Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 3019 Source: MRxSmb

Source
Level
Description
The redirector failed to determine the connection type.
Comments
 
Microsoft hotfix KB 957097 was the main problem for 2 of my partners, not the same hardware (SiS NIC cards vs Realtek, Broadcom Wi-Fi vs Intel), nor the same antivirus program (Kaspersky v7 & 2010 vs NIS2009) and the problem occurs ONLY on writing data over network using an application (like accounting software), copy files over network works great and internet access too. Restoring MRXSMB.SYS file from SP/ installation resolves the problem. So, do not install KB957097!
This can occur when you have Internet Explorer 7 with the module "Internet Explorer Enhanced Security Configuration" installed. Adding the server to Secure Sites or removing this module from Windows Components will allow access to local share. I tested in Windows Server 2003.
This event was logged after the Windows Guest account was disabled, the machine rebooted, and other PCs attempted access to a share on this machine that was shared to "Everyone".
See WITP27037 - the link to "The Ever-Morphing Mrxsmb" for information about MRxSmb events.

This event can occur when you search for files or for folders over a wide area network (WAN) link from a Microsoft Windows XP-based client computer. See ME925885 for information on how to solve this problem.
In my case, I resolved this problem by going to "HKLM\System\CurrentControlSet\Services\Browser\Parameters" on my first DC and changing the "IsDomainMaster" key to "TRUE". This forced a master browser on my NT network.


This event also appears when you have selected the option to automatically connect local devices to the remote computer when logged into a remote desktop. In this case, it was the printer option. To avoid this warning, uncheck all local devices on the Local Resources tab in the Remote Desktop Connection properties.
As per Microsoft: "The redirector could not determine the physical characteristics of the connection, for example, the media type or bandwidth. Typically, this occurs when the computer uses a tunneled connection such as a virtual private network (VPN) or a Point-to-Point over Ethernet (PPPoE) to connect to the Internet. This message is logged for informational purposes only". See MSW2KDB for more details on this event.

ME813130 has a hotfix for Windows 2000 that might address this problem.

From a newsgroup post: "I was receiving the exact same event error. I narrowed it down to the following, at least for me, whenever I originally began constructing my Thin-Client Win2K based environment, I placed all user documents on a local drive located on the same server my clients would access from their Terminal sessions. Whenever a user logged into the server I would have a drive mapping take place. It was pretty much mapping the user to their "My Documents" directory, which was locally stored, yet mapped via the following: "net use z:\\servername\udocs\username". I had to do this because I was, and still am using Load Balancing. Whenever a user accessed a document from the above location, I would be spammed with event 3019. At first, I was worried my server was beginning to crash, but it was fine. This error was more annoying then damaging. My conclusion was that the error would occur whenever a user would connect to the server where the actual documents were stored locally and then access a document from this location in this manner. My solution was simply, to relocate those documents onto a file server. Since that move, error 3019 ceased to appear".

See ME889000 for additional information on this event.
For Windows XP Service Pack 2, this problem seems to be resolved by installing the package in ME884020.
McAfee Solution ID: KB39113 provides information on this event. Go to EV100010 (the "McAfee Knowledge Search" page), login (create a support account) and search for the specified solution. Unfortunately, McAfee is unable to provide a direct link to their articles, they don't want to make it easier for their customers.
You may receive this error followed by a "disk is full" message, if a user is attempting to save a file to a share where he/she has reached their disk quota limit.
This warning does not occur when you map a drive to the local PC, but when you map the same drive to the same share on the same PC more than once. Mapping a drive to the same PC from where it is mapped does not cause these warning, but instead mapping it more than once does. Windows would realize two things when mapping the drive the second time:
-This drive letter already exists.
-The share where the "new" mapping wants to point to is already mapped to a drive letter. Hence, the redirector fails to determine the connection type. To conclude, this is a logic error, not a system error. This error can be safely ignored.
Instead of mapping the drive with NET USE, try using the SUBST command. The SUBST command is for mapping a drive letter to a device on the same machine. For load balancing, you are better off putting the share somewhere else. For Group Policy, turn on loopback processing and place the script in the login script section of group policy.
I've read all of the information that all of you have provided. I called MS on a Hotfix list in ME818528. This Hotfix was applied and did not work.
Situation: Master server hardware crashed in a single DC 2000 domain. The server hardware was replaced. The Citrix 2000 server began to generate all of these errors. I had everyone off the server and logged on as a user. I noticed that the logon was only generating 3 MrxSMB warnings. This Event is generated when the mapped drives are connected and the server cannot be reached. I had 4 mapped drives in my script. Why was I only getting 3 Warnings? The forth was not appearing because it was a map to a different server. Long story short; I located ME216734. This article allowed me to put my servers back in time sync. I recommend using the second option when syncing the member servers to the Domain. It seems to work better. Please look at the script generated and you will notice the Domain that it seeks. Most of us will put the incorrect domain. The error will disappear if you put the correct domain.
As per ME267934, this message can occur when NetBIOS over TCP/IP (NetBT) attempts to query the target device (in this case, the Loopback adapter) for network speed. The Loopback adapter, which does not handle speed negotiation, cannot negotiate the speed and the warning message is reported in the system event log. This behavior only occurs with the TCP/IP protocol since TCP/IP is the only protocol that uses the Loopback adapter. This warning message is informational only and can be safely ignored.


I get this error when connecting to a dfs share from a server that hosts one of the replicas for that share.
We encountered this message when one maps a drive to a share on the same computer.
If this error is the result of two computers failing to connect to each other (i.e. you cannot map a drive to a remote share), some newsgroup posts suggest that this may be caused by a time difference of more than 5 minutes between computers' clocks.
From the newsgroup post: "Because of repeated network problems, the time service has not been able to find a domain controller to synchronize with for a long time. To reduce network traffic, the time service will wait 960 minutes before trying again. No synchronization will take place during this interval, even if network connectivity is restored. Accumulated time errors may cause certain network operations to fail. To tell the time service that network connectivity has been restored and that it should resynchronize, execute "w32tm /s" from the command line."
This event means that the server that you are attempting to connect to is:
- Busy and cannot respond before the rdr timeout occurs.
- Being affected by an overload of traffic on the network.
- Is on the other side of (or is the location of) a bottleneck in the network.

Troubleshoot this issue by:
- Try to obtain a trace of the packets on the network. Track the amount of time it takes for the Server to respond back to the workstation.  
- Another option is to perform whatever operation gave the error backwards. For example, if trouble is experienced when connecting to Server A from Server B, try connecting to Server B from Server A.
- Have another client attempt to connect to the same server to see if both redirectors have the same problem connecting to the same server.
- Check to see that the latest network driver is installed.
- Check to determine whether the network adapter has a configuration utility that allows tuning parameters. If so, try maximizing the network performance.
Windows XP version = ME315244.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...