Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
The server service was unable to map error code <error code>.
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is the role of the Server service?
- Error code: 1797 - The PRINT$ share has changed from the default location of %systemroot%\system32\spool\drivers. Copy the w32x86 folder from its default location (%systemroot%\system32\spool\drivers) to the location of the new PRINT$ share. Use the Computer Management MMC to determine the
new location of the PRINT% share if it is unknown.
- 1722 (Error code 1722) = "The RPC server is unavailable." - This problem is caused by the JetAdmin port monitor being corrupted or outdated. See ME158751, ME199915, ME246523, ME319335, and ME822219 to fix this problem.
- 1797 = "The printer driver is unknown." - As per Microsoft: "The reason for this error is that a client workstation (for example, a computer running Windows 95) attempted to download a cross platform print driver but the computer running Windows NT Server did not have that driver loaded. The client will then most likely install the driver from another source, such as a printer driver installation disk. The computer running Windows NT Server simply logs this event with the above information." See ME165082.
- 1909 (Error code 1909) = "The referenced account is currently locked out and may not be logged on to." - As per Microsoft: "This problem occurs when the following conditions exist:
1. Account lockout policies are in effect.
2. A user logging on to a computer running either Windows 95 or Windows 98 attempts to change his or her domain password but is unsuccessful because he or she typed the "old password" incorrectly at the Change Password dialog screen.
3. The user locks the account by entering a wrong "old password" and clicking OK more times than the number of allotted "bad logon attempts" in the Windows NT domain's account policy.
4. If all of these items are satisfied, the 2510 error event will appear in the System Event Log of the Windows NT domain's primary domain controller.
See ME194333 for more details.
Other error codes reported:
- 1727 (Error code 1727) = "The remote procedure call failed and did not execute" - similar to 1722
- 1726 (Error code 1726) = "The remote procedure call failed" - See ME246523.
- 1222 = "The network is not present or not started" - See Error code 1222 for general information on this error.
- 317 = no info
- 3007 = "The specified print monitor does not have the required functions." - From a newsgroup post "This indicates that something is wrong with a printer or a print monitor on the server. We need to look at the printers that are installed on the server."
- Error code: 1722 (Error code 1722) - See ME923360.
- Error code: 1355 (Error code 1355) - If encountered on a domain controller, it is usually a defective client domain membership configuration.
- Error code: 998 - Im my case, SAV client's Auto Protect was disabled. After enabling it and rebooting the server, the problem was gone.
Most of the errors listed here are a result of Computer Associates ARC SERVE and Veritas Backup products. They both have outdated Kernel mode filters that corrupt some of the Operating Systems Kernel mode filters. In our case, our fully patched Windows 2000 Advanced Server would just randomly shut-off the Print Spooler and then of course, disconnect all the printers attached to it. Sometimes this would happen several times a day, other times it would run flawlessly for 2 weeks. Replacing the HP LaserJet 2100 driver with an HP LaserJet 2200 driver helped lessen the amount of time between stops, not quite sure why. The solution is to get updated "Ofant.sys" and (if necessary, if you have the Transaction manager installed) "Otman.sys" files from Computer Associates. Also, get "Otman4.sys" and/or "Otman5.sys" from Veritas. We did not have any luck finding the files from Computer Associates on their website and will have to call them. For more information, see the Microsoft article ME822219.
- Error code: 1230 (Error code 1230) - See ME330301 for a hotfix applicable to Microsoft Windows 2000.
- Error code: 1240 (Error code 1240) - See ME330301 for a hotfix applicable to Microsoft Windows 2000.
- Error code: 1722 (Error code 1722) - See ME888206.
See the link to "EventID 2510 from source Srv" for further information on this event.
For Error code 1240 see ME317692.
- Error code: 1450 (Error code 1450) = "Insufficient system resources exist to complete the requested service." - The problem stems from the fact that the PDC emulator has too many connections open. A sure symptom of this is when NT4 users cannot change their passwords anymore, or legacy applications (especially Oracle Express) do not work anymore. Fixed with SP3. Only cure with systems equipped with less than SP3 is a reboot.
- Error code: 1726 (Error code 1726) = "The remote procedure call failed." - Print jobs were just sitting in the print queues with errors. Print Spooler service was restarted with no effect. Problem was lack of free space on one of the partitions. After additional space was recovered, printers were working again.
|Private comment: Subscribers only. See example of private comment|
|Links: ME158751, ME165082, ME194333, ME199915, ME246523, ME317692, ME319335, ME330301, ME822219, ME888206, ME923360, Error code 1222, Error code 1230, Error code 1240, Error code 1355, Error code 1722, Error code 1726, Error code 1727, Error code 1909, EventID 2510 from source Srv|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (3) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated