Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
The server has detected a potential Denial-of-Service attack caused by consuming all the work-items. Some connections were disconnected to protect against this. If this is not the case please raise the MaxWorkItems for the server or disable DoS detection.
|English: Request a translation of the event description in plain English.|
This event is due to overwhelming request on a Windows server that it cannot handle. In some cases, the system locks up and the only way to get to it is to reboot. You need to make a registry entry for MaxWorkItems. Always check Microsoft Technet for this kind of issues. Using regedit, go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters, right click, choose New, click DWORD Value and enter "MaxWorkItems". Double click it and choose decimal under the Base option, and put a value data between 1 and 65535. Microsoft advices using 4096 and doubling this value until the server's WorkItemShortage is below 3 (this can be monitored with Microsoft performance monitor Server\WorkItemShortage).
Note: Registry modification is at your own risk. Always backup your registry before making any changes to it.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated