Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 9 Source: sbp2port

The description for Event ID ( 9 ) in Source ( sbp2port ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: .
As per Microsoft: "The device probably could not handle the amount of data read from or written to it. Some devices time out when you attempt to read or write more than 128KB in one request". See MSW2KDB for additional information on this event.
I am running Windows XP Pro SP1. I have an external 80 GB Buslink drive connected to my IEEE 1394 adapter. Each time I shut down my computer I also shut down the external drive. When I reboot my computer, the external drive is never recognized. In order to get the computer to recognize the external drive, I have had to disable and then re-enable my 1394 Connection under Network Connections. I have also been getting the sbp2port.sys error in my Event Log. To correct the problem, I found that by disabling the IEEE 1394 adapter under Network Adapters in Device Manager and then rebooting my computer, my external hard drive is recognized upon reboot. FYI, I am running the version 5.1.2600.1106 of the sbp2port.sys.
Maxtor says that its 1394 HDD should not be turned off, what is of course a waste of energy. I have several of them and many events 9 too. My system and its peripherals are connected to a main switch. The PC has in my case its own switch on the front which has to be pressed in order to start it.
Now I see, that when I turn on the main switch and immediately after that the PC there is a chance, that I get an event 9 (sbp2port). When I wait let’s say 20 seconds, there is normally no event 9.
Check ME813818 and ME329909 for more information about problems related to this event.
Since I installed the Maxtor Firewire hard drive, the System Event Log floods with ID 9. So I suspect that something wrong with the drivers... Then I found message on Microsoft Support ME290089:
After you connect multiple IEEE 1394-based devices on a computer with multiple CPUs, your computer may stop responding (hang)
Microsoft recommends to check versions of these two files:
sbp2port.sys and 1394bus.sys. Both files must have version 5.0.2195.3489 (at least), if it''s lower, apply SP3. Microsoft confirmed this problem and fixed in SP3. On my system versions of these files was: 5.0.2195.3649 for 1394bus.sys and 5.0.2195.5236 for sbp2port.sys. Check ME311430 - 1394 Storage Device Does Not Work After You Remove 1394 Device. Therefore (as usual) Microsoft recommends to apply latest Service Pack ME260910 and latest hotfixes ME249149 or use QChain to apply all hotfixes at one time ME296861. But this is not all... In my case I figured that there is something wrong with hard drive itself (it was formatted as FAT32). It could be the source of the problem, potential of course. So, before doing anything make sure that you check your hard drive for errors (Using included utilities in Win2k or any third party utilitiy Norton, Winternals, O&O). And last suggestion: convert your hard drive to NTFS before use and check for errors... at least twice a month.
For FireWire troubleshooting, here is a some additional links:
ME233307 - IEEE1394 General Troubleshooting.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.