Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1001

Source
ACECLIENT
Level
Error
Description
File not found: C:\Program Files\Microsoft ISA Server\SDCONFIG.
Source
Add2Exchange
Level
Error
Description
An error occurred while attempting to logon to: Exchange Server: server_name Mailbox: ZADD2EXCHANGE Please verify that the account is valid and has the appropriate permissions. Description: [Collaboration Data Objects - [MAPI_E_FAILONEPROVIDER(8004011D)]] Number: -2147221219 Location: 5 Build: 6.2.213 For further information/support please visit: http://www.diditbetter.com/support
Source
Application Error
Level
Error
Description
Fault bucket <bucket number>.
Source
Application Hang
Level
Error
Description
Fault bucket '<bucket number>'
Source
ASP.NET 1.1.4322.0
Level
Error
Description
aspnet_wp.exe  (PID: 1748) was recycled because memory consumption exceeded the 153 MB (60 percent of available RAM).
Source
AUTOCHK
Level
Information
Description
Checking file system on C:
The type of the file system is FAT.

WARNING!  Your drive may be corrupt.  Please let AUTOCHK run.
Skipping AUTOCHK on a volume may lead to an unmountable volume.
Skipping AUTOCHK on a system drive may lead to an unusable system.
AUTOCHK resumed.                                        
Volume Serial Number is 3028-16EE

2105344000 bytes total disk space.
15892480 bytes in 374 hidden files.
35192832 bytes in 1067 directories.
1761378304 bytes in 18803 user files.
292880384 bytes available on disk.

    32768 bytes in each allocation unit.
    64250 total allocation units on disk.
     8938 allocation units available on disk.
Source
Brother BrLog
Level
Error
Description
STI BrtSTI: [2010/12/08 06:36:56.531]: [00007844]: GetDeviceIpAddress: GetAddressByName [BRN001BA94E3873] Error
Source
BugCheck
Level
Error
Description
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa8004b19038, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\112809-21309-01.dmp. Report Id: 112809-21309-01.
Source
CCMClientSupport
Level
Error
Description
Log-Error: E;12/05/2000 12:46:52;32C;RPC-Server
AppendMessageLOG: FAILED.
Source
COM+
Level
Warning
Description
The average call duration has exceeded 10 minutes. If this is not the expected behavior, please see article 910904 in the Microsoft Knowledge Base at http://support.micr­osoft.com for details on how to use the COM+ AutoDump feature to automatically generate dump files and/or terminate
the process if the problem occurs again.
Server Application ID: {AE4C6228-2E6C-4FF1­-A791-48105969EAA1}
Server Application Instance ID:
{553BA66E-262D-41BD­-9070-F488E2D2EFD5}
Server Application Name: server_name
Source
CronService
Level
Error
Description
Cron Service Win32 API CreateNamedPipe failed with the error <error code>.
Source
Dhcp
Level
Error
Description
You computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address <MAC address>. The following error occured: <error description>. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Source
DhcpServer
Level
Error
Description
The DHCP service failed to register with Service Controller.  The following error occurred: The operation completed successfully..
Data:
0000: 00 00 00 00
Source
DNS
Level
Error
Description
The DNS server could not map file <file> to memory. Either close other programs that are not in use or reboot the computer to reclaim additional memory for the server to use.
Source
EXPROX
Level
Error
Description
Microsoft Exchange Server has detected that Basic Authentication is being attempted between this server and server "back-end servername". This authentication mechanism is not secure and it is not supported between front-ends and back-ends. Please verify that both this server and server "back-end servername" are configured to use Integrated Windows Authentication for each virtual root used by Exchange. After applying any changes it may be necessary to restart Internet Information Services on both the front-end and back-end servers.
Source
HP System
Level
Error
Description
Power-On-Self-Test (POST) errors occurred during the last system startup.

User Action
Check the Power-On-Self-Test (POST) errors, and take corrective action as needed.

WBEM Indication Properties
AlertingElementFormat: 0 0 (Unknown)
AlertType: 5 0x5 (Device Alert)
Description: "Power-On-Self-Test (POST) errors occurred during the last system startup."
EventCategory: 4 0x4 (System Hardware)
EventID: "1"
ImpactedDomain: 4 0x4 (System)
IndicationIdentifier: "{7E329DAB-764B-444E-B895-3888A7E7B178}"
IndicationTime: "20081003122750.201000-240"
NetworkAddresses[0]: "192.168.207.2"
OSType: 69 0x45 (Microsoft Windows Server 2003)
OSVersion: "5.2.3790"
PerceivedSeverity: 5 0x5 (Major)
ProbableCause: 8 0x8 (Configuration/Customization Error)
ProbableCauseDescription: "POST Errors Occurred"
ProviderName: "HP POST"
ProviderVersion: "2.1.0.0"
RecommendedActions[0]: "Check the Power-On-Self-Test (POST) errors, and take corrective action as needed."
Summary: "POST errors occurred"
SystemCreationClassName: "HP_WinComputerSystem"
SystemFirmwareVersion[0]: "2005.08.19"
SystemFirmwareVersion[1]: "2005.08.19"
SystemGUID: "31303833-3337-5355-4d36-313130315250"
SystemModel: "ProLiant ML350 G4p"
SystemName: "pos-file.pos.local"
SystemProductID: "380173-001"
SystemSerialNumber: "USM61101RP"
TIME_CREATED: 128675248782601671 0x1c92574ff126dc7
VariableNames[0]: "POST Error Code"
VariableNames[1]: "POST Error String"
VariableTypes[0]: 3 0x3 (uint8)
VariableTypes[1]: 1 0x1 (string)
VariableValues[0]: "185"
VariableValues[1]: "POST Error: 1610-Temperature violation detected Waiting 5 minutes for system to cool Press Esc key to resume booting without waiting for the system to cool. WARNING: Pressing Esc is NOT recommended as the system may shutdow"
Source
HP Wbem Dump
Level
Error
Description
Power-On-Self-Test (POST) errors occurred during the last system startup.

