Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Comments for event ID 6 currently in the processing queue.

Note: We have not reviewed this information yet so it is unfiltered, exactly how it was submitted by our contributors.

Event ID: 6
Event Source: SLM Agent
Event Type: Error
Event Description: comms.c 294: WriteFile: (233) No process is on the other end of the pipe.
Comment:
Event ID: 6
Event Source: symcint2
Event Type: Error
Event Description: A Device has failed to respond to CI commands
Comment: OS W2KADVServer
It seems to be generated because I switched an external SCSI Storage System off without to disconnect it first.
Event ID: 6
Event Source: AutoEnrollment
Event Type: Error
Event Description:
Automatic certificate enrollment for local system could not find a valid certificate template to match DomainController as specified in the group policy automatic enrollment object.  Enrollment will not be performed.

Comment:
Event ID: 6
Event Source: TimeServ
Event Type: Error
Event Description: Time set (offset > .5 second)
Comment: This generally happens every 8 hours. There is no cause for alarm.
Event ID: 6
Event Source: SNA DDM Service
Event Type: Error
Event Description: The description for Event ID ( 6 ) in Source ( SNA DDM Service ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: Access is denied.
.
Comment:
Event ID: 6
Event Source: ltmodem5
Event Type: Error
Event Description:
Event Type: Warning

Event Source: ltmodem5
Event Category: None
Event ID: 6
Date: 11/24/2004
Time: 1:19:16 PM
User: N/A
Computer: BWFS01
Description:
The description for Event ID ( 6 ) in Source ( ltmodem5 ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event:  \Device\ltmodem1.
Data:
0000: 00 00 00 00 02 00 52 00   ......R.
0008: 00 00 00 00 06 00 06 80   .......€
0010: 37 00 00 00 34 00 00 c0   7...4..À
0018: 00 00 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........

Comment:
Event ID: 6
Event Source: wsxica
Event Type: Warning
Event Description: Unused Citrix Logon Tickets have reached the maximum limit
Comment:
Event ID: 6
Event Source: SSWExchangeExtraction
Event Type: Error
Event Description: An error occurred while attempting to retrieve data from the Exchange store. Access to the Inbox Folder: "username" was denied.
....................
Exception:
SSW.ExchangeReporter.BusinessService.ExtractionException: An error occurred while attempting to retrieve data from the Exchange store. Access to the inbox folder: "username" was denied. --->
System.Exception: Access denied
---End of inner exception stack trace--
Comment: The user who is running this application has Full Mailbox Access.
Event ID: 6
Event Source: RAS1500 NT Security Client
Event Type: Warning
Event Description: The description for Event ID ( 6 ) in Source ( RAS1500 NT Security Client ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details.
Comment:
Event ID: 6
Event Source: WinRT
Event Type: Error
Event Description: Could not create WinRTdev0.  Assignment of resources failed with status 0xC000009A.
Comment: Updated MDAC last night now users are having problems getting connecting via Remote Desktop. When they exit a session they get an error with PowerMeter.
Event ID: 6
Event Source: entercept agent
Event Type: Error
Event Description: ERROR: Could not retrieve Public Key.  Make sure this machine can communicate with the Agent Server a component of the Management Server at IP: "server name"  Port: 5005.  Agent process terminated
Comment: nothing found on mcafee or general google searches
Event ID: 6
Event Source: hdd info service
Event Type: Error
Event Description: CheckTemperature. Exception. hr = -2030043129.
Comment: Hard drive was replaced - same error continues.
Event ID: 6
Event Source: System Release DAL
Event Type: Warning
Event Description: The description for Event ID ( 6 ) in Source ( System Release DAL ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: System Release DAL 0x4d4 from GetQueuedCompletionStatus in session (192.168.1.2 port 2310).  The network connection was aborted by the local system..
Comment:
Event ID: 6
Event Source: Acronis True Image Server
Event Type: Information
Event Description: The description for Event ID ( 6 ) in Source ( Acronis True Image Server ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description see Help and Support for details. The following information is part of the event: Operation has succeeded..
Comment:
Event ID: 6
Event Source: TMEAConfig_17492
Event Type: Error
Event Description:
Event Type: Error

Event Source: TMEAConfig_17492
Event Category: None
Event ID: 6
Date: 2/17/2009
Time: 1:37:19 PM
User: N/A
Computer: NT******
Description:
The service returned the following error ERROR: Command Device failure: [EL_ESPERM] Permission denied with the SLPR.
.

Comment: We have a memory issue to be addressed with a newer version of Windows that will allow the system to utilize all available memory. Hopefully this is a symptom of this error and will be corrected by the new OS version.
Event ID: 6
Event Source: vssfswip
Event Type: Error
Event Description:
Event Type: Error

Event Source: VSSFSWIP
Event Category: None
Event ID: 6
Date: 5/27/2009
Time: 10:34:02 PM
User: N/A
Computer: FSERVER
Description:
The driver failed to locate a period of write inactivity for VSS snapshots.
Data:
0000: 00 00 00 00 02 00 5a 00   ......Z.
0008: 00 00 00 00 06 00 07 c0   .......À
0010: 00 00 00 00 00 00 00 00   ........
0018: 00 00 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........

