Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 508 Source: ESE

Information Store (<PID>) First Storage Group: A request to write to the file <file> at offset <offset> for <value> bytes succeeded but took an abnormally long time (<value> seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
We were getting this error alone, intermittently, on a Windows Server 2003 DC which was also running Exchange. Users were experiencing slowness using Outlook and accessing the server. Backup Exec would not complete backups. Per other online entries, I ran a hardware vendor disk check (all passed) and updated the drivers per ASUS website since it was an ASUS board.  Shortly after updating the IDE/SCSI driver, Event ID 507, 509, and 510 were also thrown in addition to Event ID 508.  I followed the instructions in this article (thanks to author Jon Stokes): EV100510 (How to install a new motherboard without reinstalling Windows), specifically under the section: "Bringing up Windows on new Hardware" to clean out old drivers, since this was a replacement motherboard. Per the article, run the following command:

set devmgr_show_nonpresent_devices=1
start devmgmt.msc

"In Device Manager, enable Show Hidden Devices, and have a look in the various trees. You may be surprised at how much stuff is faded or ghosted out. Delete everything you recognize as a hardware device which is either faded or ghosted out, but leave USB devices alone (see note). Don't touch anything under "Non-Plug and Play Devices." There are also some media drivers in "Sound, video and game controllers" that you should leave alone in there. Be very sure that all you're removing is an actual ghosted hardware device, that you either have or have had, and not a Windows internal driver. The same applies to System Devices, though these are usually branded, so very easy to tell apart.

Note: USB devices are reinstalled on a per-root basis, so it is perfectly normal to see them more than once in any list with Device Manager in this mode."

Happy to say, no more error messages.
In one case, this event ID appeared on a computer running Windows 2003 SP1. It appeared after the D: drive became faulty and an attempt was made to reformat it from Computer management -> Disk Management. This attempt proceeded extremely slow taking several days to reach "5% formatted". Windows became unresponsive even though Windows Task Manager showed that there was CPU available. This was resolved by removing the D: drive until a replacement became available.
As per Microsoft: "This Warning event is logged when the Exchange database engine tries to write to the named file and encounters a delayed response from the operating system in performing that write operation. This is a warning, not an error, because the operation eventually finishes, although it is slow. This might indicate a hardware problem, probably with the disk controller, a disk, or other storage component". See MSEX2K3DB for more information about this event.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.