Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Comments for event ID 4 currently in the processing queue.

Note: We have not reviewed this information yet so it is unfiltered, exactly how it was submitted by our contributors.

Event ID: 4
Event Source: WUSA
Event Type: Error
Event Description: The Windows update Hotfix for Windows (KB940105) requires reboot. (Command line: ""C:\Windows\system32\wusa.exe" "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BG9HZQDC\Windows6.0-KB940105-x64[1].msu"   ")
Comment: This problem occured with Vista x64 Premium and has affected both Internet Explorer and Windows Updates. Even downloading the correct update manually results in an error stating that you have the wrong update for your operating system. Currently I have a ticket open with Microsoft support to try to fix this issue.
Event ID: 4
Event Source: SentinelKeysServer
Event Type: Error
Event Description: The description for Event ID ( 4 ) in Source ( SentinelKeysServer ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description see Help and Support for details. The following information is part of the event: .
Comment:
Event ID: 4
Event Source: QuickBooks
Event Type: Error
Event Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Comment: Just installed QuickBooks 2010 Enterprise on our Terminal Server.
Receiveing 16 of these errors in the Application Log on each subqequent reboot.
Event ID: 4
Event Source: Avid Unity ISIS Admin Server
Event Type: Error
Event Description: ssl connection accept failed.  terminating request.
Comment:
Event ID: 4
Event Source: E1000
Event Type: Error
Event Description: Intel(R) PRO/1000 MT Desktop Adapter  PROBLEM: Could not find a PRO/1000 adapter.  ACTION: Reinstall driver.
Comment:
Event ID: 4
Event Source: EventCollector-Operation
Event Type: Warning
Event Description: The Subscription WSManSelRg could not be activated on target machine localhost due to communication error.  Error Code is 5.  The subscription will be in retrying state until the subscription becomes active or all retries have been performed. Additional fault message:<f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="5" Machine="machinename.domain"><f:Message>Access is denied. </f:Message></f:WSManFault>

For more information see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Comment: I do not know exactly what this is related to or how to fix it.  I am having multiple problems with this Win2003 Srv R2 Std SP2.  It keeps losing communication completely with anything other than self.  Cannot determine where issue lies but restart resolves the issue until a random point in time it does it again.  I also fail to see a pattern within these error dates/times...which have been:
9/11/2010 @ 1:34pm 9/15/2010 @ 7:20am 10/19/2010 @ 10:42am 11/3/2010 @ 8:54am 11/11/2010 @ 3:51pm 11/15/2010 @ 3:29pm 11/17/2010 @ 3:24pm
Event ID: 4
Event Source: Microsoft-Windows-Kernel-Tm
Event Type: Warning
Event Description: The TransactionManager (TmId={4c9331d8-3098-11e0-97a1-806e6f6e6963} LogPath=\SystemRoot\System32\Config\TxR\{4c9331d6-3098-11e0-97a1-806e6f6e6963}.TM) has failed to advance its log tail due to the transaction (UOW={4c9331f2-3098-11e0-97a1-70f39509e018} Description='''') being unresolved for some time.  The transaction must be forced to resolve in order for the TransactionManager to continue to provide transactional services.  Forcing the incorrect outcome may cause data corruption in any subordinate ResourceManagers or Transactionmanagers.

Comment:
Event ID: 4
Event Source: Applicagtion
Event Type: Error
Event Description: Log: Application
Type: Error
Event: 4
Agent Time: 2012-06-09 03:03:44Z
Event Time: 10:00:17 AM 9-Jun-2012 UTC
Source: Microsoft-SharePoint Products-SharePoint Foundation Search
Category: Search service
Username: spsearch
Computer: CT-VMG.ctm.local
Description: The system exception c0000005 occurred. 000007FEBD6966F3.
Comment:
Event ID: 4
Event Source: Microsoft-Windows-Time-Service
Event Type: Error
Event Description: Der Zeitanbieter "NtpClient" wurde aufgrund des folgenden Fehlers nicht gestartet: Die Konfigurationsdaten für dieses Produkt sind beschädigt. Wenden Sie sich an den Support. (0x8007064A)
Comment: Hello Sirs
In English it means something like:
The NtpClient was not started due to the following error: The configuration data for this product are corrupt.

This occoured on a fresh installed DC (roles: AD DS DNS).
Windows Server 2012 R2 German 64Bit Amazon AWS EC2 Instance
First w32tm was used to set an external time source.
Then after reboot I found that I used the wrong ntp sources. I mistyped the names.
I again set the time source whith this command:
w32tm /config /manualpeerlist:”ptbtime1.ptb.de ptbtime1.ptb.de ptbtime1.ptb.de” /syncfromflags:manual /reliable:yes /update
w32tm /resync
Both commands reported success however
w32tm /query /source
still reported the wrong ntp source. After server reboot the above event was logged. No solution found yet.

Best regards
Friedhelm Budnick
Event ID: 4
Event Source: EmcPowerPathService
Event Type: Error
Event Description: EMC Power Path Error: Host autoregistration: Error: Failed to update host registration info
Comment:
Event ID: 4
Event Source: Kernal-Event Tracing
Event Type: Warning
Event Description: Under the General Tab
The maximum file size for session ReadyBoost has been reached. As a result events might be lost (not logged) to file C:\Windows\Prefetch\ReadyBoot\ReadyBoot.etl. The maximum files size is currently set to 20971520 bytes.

Under the Details Tab
System

  - Provider

   [ Name]  Microsoft-Windows-Kernel-EventTracing
   [ Guid]  {B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}

   EventID 4

   Version 0

   Level 3

   Task 1

   Opcode 10

   Keywords 0x8000000000000010

  - TimeCreated

   [ SystemTime]  2015-12-14T22:43:50.978803900Z

   EventRecordID 184

   Correlation

  - Execution

   [ ProcessID]  4
   [ ThreadID]  204

   Channel Microsoft-Windows-Kernel-EventTracing/Admin

   Computer Loukas1-PC

  - Security

   [ UserID]  S-1-5-18


- EventData

  SessionName ReadyBoot
  FileName C:\Windows\Prefetch\ReadyBoot\ReadyBoot.etl
  ErrorCode 3221225864
  LoggingMode 0
  MaxFileSize 20971520

Comment: This event is occurring every 5 mins. give or take a few seconds
Event ID: 4
Event Source: Kernel-EventTracing
Event Type: Error
Event Description: The maximum file size for session "ReadyBoot" has been reached. As a result events might be lost (not logged) to file "C:\Windows\Prefetch\ReadyBoot\ReadyBoot.etl". The maximum files size is currently set to 20971520 bytes.
Comment:

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...