In my particular case (SBS 2008) in the agent tab in the SNMP services the SERVICE (lower half of the agent property tab) in it of itself was not configured correctly. The service was configured for the Physical, Applications, Internet and End-to-End. The server was not functioning as an IP gateway (router)so by clearing the check mark for the Internet service the logging of EventID: 3006 stopped.
Error code 87
- On a Windows server 2003, I looked at Task Manager found that the SNMP service was causing the 'Services' process to be ramped up to 20%. This resulted in the 3006 error being logged many times a second. Restarted the SNMP service and all returned to normal.
As per Microsoft: "The log event record could not be read. Event Agent ignored the error and will continue to operate normally; however, some event-to-SNMP (Simple Network Management Protocol) trap translations might be duplicated or missed. This will not affect the operation of the system". See MSW2KDB
for more details.
From a newsgroup post: "I found a fix on Microsoft Support site with KB Article 833305. After applying the patch, the errors did not go away. Finally, it had something to do with the SNMP Service. After stopping the SNMP Service, I no longer received this event. My SNMP service had the following dependencies:
1. HP Insight Foundation Agent
2. HP Insight NIC Agent
3. HP Insight Server Agent
4. HP Insight Storage Agent
I am not sure which one of them was causing the problem".
If the error code is 6 then this event is only an informational message. Another handle to the event log is opened and the computer performs as expected.
- Error code: 122 - No information.
As per Microsoft: "The Event Log service may use a handle that is not valid when a new event overwrites the contents of an event for which there is an open handle". See ME833305
for a hotfix.
In my case, I configured the events logs to "Overwrite events as needed" instead of "Overwrite events older than : .. " and the problem was fixed.
As per Microsoft: "This behavior occurs when an invalid handle is used to read from the Application log. This behavior may occur after the Application log has been cleared or when the log periodically experiences heavy logging activity after it has been cleared." See the link to ME246912
for more details.