Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 439 Source: ESENT

Source
Level
Description
<service name> (<PID>) Unable to write a shadowed header file for file <file name>
Comments
 
This can be related to a corrupted systems update database as previously mentioned. It also can mean that the systems update database was blocked from being updated because an antivirus tool such as Forefront is blocking the system from writing to the file.
- Error: -1032 - See ME253111.

See the link to "EventID 439 from source ESE" for more information on this event.
I have found this to be due to a disk space issue on the system partition. There was not enough free space on the system partition for ESENT, which needed about 200MB to write a “tmp.edb” file.
In my case, this problem appeared when someone had removed the System group from the permissions on drive “C:”. When I put the group back with Full Control rights on all the local hard drives, the problem went away.
I used the same resolution as described in ME278316 at support.microsoft.com for Event ID''s 454, 412 ESENT Logging/Recovery. Event ID 439 relates to a corrupt security database file which can be rebuilt using the Security Configuration and Analysis snap-in in MMC."


This event can also indicate very low disk space (under a few mb).

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...