Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 596 Source: Security

Source
Description
Backup of data protection master key.
Key Identifier: 6e606e02-099c-4851-a2b6-86da316b757d
Recovery Server:
Recovery Key ID:
Failure Reason: 0x3A
Comments
 
As per Microsoft: "If this computer is a member of a Windows NT 4.0 domain, this message might contain failure information because Windows NT 4.0 domains do not support DPAPI keys storage". See MSW2KDB for additional information about this event.
If you do not use EFS then follow the link below to disable it.
See the link to Detailed Tracking Events.
From a newsgroup post: "This is a DPAPI (data protection API) event. Backup of your master key failed. This event is generated only when "Detailed Tracking" failure auditing is enabled. DPAPI is used to encrypt secrets (like EFS encryption keys, etc.) on your machine. A key derived from your password hash is used to encrypt a "master key" which is used to encrypt your secrets. Periodically, a domain-joined XP machine will try to RPC to a domain controller to back up your master key so that you can recover your secrets in case your password has to be reset. Although your keys are stored in your user profile, a DC must be contacted to encrypt your master key with a domain recovery key. This RPC error is generated when a domain controller is unreachable".
Windows XP is trying to communicate to a DC in order to back up a users master encryption key. See the link to  Master Key Storage and Security for more details.


Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...