Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 3 Source: Microsoft-Windows-FilterManager

Level
Description
Filter Manager failed to attach to volume '\Device\Harddisk5\DR10'. This volume will be unavailable for filtering until a reboot. The final status was 0xc03a001c.
Comments
 
When you run backup, it will create VSS snapshots. To the OS, these snapshots are local volumes. And these "volumes" are temporarily mounted at that time. Thus, Filter Manager at that time try to attach the filter driver registered to the new "volume" which failed. As these are only snapshot, not real volumes, you can safely ignore these Filter Manager events if they occur at the time a Backup runs. It won't hurt any operations.
On Windows Server 2012/2012R2, this error occurs when you open Windows Server Backup and click on Recover and browse files in the backup. This is due to the mounting of a virtual volume which is dismounted when you exit Backup. This error can be safely ignored in these circumstances.
From a support forum: "I knew that I had no DPM jobs scheduled and since the event was always generated at 05:00, I remembered implementing a scheduled task on the HV Core to backup my SSD to an ext hdd. Check thru SchTasks & WbAdmin, you might find an old windows server backup job causing your irritation."
From a support forum:

This is DPM related however its on the Hyper-V side and the issue is to do with VSS snapshots on Hyper-V. This issue also has broader consequences in that your DPM backups will eventually kill your Hyper-V hosts, its just a matter of which backup willl push it over the line.

See the below link for either implementing a hotfix or creating a scheduled task to clean the issue up. In my case the issue became so bad that it rendered a couple of my Hyper-V cluster nodes inoperable, they would crash every 12 hours not to mention not being able to login to them or host any VMs after a couple of major crashes.

I opted for the DevNodeClean process because I wanted to see how bad the registry was impacted. The most effected server had 8283 orphaned volume snapshot devices registered in the registry and I worked out that once you get to the 6000 mark, the Hyper V host start getting very unstable.

ME982210 (hotfix or compile your own clean up tool)

EV100441 (Hotfix KB982210 Windows Server 2008 R1/R2 Hang at Logon Bug Deep Dive) - nice overview of the issue, reg bloat cleanup instructions).

DevNodeClean utility can be sourced here if you can't be bothered compiling your own in Visual Studio because MS doesn't provide it as a download only compiling instructions. See EV100442 (DevNodeClean).

Resolution either implement the hotfix or Setup scheduled task / run devnodeclean.x64.exe /r manually after each backup cycle.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...