User Action

Check the Power-On-Self-Test (POST) errors, and take corrective action as needed.

WBEM Indication Properties

AlertingElementFormat:Power-On-Self-Test (POST) errors
Source
hpdskflt
Level
Error
Description
The description for Event ID 1002 from source hpdskflt cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.
Source
ICABrowser
Level
Error
Description
The system detected an invalid pointer address in attempting to use a pointer argument in a call.
Source
IISInfoCtrs
Level
Error
Description
Unable to read the first counter index value from the registry. The error code returned by the registry is data DWORD 0.
Source
libcsd
Level
Error
Description
The description for Event ID 1001 from source libcsd cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
[libcsd][error][asa_opswat_license_is_valid] error getting license data from peer:
Source
LoadPerf
Level
Information
Description
Performance counters for the <service name> service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.
Source
Logitech\io Software\2.0
Level
Error
Description
Error 1001. Access to the registry key "HKEY_LOCAL_MACHINE\Software\Logitech\io Software\2.0\Actions" is denied. Error 1001. An exception occurred during the Rollback phase of the installation. This exception will be ignored and the rollback will continue. However, the machine might not fully revert to its initial state after the rollback is complete.--> The saved State dictionary does not contain the expected.
Source
McAutoUpdate
Level
Information
Description
Network Associates AutoUpdate stopped successfully.
Source
MetaframeEvents
Level
Information
Description
User:<user name> (<computer name>:session <number>) has stopped shadowing user:<user name 2> (<computer name 2>:Session <number 2>). The session ended successfully.
Source
Microsoft (R) Visual Basic Compiler
Level
Information
Description
Bucket 241946298, bucket table 1, faulting application devenv.exe, version 8.0.50727.42, stamp 4333e699, faulting module msvb7.dll, version 8.0.50727.42, stamp 4333e976, debug? 0, fault address 0x00131828.
Source
Microsoft Flight Simulator 9.0
Level
Error
Description
The description for Event ID ( 1001 ) in Source ( Microsoft Flight Simulator 9.0 ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: .
Source
Microsoft Internet Explorer
Level
Error
Description
The description for Event ID ( 1001 ) in Source ( Microsoft Internet Explorer ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: iexplore.exe, 6.0.2600.0, unknown, 0.0.0.0, 110b48f8.
Source
Microsoft Management Console
Level
Error
Description
The description for Event ID ( 1001 ) in Source ( Microsoft Management Console ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: .
Source
Microsoft Money
Level
Error
Description
Event ID (1001) in Source (Microsoft Money) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. Microsoft Money encountered a problem and needs to close. AppName: msmoney.exe AppVer: 10.0.0.919 ModName: ntdll.dll.
Source
Microsoft Office 10
Level
Error
Description
Fault bucket 00706552.
Source
Microsoft Office 11
Level
Information
Description
Bucket 133053053, bucket table <value>, faulting application <application>, version <version>, stamp <stamp>, faulting module <module>, version <version>, stamp <stamp>, debug? <value>, fault address <address>.
Source
Microsoft Windows Media Player
Level
Error
Description
The description for Event ID ( 1001 ) in Source ( Microsoft Windows Media Player ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: .
Source
Microsoft-Windows-Dhcp-Client
Level
Error
Description
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0x0027104B6031. The following error occurred: 0x79. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Source
Microsoft-Windows-LanguagePackSetup
Level
Error
Description
Application initialization failed. Last error: <error>.
Source
Microsoft-Windows-Security-Licensing-SLC
Level
Error
Description
The Software Licensing service failed to start. hr=0xC004E002, [2, 7]
Source
Microsoft-Windows-Virtual PC
Level
Error
Description
Could not enable the Integration features for ''TestXP''. The current mode is - 4. Last Channel start Value - 0x80070015 Last Disconnect Reason - 0x0 Last Extended Disconnect Reason - 0x0 GHI State of the guest machine - 0x1
Source
Microsoft-Windows-WER-SystemErrorReporting
Level
Error
Description
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, <address>, <address>, <address>). A dump was saved in: <file path>.
Source
MOM.Datawarehousing.DTSPackageGenerator.exe
Level
Error
Description
An error occurred while generating the DTS package. Catastrophic failure.
Source
MSExchangeIMC
Level
Information
Description
The Microsoft Exchange Internet Mail Service shut down successfully.
Source
MSExchangeIS Private
Level
Information
Description
The Microsoft Exchange Information Store has started. Service startup complete, version 5.5 (build 2653.23).
Source
MSExchangeMTA
Level
Error
Description
There has been an association error with entity: <object name>. The internal connection handle (LPT) is incorrect. The incorrect LPI is <value>-<value>-<value>. Control block index <index name> [<value> <value> <value> <value>] (14).
Source
MsiInstaller
Level
Warning
Description
Detection of product '<product GUID>', feature '<feature name>' failed during request for component '<component GUID>'.
Source
MSSQLSERVER
Level
Error
Description
The description for Event ID ( 1001 ) in Source ( MSSQLSERVER ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: .
Source
NAVAP
Level
Warning
Description
System memory is running very low. Norton AntiVirus Realtime protection may not be able to function properly.
Source
Perflib
Level
Error
Description
The buffer size returned by a collect procedure in Extensible Counter DLL "<path to dll>" for the "<service name>" service was larger than the space available. Performance data returned by counter DLL will be not be  returned in Perf Data Block. Overflow size is data DWORD 0.
Source
PerfNet
Level
Error
Description
The attempt to collect network services performance data failed because the DLL did not open successfully.
Source
PerfOS
Level
Error
Description
The attempt to collect OS Performance data failed beause the DLL did not open successfully.
Source
PerfProc
Level
Error
Description
The attempt to collect disk performance data failed because the dll did not open successfully.
Source
Save Dump
Level
Information
Description
The computer has rebooted from a bugcheck. The bugcheck was : <bugcheck code> (<bug check details>). Microsoft Windows NT (v15.1381). A dump was saved in: <dump file>.
Source
SaveDump
Level
Information
Description
The computer has rebooted from a bugcheck. The bugcheck was: 0x10000050 (0xf3b5000, 0x00000000, 0x2002a18f, 0x00000001).
A dump was saved in: C:\WINDOWS\Minidump\Mini042408-01.dmp.
Source
SAVRT
Level
Error
Description
System memory is running very low. Norton AntiVirus Auto-Protect may not be able to function properly.
Source
SBCore
Level
Error
Description
The server was shut down because it did not comply with the EULA.
Source
SceCli
Level
Error
Description
Security policy cannot be propagated. <error>. Error code = <error code>. <path>.
Source
SclgNtfy
Level
Error
Description
Default local machine policy cannot be created. Error <error code> to open LocalMachinePolicy.
Source
ServerStatusReports
Level
Error
Description
A fatal error occurred either while synchronizing the Update Services computer groups with Group Policy or while moving the Unassigned Computers group. To see a detailed log, create a file called SyncSecurity. Log in %SBSProgramDir%\Support, and then run SyncSecurity.exe again. The error returned was: The Workstation service has not been started.
Source
SNMP
Level
Information
Description
The SNMP Service has started successfully.
Source
SQLCTR70
Level
Error
Description
The description for Event ID ( 1001 ) in Source ( SQLCTR70 ) could not be found. It contains the following insertion string(s): Cannot open the Registry Key.
Source
TermServJet
Level
Error
Description
The RPC call to join Session Directory to <server> got Access Denied.
Source
TWPOPUP.DLL
Level
Information
Description
The description for Event ID ( 1001 ) in Source ( TWPOPUP.DLL ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: The following requested video mode was not available:  800 x 600 x 8 BPP
The video mode has been set to the following mode:  1024 x 768 x 8 BPP

