Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Comments for event ID 11 currently in the processing queue.

Note: We have not reviewed this information yet so it is unfiltered, exactly how it was submitted by our contributors.

Event ID: 11
Event Source: amdsata
Event Type: Error
Event Description: Log Name:      System
Source:        amdsata
Date:          22/02/2012 20:34:46
Event ID:      11
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Andys-PC
Description:
The driver detected a controller error on \Device\RaidPort0.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="amdsata" />
    <EventID Qualifiers="49156">11</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-02-22T20:34:46.385239900Z" />
    <EventRecordID>2203607</EventRecordID>
    <Channel>System</Channel>
    <Computer>Andys-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>\Device\RaidPort0</Data>
    <Binary>0F00180001000000000000000B0004C08300000000000000000000000000000000000000000000000000000000000000020000000B0004C00000000000000000</Binary>
  </EventData>
</Event>
Comment:
Event ID: 11
Event Source: IIS-IISManager
Event Type: Error
Event Description: IISMANAGER_MODULE_INITIALIZATION_THREW_EXCEPTION

The Initialize method for module "Microsoft.Web.Management.Arr.ArrModule Microsoft.Web.Management.Arr.Client Version=7.2.4.0 Culture=neutral PublicKeyToken=31bf3856ad364e35" of type "ApplicationRequestRouting" threw an exception.

Exception:System.IO.FileNotFoundException: Could not load file or assembly ''Microsoft.Web.Management.WebFarmClient Version=7.1.2.0 Culture=neutral PublicKeyToken=31bf3856ad364e35'' or one of its dependencies. The system cannot find the file specified.
File name: ''Microsoft.Web.Management.WebFarmClient Version=7.1.2.0 Culture=neutral PublicKeyToken=31bf3856ad364e35''
   at Microsoft.Web.Management.Arr.ArrModule.Initialize(IServiceProvider serviceProvider ModuleInfo moduleInfo)
   at Microsoft.Web.Management.Client.Connection.Initialize(WebManagementInfo webManagementInfo)

Process:mmc

Comment:
Event ID: 11
Event Source: Microsoft-windows-wininit
Event Type: Warning
Event Description: Description:
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.


Log Name:      System
Source:        Microsoft-Windows-Wininit
Date:          8/6/2012 7:10:09 PM
Event ID:      11
Task Category: None
Level:         Warning
Keywords:      
User:          SYSTEM
Computer:      LJsAsus
Description:
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206F6DEA-D3C5-4D10-BC72-989F03C8B84B}" />
    <EventID>11</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2012-08-07T02:10:09.377249000Z" />
    <EventRecordID>261112</EventRecordID>
    <Correlation />
    <Execution ProcessID="548" ThreadID="584" />
    <Channel>System</Channel>
    <Computer>LJsAsus</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="StringCount">1</Data>
    <Data Name="String">C:\Windows\system32\nvinitx.dll</Data>
  </EventData>
</Event>



NOTE 1:

nvinitx.dll
NVIDIA Shim initialization dll Version 301
File version: 8.17.13.142
Product Name: NVIDIA D3D shim drivers
Product version: 8.17.13.0142
Size: 240 KB
Date modified: 5/15/2012 3:48 AM

NOTE 2:
SID: S-1-5-18
Name: Local System
Description: A service account that is used by the operating system.

Comment: This appeared in the last nVidia package 296 and now this one 301.
Event ID: 11
Event Source: SAVOnaccess
Event Type: Error
Event Description: Remote desktop W2008 server error

Log Name:      System
Source:        SAVOnAccess
Date:          10/08/2012 11:28:13
Event ID:      11
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      RDSSERVER.Broad-oak.co.uk
Description:
Insufficient memory.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="SAVOnAccess" />
    <EventID Qualifiers="57405">11</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-08-10T10:28:13.468512700Z" />
    <EventRecordID>215138</EventRecordID>
    <Channel>System</Channel>
    <Computer>RDSSERVER.Broad-oak.co.uk</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
    </Data>
    <Binary>0000040001000000000000000B003DE075014B01830100C0000000000000000000000000000000009A0000C0</Binary>
  </EventData>
</Event>
Comment: Seems to occur when an RDS client is opening an email in Outlook via Exchange svr
Event ID: 11
Event Source: Financial Management
Event Type: Error
Event Description: Error 11 Administrator 08/30/2012 13:11:57 CHsxHFMConnection.cpp Line 571 <xml version="1.0">
<EStr><Ref>{D24EC319-BB8D-4335-A0E4-CB8C12446F3A}</Ref><AppName>USRPT</AppName><User/><DBUpdate>1</DBUpdate><ESec><Num>-2147467259</Num><Type>1</Type><DTime>8/30/2012 1:11:33 PM</DTime><Svr>SREENU-FC8F559F</Svr><File>CHsxHFMConnection.cpp</File><Line>2240</Line><Ver>11.1.1.3.0.2413</Ver><ExErr>Unspecified error</ExErr></ESec><ESec><Num>-2147467259</Num><Type>0</Type><DTime>8/30/2012 1:11:54 PM</DTime><Svr>SREENU-FC8F559F</Svr><File>CHsxHFMConnection.cpp</File><Line>2125</Line><Ver>11.1.1.3.0.2413</Ver></ESec><ESec><Num>-2147467259</Num><Type>0</Type><DTime>8/30/2012 1:11:57 PM</DTime><Svr>SREENU-FC8F559F</Svr><File>CHsxHFMConnection.cpp</File><Line>2095</Line><Ver>11.1.1.3.0.2413</Ver></ESec><ESec><Num>-2147467259</Num><Type>0</Type><DTime>8/30/2012 1:11:57 PM</DTime><Svr>SREENU-FC8F559F</Svr><File>CHsxHFMConnection.cpp</File><Line>571</Line><Ver>11.1.1.3.0.2413</Ver></ESec></EStr>

Comment:
Event ID: 11
Event Source: disc
Event Type: Error
Event Description: драйвер обнаружил ошибку контроллера device ide ideport0
Comment:
Event ID: 11
Event Source: atapi
Event Type: Error
Event Description: \Device\Ide\IdePort0
   0000100001000000000000000B0004C002000000850100C00000000000000000000000000000000000000000000000000000000004100000

Comment: 0000: 00100000 00000001 00000000 C004000B
0008: 00000002 C0000185 00000000 00000000
0010: 00000000 00000000 00000000 00000000
0018: 00000000 00001004  


In Bytes

0000: 00 00 10 00 01 00 00 00   ........
0008: 00 00 00 00 0B 00 04 C0   .......
0010: 02 00 00 00 85 01 00 C0   ....…..
0018: 00 00 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........
0028: 00 00 00 00 00 00 00 00   ........
0030: 00 00 00 00 04 10 00 00   ........
Event ID: 11
Event Source: atapi
Event Type: -
Event Description: -
Comment: Definitely a sign of a failing drive. In my case it was pending bad sector remaps. Index: 3421

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...