Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Source: Service Control Manager|
The <service name> service terminated unexpectedly. It has done this <value> time(s).
|English: This information is only available to subscribers. An example of English, please!|
|Concepts to understand:|
What is the role of the Service Control Manager?
This event is also recorded (for any service) if a service is terminated using Task Manager (or similar tools like Process Explorer).
Service: courier-ybiqpsfhgqaporui - See EV100371 (VMware Knowledge Base 1021465) for information on how to troubleshoot this event.
- Service: Print Spooler - The following steps helped me to remove a driver, which was causing the issue:
1. Open regedit (e.g. click Start, key regedit and press Enter)
2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers
3. Under this key, there will be the keys Version-2 and Version-3 (one or the other of these may be absent - not a problem)
4. The sub-keys under these contain the printer driver configuration information
5. Delete all the sub-keys inside Version-2 and Version-3, but not these keys themselves
The ME312052 article lists some other registry entries to delete, but this is not usually necessary.
1. Open a Command Prompt window
2. Key the commands:
net stop spooler
net start spooler
Complete article can be found at EV100284 (How to clean up printer drivers).
ISO 27001/9001 Certified Auditor
In my case this was affecting the GFI's MailEssentials AntiSpam Filter service. After trying everything listed here and in other sources (also disabled McAfee's GroupShield and removed McAfee's VirusScan) I've updated MailEssentials to the latest version and everything worked fine. If you have GFI's MailEssentials you should try to update before digging without result.
I have experienced this with the "World Wide Web Publishing Service" and "IIS Admin Service" after executing "IISReset /Stop".
- Service: DPMRA - See ME954641 for a hotfix applicable to Microsoft System Center Data Protection Manager 2007.
- Service: Virtual Disk Service - See ME948699 and ME949001 for hotfixes applicable to Microsoft Windows Server 2003.
- Service: Windows SharePoint Services Timer - See ME949399 for a hotfix applicable to Microsoft Windows SharePoint Services 3.0.
- Service: Print Spooler - See ME953546 and the link to "Sepialine Support Article ID: 1185".
- Service: Single Instance Storage Groveler - See ME939383 for a hotfix applicable to Microsoft Windows Server 2003.
- Service: Logical Disk Manager Administrative Service - See ME937382 and ME957271 for hotfixes applicable to Microsoft Windows Server 2003.
- Service: Microsoft Exchange Information Store - See ME935468 and ME944254 for hotfixes applicable to Microsoft Exchange Server 2003. Also see ME951067 for a hotfix applicable to Microsoft Exchange Server 2007.
- Service: Internet Authentication Service - See ME931533 for a hotfix applicable to Microsoft Windows Server 2003.
- Service: Helix Server - See ME933551.
- Service: HTTP SSL - See ME925038.
- Service: Microsoft SharePointPS Search - See ME924934 for a hotfix applicable to Microsoft Office SharePoint Portal Server 2003.
- Service: Microsoft Firewall - See ME937258 and ME943200 for two hotfixes applicable to Microsoft ISA Server 2004, ME945803 for a hotfix applicable to Microsoft Internet Security and Acceleration Server 2004 and ME923765 and ME950139 for additional information on this event.
- Service: Internet Mail Service - See ME884874 for a hotfix applicable to Microsoft Exchange Server 5.5.
- Service: Distributed File System - See ME910319 for a hotfix applicable to Microsoft Windows Server 2003.
- Service: Distributed Transaction Coordinator - See ME899426.
- Service: MSSQLSERVER - See ME892141 for a hotfix applicable to Microsoft SQL Server 2000.
- Service: SMS_EXECUTIVE - See ME955355 for a hotfix applicable to Microsoft System Center Configuration Manager 2007. A newsgroup post suggests article ME276564.
- Service: SMS_SITE_COMPONENT_MANAGER - See ME954214 for a hotfix applicable to Microsoft System Center Configuration Manager 2007.
- Service: SMTP / IIS - We have experienced SMTP service stops after runs of few seconds. The reason was that the &ProgramFiles%\Exchsrvr\MailRoot\vsi 1\Queue folder contained a bad message. Deleting this message solved the problem.
