Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 4165 Source: Wins

Wins has encountered an error that is causing it to shut down.
As per Microsoft: "This behavior can occur when old, deleted entries leave spaces or gaps in a very large WINS database (a large database can result from a large, complex WINS installation). When WINS attempts to place more new data in the old space and the data is larger than the space can hold, a WINS database algorithm does not calculate the correct space allocation for the new data. This results in heap damage in the Microsoft Windows NT memory space."

ME240708 says that this issue can occur if your computer does not have a network adapter that is enabled and configured with a valid Transmission Control Protocol/Internet Protocol (TCP/IP) address. To resolve this issue, enable and configure a network adapter with a valid TCP/IP address (see the Q article for details).

As per ME191775, because of a <a href="/termdisplay.asp?termid=9">Buffer</a> calculation, WINS is unable to handle the PNG buffer size when creating the PNG key with more than 99 IP addresses. The buffer size calculation has been reworked to handle more than 99 IP addresses. The latest Windows NT 4.0 service pack should resolve this issue.

This may also occur if the WINS Client(TCP/IP) device is disabled or has not started on a Windows NT 4.0. See ME172692 for resolution.

ME329871 says that this issue may occur (after you finish a non-authoritative restore of your Active Directory directory service database) if there is a damaged TCP/IP configuration on your server. See the Q article for details.

From a newsgroup post: "See ME205100, ME135922 and ME168595. Between these three articles and a lot of trial and error, we found that the log, backup, and mdb directories were blank in the registry. Added a backup subdir under system32\WINS of backup, pointed BackupDirPath at that, and pointed the mdb and log dirnames at system32\WINS."

Another post suggests: "Use jetpack to fix the WINS database or simply move all
files in %windir%\system32\wins to a different directory (or delete
them), then restart WINS."
This event record is generated every time WINS is abruptly shut down. See MSW2KDB for assist in researching the underlying cause.
This issue may occur if there is a damaged TCP/IP configuration on your server. See ME329871 for more details.
The article 328377 from MS KB says that this error is also caused by "a problem in the code" when there are more than 14 network adapters. The number may seem high, but it is possible when using virtual adapters, like VPN connections.
"To resolve this problem, install the hotfix that is described in the Microsoft Knowledge Base article 318419. To work around this problem, use 13 or fewer network adapters."

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.