Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Comments for event ID 1025 currently in the processing queue.

Note: We have not reviewed this information yet so it is unfiltered, exactly how it was submitted by our contributors.

Event ID: 1025
Event Source: SBCore
Event Type: Error
Event Description: The Server will shutdown in 60 minutes.
Comment:
Event ID: 1025
Event Source: Virtual_Server
Event Type: -
Event Description: -
Comment:
We are seeing this in the host log, where it is using the local host administrator account to "change" this setting in the virtual machine settings.  This starts with the above "information" message, then a Warning message - ID: 1033 saying the virtual machine is reset.  then another information message: The setting "virtual_machines/hw_assist/is_enabled_hw_assist" for the virtual machine activation "dnvsqb01" was changed from NULL to true.
Finally the Error message:  server cannot restart due to the HD is in use by another virtual machine.

*NOTE:  this pattern "rolled" through all 3 of our virtual servers, one after another within 20 minutes and no other events recorded between them.

First Related Event #1:

Event Type: Information

Event Source: Virtual Server
Event Category: Setting Change
Event ID: 1025
Date: 3/3/2009
Time: 11:19:42 PM
User: DNHQVS01\Administrator
Computer: DNHQVS01
Description:
The setting "hardware/bios/time_bytes" for the virtual machine configuration "dnvsqb01" was changed.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 00 41 00 36 00 33 00   {.A.6.3.
0008: 42 00 37 00 45 00 45 00   B.7.E.E.
0010: 43 00 2d 00 45 00 36 00   C.-.E.6.
0018: 46 00 34 00 2d 00 34 00   F.4.-.4.
0020: 46 00 42 00 33 00 2d 00   F.B.3.-.
0028: 38 00 44 00 44 00 34 00   8.D.D.4.
0030: 2d 00 34 00 36 00 35 00   -.4.6.5.
0038: 35 00 32 00 39 00 45 00   5.2.9.E.
0040: 44 00 32 00 45 00 42 00   D.2.E.B.
0048: 31 00 7d 00               1.}.    

INFORMATION MESSAGE #2:

Event Type: Information

Event Source: Virtual Server
Event Category: Setting Change
Event ID: 1026
Date: 3/3/2009
Time: 11:19:42 PM
User: DNHQVS01\Administrator
Computer: DNHQVS01
Description:
The setting "virtual_machines/hw_assist/is_enabled_hw_assist" for the virtual machine activation "dnvsqb01" was changed from NULL to true.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 00 41 00 36 00 33 00   {.A.6.3.
0008: 42 00 37 00 45 00 45 00   B.7.E.E.
0010: 43 00 2d 00 45 00 36 00   C.-.E.6.
0018: 46 00 34 00 2d 00 34 00   F.4.-.4.
0020: 46 00 42 00 33 00 2d 00   F.B.3.-.
0028: 38 00 44 00 44 00 34 00   8.D.D.4.
0030: 2d 00 34 00 36 00 35 00   -.4.6.5.
0038: 35 00 32 00 39 00 45 00   5.2.9.E.
0040: 44 00 32 00 45 00 42 00   D.2.E.B.
0048: 31 00 7d 00               1.}.    
Index: 7795
Event ID: 1025
Event Source: Internet_Explorer
Event Type: -
Event Description: -
Comment: The description for Event ID ( 1025 ) in Source ( Internet Explorer ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description, see Help and Support for details. The following information is part of the event: . Index: 9499
Event ID: 1025
Event Source: MSExchangeTransport
Event Type: Error
Event Description: SMTP rejected a (P1) mail from ''system generated email address'' with ''Default servr name'' connector and the user authenticated as ''domain name\machine name'''$''. The Active Directory lookup for the sender address returned validation errors. Microsoft.Exchange.Data.ProviderError

For more information see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Comment:

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...