- Service: SMTP - We have experienced SMTP service stops after runs of few seconds. The reason was that the folder &ProgramFiles%\Exchsrvr\MailRoot\vsi 1\BadMail contained more than 32767 files. Cleaning the folder solved the problem.
- Service: NVIDIA Display Driver Service - I got rid of this error by reinstalling the Nvidia driver.
This event is reported not by the failing service but by the Service Control Manager that simply reports the failure. As a consequence, this event does not provide too much help on identifying the problem. Look for other error message related to the service reported.
It can also be reported when a service is terminated by the user via "Task Manager" (as opposed through the "Services" applet).
* * *
- Service: IMAPI CD-Burning COM Service or Imapi Helper - these services may record event id 7034 when the ISO image CD Recording Wizard software is used (http://isorecorder.alexfeinman.com/isorecorder.htm) - however, the CD images are created properly so this event does not seem to have an impact.
If you are having this error in the printer spooler service, see “How to clean up printer drivers” for a good article.
- Service: OracleOraHome92TNSListener - See my comments on EventID 4 from source OracleOraHome92Agent.
- Service: OracleOraHome92ClientCache - In one case, this Event ID appeared on Windows 2003 SP1 computer on which the Oracle9i Client 126.96.36.199.0 was installed. It happened each time that I tried to start the OracleOraHome92ClientCache service (it had a Startup type of Manual). This also caused a Windows dialog box entitled "ONRSD.EXE - Application Error" to be displayed with the message:
The instruction at "0x7c8327f9" referenced memory at "0x00000000". The memory could not be "read".
Note: The service attempts to execute the program: C:\oracle\ora92\BIN\ONRSD.EXE.
This computer had been built from an image that was taken from another system and renamed using SYSPREP. The problem was fixed by downloading the latest version of the Oracle 9i Release 2 Database Server Patch Set 2 for Windows (currently for Windows NT/2000/XP and Windows 2003 (32-bit) this is version 188.8.131.52.0) and installing Oracle 9iR2 Patch Set 184.108.40.206.0. See “Oracle9i Database Downloads” for details.
- Service: Logical Disk Manager Administrative Service - See ME837814 for a hotfix applicable to Microsoft Windows Server 2003.
- Service: User Name mapping - See ME833605.
- Service: Logical Disk Manager Administrative Service - See ME867699 for a hotfix applicable to Microsoft Windows Server 2003.
- Service: Microsoft Exchange Information Store - See ME872963 for a hotfix applicable to Microsoft Exchange Server 2003.
- Service: Simple Mail Transport Protocol (SMTP) - See ME827214 and ME885264.
- Service: Backup Exec Job Engine - See the link to "Veritas Support Document ID: 238706".
- Service: Message Queuing - See ME890746 for a hotfix applicable to Microsoft Message Queuing 3.0 when used with Microsoft Windows Server 2003.
- Service: Distributed Transaction Coordinator - See ME893367.
- Service: OnePoint - See ME814626 and ME887180 for information on related to this event.
See ME888632 for a hotfix applicable to Microsoft Application Center 2000 Service Pack 2.
As per Microsoft: "The specified service could not continue. This service is configured to report the number of failures and, after a specific number of failures are reported, the Service Control Manager will perform the recovery action configured for the specified service". See MSW2KDB for more details.
- Service: Remote Installation - This error was also associated with a event 1000 from source Application Error event in the application log at the same time, resulting in a tcpsvcs failure. ME842608 seems to clear up this issue.
- Service: COM+ System Application - ME318731 migth help you to solve this problem.
If anyone is experiencing problems either printing or adding a new printer please refer to Microsoft Knowledge Base Article ME810894.
|Private comment: Subscribers only. See example of private comment|
|Links: Veritas Support Document ID: 238706, EventID 4 from source OracleOraHome92Agent, Oracle9i Database Downloads, How to clean up printer drivers, Sepialine Support Article ID: 1185|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated