Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 13515 Source: NtFrs

The File Replication Service may be preventing the computer NEMESIS from becoming a domain controller while the system volume is being initialized and then shared as SYSVOL. Type net share to check for the SYSVOL share. The File Replication Service has stopped preventing the computer from becoming a domain controller once the SYSVOL share appears. The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume. The initialization of the system volume can be bypassed by first typing regedt32 and setting the value of SysvolReady to 1 and then restarting the Netlogon service. WARNING - BYPASSING THE SYSTEM VOLUME INITIALIZATION IS NOT RECOMMENDED. Applications may fail in unexpected ways. The value SysvolReady is located by clicking on HKEY_LOCAL_MACHINE and then clicking on System, CurrentControlSet, Services, Netlogon, and Parameters. T2001-03-27,22:47:18,,5,4,EvntSLog:214520: [AUF] Tue Mar 27 22:47:17 2001: KANT/Security (578) - Privileged object operation: Object Server: Security Object Handle: 4294967295 Process ID: 1656 Primary User Name: DOMPDC$ Primary Domain:CORPDOM Primary Logon ID: (0x0,0x3E7) Client User Name: adrian Client Domain: CORPDOM Client Logon ID: (0x0,0x5ECEE65) Privileges: SeIncreaseBasePriorityPrivilege
Windows 2000 does not support the SYSVOL folder on a mounted volume. The File Replication service takes the full path of the SYSVOL folder and opens a journal on that volume to track changes. Also, a number of functions internal to the File Replication service use the volume handle as an argument. With a mounted volume, the SYSVOL folder and the data it contains actually resides on another volume entirely; the journal cannot track changes and the internal File Replication service functions mentioned earlier do not work.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.