Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1005

Source
APCPBEAgent
Level
Information
Description
Administrative Shutdown Scheduled
Source
Application Error
Level
Error
Description
Windows cannot access the file <file> for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer, or the disk is missing. Windows closed the program <program name> because of this error.

Program: <program name>
File: <file>

The error value is listed in the Additional Data section.
User Action
1. Open the file again.  This situation might be a temporary problem that corrects itself when the program runs again.
2.  If the file still cannot be accessed and
- It is on the network  your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk for example a floppy disk or CD-ROM verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK click Start click Run type CMD and then click OK. At the command prompt type CHKDSK /F and then press ENTER.
4. If the problem persists restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not the disk might be damaged. If it is a hard disk contact your administrator or computer hardware vendor for  further assistance.
Additional Data
Error value: C000009C
Disk type: 3
Source
ASP.NET 1.1.4322.0
Level
Information
Description
aspnet_wp.exe (PID: <number>) was recycled after being idle for -1 seconds.
Source
Backup Executive 6.1
Level
Error
Description
Job "Incremental Backup" failed.
Source
DCOM
Level
Error
Description
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service <service name> with arguments "" in order to run the server:
{<server component GUID>}
Source
DHCP
Level
Warning
Description
DHCP failed to renew a lease for the card with network address <MAC address>. The following error occurred: The semaphore timeout period has expired.
Source
dsrestor
Level
Error
Description
The DSRestore Filter failed to connect to local SAM server. Error returned is <id:997>.
Source
dsrestor
Level
Error
Description
The DSRestore Filter failed to connect to local SAM server. Error returned is <id:997>.
Source
MSExchangeAdmin
Level
Error
Description
Unexpected error [<error code> - <error message>] occurred.
Source
MSExchangeCluster
Level
Error
Description
Exchange HTTP Virtual Server Instance <value> (ADEXCHANGE1): The IsAlive check for this resource failed.
Source
MSExchangeIS
Level
Error
Description
Unable to start the Microsoft Exchange Information Store. Error <error code>.
Source
MSExchangeIS Private
Level
Error
Description
Unable to start the Microsoft Exchange Information Store. Error <error>.
Source
MSExchangeMU
Level
Information
Description
Modified identifier <name> on metabase key with path <path>.
Source
MSExchangeRPC
Level
Error
Description
The Microsoft Exchange RPC service can't be started because the EMSMDB interface is already registered by another process.
Source
MSExchangeSA
Level
Error
Description
Unexpected error <error description> occurred.
Source
MsiInstaller
Level
Information
Description
Install operation initiated a reboot
Source
NfsServer
Level
Error
Description
Server for NFS could not obtain mapping information from User Name Mapping. Server for NFS will make another attempt after 30 minutes.
Source
Perflib
Level
Error
Description
Unable to locate the open procedure "<procedure name>" in DLL "<dll>" forthe "<service>" service. Performance data for this service will not be available. Error Status is data DWORD 0.
Data:
0000: 7f 00 00 00
Source
Remote Storage
Level
Error
Description
Service initialization failed. Resource which is necessary is not available.(0x81000006)
Source
Save Dump
Level
Information
Description
Unable to produce a minidump file from the full dump file.
Source
SAVRT
Level
Warning
Description
Symantec AntiVirus Auto-Protect could not scan file <file path and name> for viruses due to low kernel stack.
Source
SceCli
Level
Error
Description
The security database is corrupted.
Source
Server Administrator
Level
Warning
Description
SMBIOS data is absent.
Source
SRTSP
Level
Warning
Description
Unable to load settings file. Using default settings for real time protection.
Source
SRTSPL
Level
Warning
Description
Auto-Protect could not scan file C:\WINNT\System32\ati3duag.dll for viruses due to low kernel stack.
Data:
0000: 00 00 00 00 02 00 4e 00 ......N.
0008: 00 00 00 00 ed 03 07 80 ......
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
Source
Userenv
Level
Error
Description
Windows cannot connect to <domain name> domain. (Can't connect to the LDAP server). Group Policy processing aborted.
Source
W3SVC
Level
Error
Description
The World Wide Web Publishing Service is exiting due to an error. The data field contains the error number.
Data:
0000: 34 05 07 80
Source
WinDefend
Level
Error
Description
Windows Defender scan has encountered an error and terminated.
Scan ID: {<ID>}
Scan Type: <type>
Scan Parameters: <parameters>
User: <user>
Error Code: <error code>
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. (To check for updates, click Start, click All Programs, and then click Windows Update.)
Source
Windows Product Activation
Level
Error
Description
Your Windows product has not been activated with Microsoft yet. Please use the Product Activation Wizard within <number> days.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...