Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 4135 Source: Ci

File change notifications for scope f:\ are not enabled because of error <error code>. This scope will be periodically scanned.
These events arise when the Content Indexing (CI) Service cannot access a folder that is configured in "Catalog" of folders. It can occur in any of these situations:

1) a configured folder no longer exists
2) the permissions to access the folder are not set properly
3) network problems preventing access to the folder on a network share.

A 4135 event will be generated for each problematic folder.

If MS Exchange is removed from a server, non-existent WEB folders will generate these events. You'll have to go to Internet Information Services (IIS) to remove these folders. Examples are: \\backoffice, M:<domain name>\Exchange\MBX, etc.

Be sure to restart "IIS Admin" service after deleting problematic WEB folders or they will reappear in the CI Catalogs and generate 4135 Events. If you move and forget to index other non-Exchange folders that are cataloged for indexing, you'll get these events. So check the SYSTEM catalog as well.

To delete the non-existent directory references in the CI, drill down in Computer Management tool to: Services and Applications\Indexing Service. At this point, you will see the "WEB and "SYSTEM" Catalogs, and possibly others. Then drill down in each catalog to inspect and delete folders that are raising this event. A good reference on this is MS article ME308202.
This event record usually results from a network problem. See MSW2KDB for information on this event.

From a newsgroup post: "This problem may appear if the account used to "crawl" a remote machine does not have rights to logon interactively on that machine. For this to work your “crawl” account must have logon interactively rights on the remote machine. It must also have rights to read the files and folders you are indexing, and rights to read the share".
- Error: 1326 (Error code 1326) - Error 1326 is a permissions error. This can happen with the Ci service if you are trying to index files the localsystem account does not have access to. In my case, a UNC path to another server caused the problem.
As per Microsoft, running the Ci Service as a domain account is not recommended and will probably cause the service to hang.
My solution was to develop the code on the website to query multiple indexes and combine the results.
- Error code: 0xC0000022 - This problem prevents Content Indexer (Index Server) from indexing the specified web site. Be sure that the SYSTEM ACL for the indicated directory is set to Full Control and this problem goes away.
- Error: 0xC000003A - no info.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.