Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
The description for Event ID ( 2001 ) in Source ( rasctrs ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: .
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is a DLL?
What are the performance counters?
What is causing the “The description for Event ID ( … ) in Source ( …. ) cannot be found… “?
In my case, I solved the issue by setting the Remote Access Connection Manager and Telephony services startup type to "Manual".
This event can also be caused by a conflict between Symantec/Veritas tape drivers and the Routing and Remote Access service. As per ME842696, try to reinstall the drivers and reboot. It worked for me.
This event can be ignored if it occurred when Windows was started in Active Directory Restore mode or some other form of Safe Mode.
As per Microsoft: "There was a problem with System Monitor's communication with the Routing and Remote Access driver using a device IOCTL. Verify that the NDISWAN.SYS file is in your Systemroot\system32\drivers folder. Also restart the server". See MSW2KDB for more details.
From the link below, the message actually reads: "Load of Rasctrs.dll failed. Make sure the DLL file is in the PATH. WIN32 Error number is returned in the data."
For Windows NT, according to Microsoft: "This behavior can occur if you install RAS on a computer that already has Service Pack 4 (SP4) installed but do not then reapply SP4 or apply the latest service pack before you restart the computer."
For Windows 2000, this may occur after the installation of Service Pack 4. See ME823405.
Windows 2000 (any edition) issue that is caused when the following three services are disabled: Remote Access Auto Connection Manager, Remote Access Connection Manager, Telephony (all of which are set to Manual by default). Typically, someone would disable these services on Domain Controllers (or other editions) to reduce the number of unncessary services running, of which, these three are not needed as long as RAS is not needed. This message can be especially troublesome on a DC due to it appearing every 60 seconds and filling up/creating large "Application" event log file. However, it is a harmless error.
1. Run "unlodctr rasctrs.dll" to unload the counter.
2. Delete the performance counter registry key: HKLM\System\CurrentControlSet\Services\RemoteAccess. Delete the entire "Performance" key.
The error will cease.
Note: This problem is fixed in Windows XP.
Started occuring after I disabled the Telephony and Remote Access Connection Manager services with a security template. Whenever attempting to run performance counters against this server the Application Event log would fill with this error. Setting these services back to Manual (thus allowing them to start when Perfmon hit them) solved the problem.
Edit the following registry key [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Performance] as follows:
First Counter to decimal 1848
First Help to decimal 1849
Last Counter to decimal 1886
Last Help to decimal 1887
This fixes the problem.
I got this event on a Windows 2000 Server after disabling the Remote Access Services. I used the exctrlst.exe utility from the resource kit, scrolled down to the "RemoteAccess" extensible performance counter, and unchecked "Performance Counters Enabled" for this service. That solved the problem for me.
You get this 2001 error after disabling Remote Access service. Here is my fix:
Value name: Library
Data type: REG_EXPAND_SZ
create a new String:
Value name: Library
Data type: REG_SZ
All it takes to fix, is getting rid of the EXPAND data type. Reboot and verify that the error is gone.
See Microsoft article ME811089 link below.
To work around this problem, run the following commands prompt in the %SystemRoot% \System 32 folder to unload and reload performance dynamic-link libraries (DLLs).
|Private comment: Subscribers only. See example of private comment|
|Links: ME246805, ME811089, ME823405, ME842696, Exctrlst.exe: Extensible Performance Counter List, MSW2KDB|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated