Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 30 Source: WinMgmt

A WMI/WBEM client executed an asynchronous operation and failed to return from its implementation of IWbemObjectSink.
As per Microsoft: "The problem occurs when WMI cannot use DCOM correctly because the System and Interactive accounts are being removed from the access control entries of the Default Access Permissions section of Dcomcnfg.exe. This behavior may occur when a user on the server specifically adds user accounts to the list (for example, the user may add the IWAM account). Adding user accounts removes the implicit entries for the System and Interactive accounts". See ME811321 and ME324645 for further details.

From a newsgroup post: "There are a few reasons for this problem to occur, but the most common is due to messages getting stuck in the Temp Tables within the mailbox store. A great utility allows you to remove the messages from those tables safely. Hope this works for you. If not, please contact PSS, as there are some other possibilities for this issue.
Please be advised that when clearing TEMPTable#1 you will clear any messages that are currently going in or out of the store. I would suggest performing this cleanup during off-peak hours, or when you know the users are not sending/receiving mail.
Steps using Mfcmapi v5.0.0.8 to clear the temp tables in Exchange 2000:
1. Double click on the Mfcmapi executable.
2. Click OK to close the "About Mfcmapi" window.
3. Click the "Session" menu and choose "Logon and Display Stores".
4. Choose the Mapi Profile, and then click OK. Note this can be a Mapi profile for the Administrators mailbox.
5. Highlight Private Folders. Note the name may change to SMTP (<Server
Name> (GUID)) when you highlight it. This is normal.
6. On the MDB menu, choose "Get Mailbox Table...". Note if there are a large number of users on the system, you may get a dialog box stating that the threshold has been reached. Simply close this window.
7. Double click on the SMTP (<Server Name> (GUID)) mailbox.
8. Expand the "Root Container" object and then highlight the TempTable#1 object.
9. On the Actions menu, choose "Delete Folder".
10. On the "Delete Selected Folder" window, place a check beside "Hard Deletion" and then click "OK".
11. To confirm that the Temp Table folder was deleted, choose "Refresh View" from the "Hierarchy Table" menu. When you expand "Root Container”, the TempTable#1 object should not be there.
12. Restart the IIS Admin service. This will rebuild the TempTable#1 object".
See the link below

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.