Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 9097 Source: MSExchangeSA

Source
Level
Description
The MAD Monitoring thread was unable to connect to WMI, error '<error code>'.
Comments
 
The procedure described in ME288590 was not enough to eliminate this error when the WMI database was corrupted after a partition filled up. First, the WMI database needs to be rebuild:

- net stop winmgmt
- cd %windir%\system32\wbem
- ren repository repository.old
- net start winmgmt

If there are messages in the application event log about “*.mof” files that cannot be compiled, try compiling them by hand with the mofcomp program. Afterwards, follow ME288590. If you get EventID 9098 in the application event log afterwards, follow the suggestions by contributor Andrew Robinson for EventID 9098 from source MSExchangeSA.
As per Microsoft: "This event is logged when Microsoft Exchange System Attendant service (Mad.exe) is failing to connect to one of the two Windows Management Instrumentation (WMI) namespaces, "root/cimv2" or "root/cimv2/applications/exchange". This issue can occur if the Exchange namespace has become unregistered in Windows Management Instrumentation (WMI) on the system". See MSEX2K3DB for information on this event.
Error 0x80041014 - Experiencing some problem with memory allocation I ran into the situation of having an event id logged every 5 minutes. Restarting the WMI service, which also restarts Exchange Management, resolved the issue. A complete reboot would also have sorted the issue, however this is not something you want to do in a production environment.
Error code: 0x8004100e = The namespace specified could not be found. (see ME288590)
Error code: 0x80080005 = Server execution failed - For generic information about this error see the link to Error code 0x80080005.
Error code: 0x80041014 = Initialization failure - See also the link to Error code 0x80041014.
Error code: 0x800706ba - The RPC server is unavailable. - For generic information about this error see the link to Error code 0x800706ba.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...