that the entries occurred when there was no user logged in. After uninstalling TightVNC, these entries stopped. I am currently using RealVNC with no problem.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...