Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 6005 Source: VSS

Sqllib error: Database <database> is stored on multiple volumes, only some of which are being shadowed.
As per Microsoft: "When a shadow copy of a complex data store is taken, it is important that every volume that contains a part of the data store is included in the shadow copy set. Otherwise, the shadow copy set will be corrupt because it only contains some of the volumes, not the complete group. In addition, the security settings on the data store should allow the Local System account to connect". See MSW2KDB for details.

From a newsgroup post: "I have a resolution from Microsoft Product support.
It is a bug with SP1, and there are 2 solutions (I found solution 2 easier, as solution 1 requires a server restart and will mean AD DB & Log to be both on C: drive):
1. Moving the AD log files back to the default location (C:). (To discover where your AD database and log files are stored, navigate to the registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters)
2. Select D: (or a file in that volume) to force a shadow copy on it.
This, in turn will suppress the NTDS writer error. (I created a dummy text file on the drive where my NTDS Log files were and included it in the backup set). The likely reason behind those error messages is that AD is configured in such way that it keeps the databases and the logs on separate volumes. The AD writer (NTDS) will report an error if you try to create a shadow copy set that has one of the volumes but not the other. The problem is that in this configuration (AD databases and logs are on a different volume) NTBackup doesn't pick up the correct set of volumes. By selecting system state, NTBackup requests for a shadow copy to be created on the boot volume. By the time NTBackup requests for the location of the AD database and logs, the shadow copy has already been created. Thus, NTBackup will not create a snapshot on D:. This throws the NTDS writer off, thinking that NTBackup is not going to pick up all its data on D: thus causing an error".

See ME953871 for additional information about this event.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.