Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 32 Source: VolSnap

The shadow copies of volume <volume> were aborted because the shadow copy storage volume was not present.
This problem occurs because of an issue in the Volsnap.sys file. This issue generates a deadlock condition. In the deadlock condition, the system I/O is suspended. A file deletion operation is waiting for the system I/O to resume. See ME923628 for a hotfix applicable to Microsoft Windows Server 2003.
As per Microsoft: "This issue may occur if you use the Shadow Copies of Shared Folders feature, and the shadow copy storage area is on a different volume than the volume that is enabled for shadow copies.
When you start your server, the volume that hosts the shadow copy storage area must be available. If this volume uses a storage interconnect type that takes more than 30 seconds to make the volume available, all shadow copies for the other volume are deleted. Storage interconnect types that may take more than 30 seconds to make a volume available include SCSI, Fiber Channel, and iSCSI.
To work around this issue, we recommend that the volume that hosts the shadow copy storage area and the volume that is enabled for shadow copies use the same interconnect type, so that both volumes come online at approximately the same time". See ME833780 for more details.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.