Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 2601 Source: MSExchangeADAccess

Level
Description
Process MSEXCHANGEADTOPOLOGY (PID=1336). When initializing a remote procedure call (RPC) to the Microsoft Exchange Active Directory Topology service Exchange could not retrieve the SID for account <WKGUID=1A9E39D35ABE5747B979FFC0C6E5EA26CN=Microsoft ExchangeCN=ServicesCN=Configuration...> - Error code=8007077f.
The Microsoft Exchange Active Directory Topology service will continue starting with limited permissions.
Comments
 
I was getting this every so often on Exchange 2010 SP2. This may indicate a problem with the binding order if you have more than 1 network cards. Perform the following steps:
1. Log on to the computer by using an account that has Administrator rights.
2. Click Start click Run type ncpa.cpl and then click OK.
3. In the Network Connections dialog box press ALT+N to display the Advanced menu.
4. Click Advanced Settings.
5. In the Connections box click the active network connection and then click the arrow to move the connection to the top of the list. Click OK.
6. Restart the Microsoft Exchange Active Directory Topology service. When you restart this service the following dependent services must also be stopped and restarted:
Microsoft Exchange Transport Log Search
Microsoft Exchange Transport Log
Microsoft Exchange Service Host
Microsoft Exchange Search Indexer
Microsoft Exchange Replication Service
Microsoft Exchange Mail Submission
Microsoft Exchange Mailbox Assistants
Microsoft Exchange File Distribution
Microsoft Exchange EdgeSync
Microsoft Exchange Anti-spam Update
ME2025528 indicates that this may be recorded when there are issues with the network connectivity or the DNS servers. The suggestion solution is to restart the server, and after the server has been up for a minute or two, run NLTest /DSGetSite to verify that that the proper Active Directory Site is being returned by Windows.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...