Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 4356 Source: EventSystem

The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{6295DF2D-35EE-11D1-870 7-00C04FD93327}. CoGetObject returned HRESULT 8000401A.
The 41E90F3E-56C1-4633-81C3-6E8BAC8BDD70 part of the GUID mentioned in the event is the COM EventSystem itself (COMSVCS.DLL) it is not that useful in narrowing down the problem. The second GUID, if exists, may point to the application causing this.

Various GUIDs encountered for this event:
- 6295DF2D-35EE-11d1-8707-00C04FD93327 = Mobsync
- D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E = SENS Subscriber for EventSystem EventObjectChange events. A support forum thread indicated that an instance of this problem was fixed by uninstalling and reinstalling MS Office and .NET Framework.
- 42EB8D03-5548-4667-A2A4-73395F61 BDC8 = Microsoft Message Queuing - See ME331697
- 58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB = Dr. Watson (debugger)
- 7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1 = Microsoft SMS advanced client (C:\WINNT\system32\CCM\CcmExec.exe). If combined with Error code 80070005, see ME298095.

There may be different error codes reported in the event description as well. These codes, like the GUIDs may help identifying the problem:
- Error code 8000401A - This may be recorded when the computer is started by there is no connection to the domain controller (for example when starting a laptop at home). See also the suggestions for event id 4100.
- Error code 80070424 - A service is not installed properly.
- Error code 80070422 - Service disabled.
- Error code 80070005 - Access denied
I was seeing this problem on a number of Windows XP Professional computers at a company. When I reviewed ME289650, it stated it applied only to Windows 2000 Professional. I checked the XP Pro computers I was seeing this problem on and each had that dll registered. I then unregistered it following the instructions in ME289650 and the problem has gone away.
Every time i reboot the server, i am getting this error message at startup. Registering the Mobsync.dll file from the server with the command: regsvr32 "%systemroot%\system32\mobsync.dll" /u solved the problem. See ME289650 for details.
- GUID: {6295DF2D-35EE-11D1-8707-00C04FD93327}, error code: 8000401A (Error code 0x8000401A) - This GUID/CLSID belongs to the Offline Files "Synchronization Manager", or "MobSync.exe", which usually launches during logon from the Run key under HKLM. This is not always an option, but disabling Offline Files gets rid of the event.
- Error code 8000401A - As per Microsoft: "This problem occurs if the Patch UI Monitor component tries to call the client user interface (UI) when no user is logged on." See ME831648 for a hotfix applicable to Microsoft Systems Management Server 2003.

- Error code 80070057 - See ME331697 for information.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.