Incompatible client and server.
Source
UPHCLEAN
Level
Information
Description
User profile hive cleanup service version 1.5.4.20 started successfully.
Source
UPS
Level
Information
Description
The description for Event ID (1001) in Source (UPS) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: *** PowerChute PLUS Version 5.2 started ***.
Source
Userinit
Level
Error
Description
Could not locate the script command lines in the Group Policy Object.
Source
Userlnit
Level
Error
Description
Could not locate the script command lines in the Group Policy Object.
Source
W3Ctrs
Level
Error
Description
Unable to read the first counter index value from the registry.
The error code returned by the registry is data DWORD 0.
Source
Windows Error Reporting
Level
Error
Description
"Fault bucket 391784657, type 1
Event Name: APPCRASH
Response: None
Cab Id: 0

Problem signature:
P1: devenv.exe
P2: 8.0.50727.867
P3: 45d2c842
P4: StackHash_a37d
P5: 6.0.6000.16386
P6: 4549bdc9
P7: c0000374
P8: 000af1c9
P9:
P10:

Attached files:
C:\Users\<user name>\AppData\Local\Temp\WER3E66.tmp.version.txt

These files may be available here:
C:\Users\<user name>\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report12af278c"
Source
Winlogon
Level
Error
Description
Checking file system on <drive>
The type of the file system is <filesystem type>
Volume label is <volume label>

One of your disks needs to be checked for consistency. You may cancel the disk check, but it is strongly recommended that you continue. Windows will now check the disk.

<Corrections Data>

Windows has made corrections to the file system.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...