Comment: backups of system volume information are failing
Event ID: 6
Event Source: Norton AntiVirus
Event Type: -
Event Description: -
Comment: I had the "extraction error" problem on all of my computers.  Then I read Symantec's response to this issue, which included a potential problem when the AV engine encounters a file it has not been authorized to open.  I had all of my Symantec AV protected computers configured to protect "selected extensions" rather than "all types", which is the default setting.  When I configured Symantec AV to protect "all types" the "extraction error problem went away.
Rob Index: 1293
Event ID: 6
Event Source: MSExchange Web Services
Event Type: Warning
Event Description: Unable to send a notification for subscription FgBtZWRleGNoLm1lZHN0YXI5MTEub3JnEAAAAGY4MS2lMadEhm7EKZkrJkI=. (Send attempts: 6)
Comment: Research seems to say issue is Exchange 2007 trying to notify a device but device not there.  We do have iPhones using activesync.  Not sure how to resolve.
Event ID: 6
Event Source: Kernal-General
Event Type: Error
Event Description: Log Name:      System
Source:        Microsoft-Windows-Kernel-General
Date:          4/28/2011 8:52:58 AM
Event ID:      6
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      DHCPINTRANET
Description:
An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''\SystemRoot\System32\Config\SOFTWARE''.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
    <EventID>6</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2011-04-28T03:22:58.287Z" />
    <EventRecordID>35850</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="84" />
    <Channel>System</Channel>
    <Computer>DHCPINTRANET</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="FinalStatus">0xc000014d</Data>
    <Data Name="ExtraStringLength">36</Data>
    <Data Name="ExtraString">\SystemRoot\System32\Config\SOFTWARE</Data>
  </EventData>
</Event>
Comment:
Event ID: 6
Event Source: FilterManager
Event Type: Information
Event Description: File System Filter ''luafv'' (6.1 2009-07-13T18:26:13.000000000Z) has successfully loaded and registered with Filter Manager.
Comment: Google search result to an MSDN Archive Blog dated June 25 2009.
Event ID: 6
Event Source: CertificateServicesClient-AutoEnrollment
Event Type: Error
Event Description: Error en la inscripción de certificados automática para Sistema local: (0x800706ba) El servidor RPC no está disponible.

Comment:
Event ID: 6
Event Source: File Manage
Event Type: Information
Event Description: Log Name:      System
Source:        Microsoft-Windows-FilterManager
Date:          3/10/2014 6:58:56 AM
Event ID:      6
Task Category: None
Level:         Information
Keywords:      
User:          SYSTEM
Computer:      LENOVO-200768U
Description:
File System Filter ''FileInfo'' (6.1 �‎-󈕿‎-󈖅T18:21:51.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-FilterManager" Guid="{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}" />
    <EventID>6</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2014-03-10T11:58:56.559203600Z" />
    <EventRecordID>913214</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="8" />
    <Channel>System</Channel>
    <Computer>LENOVO-200768U</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="FinalStatus">0x0</Data>
    <Data Name="DeviceVersionMajor">6</Data>
    <Data Name="DeviceVersionMinor">1</Data>
    <Data Name="DeviceNameLength">8</Data>
    <Data Name="DeviceName">FileInfo</Data>
    <Data Name="DeviceTime">2009-07-13T18:21:51.000000000Z</Data>
  </EventData>
</Event>

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-FilterManager" Guid="{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}" />
  <EventID>6</EventID>
  <Version>0</Version>
  <Level>4</Level>
  <Task>0</Task>
  <Opcode>0</Opcode>
  <Keywords>0x8000000000000000</Keywords>
  <TimeCreated SystemTime="2014-03-10T11:58:56.559203600Z" />
  <EventRecordID>913214</EventRecordID>
  <Correlation />
  <Execution ProcessID="4" ThreadID="8" />
  <Channel>System</Channel>
  <Computer>LENOVO-200768U</Computer>
  <Security UserID="S-1-5-18" />
  </System>
- <EventData>
  <Data Name="FinalStatus">0x0</Data>
  <Data Name="DeviceVersionMajor">6</Data>
  <Data Name="DeviceVersionMinor">1</Data>
  <Data Name="DeviceNameLength">8</Data>
  <Data Name="DeviceName">FileInfo</Data>
  <Data Name="DeviceTime">2009-07-13T18:21:51.000000000Z</Data>
  </EventData>
  </Event>
Comment:
Event ID: 6
Event Source: MSExchange Web Services
Event Type: Warning
Event Description: A notification for subscription [FABzMjM3NmMyMS5jZHNtYWlsLnB2dBAAAACgRcrYbIRFQJzCc8Z57ZZ94gnggzpW0gg=] against endpoint [http://172.20.12.212:7080/NotificationService/services/NotificationServiceid=601dc045-38bc-4e4b-a61a-314c871aa678&pid=10120] couldn''t be sent. (Send attempts: 4) Details: WebException: Unable to connect to the remote server Status: ConnectFailure    at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult TransportContext& context)
   at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult)
   at Microsoft.Exchange.Services.Core.NotificationServiceClient.CreateSendNotificationRequestAsync(IAsyncResult requestAsyncResult)
Comment:
Event ID: 6
Event Source: Microsoft-Windows-CertificateServicesClient
Event Type: -
Event Description: -
Comment: I ended up changing the DNS from a RODC to a Forest Root DC.  That fixed it.  I looked at the RODC  and did a "chkdsk c: /v " and say over 1000 errors and the requirement to run /f.  Doing that now. Index: 11354

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...