Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
The DNS server recv() function failed. The event data contains the error.
0000: 46 27 00 00
|English: This information is only available to subscribers. An example of English, please!|
As per TE783622, this is a normal message and there is no action needed.
The error in the data portion of the event can be translated into a more meaningful message. For example, data shown as 46 27 00 00 is in fact error 0x00002746 or 10054 in decimal. This translates to:
An existing connection was forcibly closed by the remote host.
According to a support forum post, this occurs when an established connection is shut down for some reason by the remote computer. And it will be hard to find out the exact reason. In general, occasional occurrence of this event should not affect DNS server functionality because the server has robust retry logic."
This happened exactly once so far on our internal Win 2k3 DNS servers at exactly the same time. After investigating the problem, it seems that an IT person who was running a port probe across the entire subnet caused it. See ME199792 for more details.
|Private comment: Subscribers only. See example of private comment|
|Links: ME199792, TE783622|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (1) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated