Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1004

Source
Application Error
Level
Information
Description
Faulting application <application exe>, version <application version>, faulting module <module name>, version <module version>, fault address <hex memory address>
Source
AVExch32Service
Level
Error
Description
The McAfee GroupShield for Microsoft Exchange could not logon to MAPI.
Source
DFSR
Level
Information
Description
The DFS Replication service has started.
Source
DHCP
Level
Warning
Description
The DHCP Client service is shutting down. The following error occurred: <error>.
Source
DHCPServer
Level
Error
Description
The DHCP server failed to initialize the database. The following error occurred:
Source
DNS
Level
Error
Description
The DNS server could not find or open zone file <zone> in the %SystemRoot%\System32\Dns directory. Verify that the zone file is located in this directory and that it contains valid data.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: <error code>
Source
IBM Uni RPC Service
Level
Error
Description
UniVerse error: Unable to bind socket to uvrpc port. WSA error: <error>.
Source
IBM UniVerse
Level
Error
Description
UniVerse error: Unhandled Exception raised at address <address> : Access violation.  Attempted to read from address <address>.  Binary data is processor CONTEXT structure.
Source
ICABrowser
Level
Warning
Description
NETBIOS ICA Browser failed to initialize. See previous event for more details.
Source
IMAP4SVC
Level
Information
Description
Closing connection to <IP>.
Source
Informix UniVerse
Level
Error
Description
UniVerse error: Performance data collector failed to determin First Counter value from UniVerse performance entry in the Registry. Win32 error: 0. The operation completed successfully.
Source
IPMIDRV
Level
Error
Description
The IPMI device driver attempted to communicate with the IPMI BMC device during normal operation. However the communication failed due to a timeout. You can increase the timeouts associated with the IPMI device driver.
Source
McLogEvent
Level
Error
Description
Task Manager : McShield service couldn't be enabled
Source
Microsoft-Windows-CertificateServicesClient
Level
Error
Description
Certificate Services Client Provider pautoenr.dll raised an exception. Exception code 3221225477.
Source
Microsoft-Windows-TerminalServices
Level
Information
Description
The terminal server cannot issue a client license. It was unable to issue the license due to a changed (mismatched) client license, insufficient memory, or an internal error. Further details for this problem may have been reported at the client's computer.
Source
MSExchangeIS
Level
Information
Description
Unable to start the Microsoft Exchange Information Store. Disk is full.
Source
MSExchangeMig
Level
Error
Description
CCMail: EXPORT.EXE error exporting user 'lastname, firstname' - Bad Parameters on the command line. Error with call to the MS-DOS version of cc:Mail EXPORT.EXE. See document "Migrating from Lotus cc:Mail" for more information about using EXPORT.EXE. Command Line 'Export /P******** /BATCH /N"lastname, firstname" /Dc:\ccdata\ /DATE/1 /FILES/MACBIN2 /ITEMSIZE /FOLDER /MSGS /ALL/@c:\TEMP\sd1.2'.
Source
MSExchangeMTA
Level
Error
Description
An error occurred while processing an association 1 with entity./O=organization/OU=site/CN=CONFIGURATION/CN=SERVERS /CN=MICROSOFT MTA. The association will be terminated and restarted if necessary. [2 20 1 8 PLATFORM KERNEL 10] (14)
Source
MSExchangeSA
Level
Information
Description
Microsoft Exchange System Attendant failed to start.
Source
MSExchangeTransport
Level
Information
Description
RE service has been stopped.

For more information, click http://www.microsoft.com/contentredirect.asp.
Source
MsiInstaller
Level
Warning
Description
Detection of product '<GUID>', feature '<feature name>', component '<component GUID>' failed.
Source
NFSsvr
Level
Information
Description
User Name Mapping not configured for Server for NFS. You can configure this using administration tools.
Source
NTDS General
Level
Information
Description
The directory was shut down successfully.
Source
perflib
Level
Error
Description
The instance length of an object returned by Extensible Counter DLL "Perfctrs.dll" for the "Tcpip" service was incorrect. The sum of the instance lengths plus the object definition structures did not match the size of the object. Performance data returned by counter DLL will be not be returned in Perf Data Block. The object title index of the bad object is the first DWORD in the attached data.
Source
RshSvc
Level
Error
Description
RshSvc function 'CreateUserProcess' failed.
Source
Save Dump
Level
Error
Description
Unable to move dump file from the temporary location to the final location.
Source
SceCli
Level
Error
Description
Policy change from LSA/SAM on DC can't be replicated to other DCs.  Error <error code> to save policy change in default GPO
Source
smtpsvc
Level
Error
Description
The description for Event ID ( 1004 ) in Source ( smtpsvc ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: 1.
Source
SNMP
Level
Information
Description
The SNMP Service configuration has been updated successfully.
Source
TermService
Level
Warning
Description
The terminal server cannot issue a client license.
Source
W3SVC
Level
Error
Description
Cannot register the URL prefix "http://*:80/" for site "1". The site has been deactivated. The data field contains the error number.
Data:
0000: 20 00 07 80
Source
Winlogon
Level
Error
Description
Verification of an automatically enrolled certificate has failed. (0x80004003) Invalid pointer

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...