Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 2

Source
3wDrv100
Level
Warning
Description
The 3ware Escalade Service should be removed (<number>)
Source
acvpnagent
Level
Error
Description
message string data: Function: CNetEnvironment::TestAccessToSG
File: .\NetEnvironment.cpp
Line: 1015
Invoked Function: CCertHelper::VerifyServerCertificate
Return Code: -31326190 (0xFE220012)
Description: CERTIFICATE_ERROR_VERIFY_CHAIN_POLICY_FAILED_ASKUSER
server name: 172.168.2.66
Source
ACW_DE
Level
Error
Description
File could not be found: HTTP Error 404 - File or directory not found.
/acw/ACWRuntime.cab  The URL is invalid
Source
afacomm
Level
Warning
Description
The description for Event ID ( 2 ) in Source ( afacomm ) could not be found. It contains the following insertion string(s): \AfaComm, 0.
Source
AmdK8
Level
Error
Description
The Acpi 2.0_PCT object returned an invalid value of 255.
Source
Apache Jakarta Connector2
Level
Warning
Description
The description for Event ID ( 2 ) in Source ( Apache Jakarta Connector2 ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: [jk_worker_ajp13.c (546)]: ajp13.service() ajpGetReply recoverable error 120000.
Source
ApplicationExperienceInfrastructure
Level
Warning
Description
The application (Windows Media Technologies, from vendor Microsoft) was hard-blocked and raised the following: This version of Windows Media Technologies is incompatible with or has been superseded by this version of Windows. For more information, view the information at the Microsoft
web site.
Source
ASCIASSV
Level
Error
Description
The description for Event ID ( 2 ) in Source ( ASCIASSV ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: .
Source
ati
Level
Error
Description
Unable to map required address ranges for graphics card. Data: 0000: ..
Source
ati2mtag
Level
Error
Description
Unable to map required address ranges for graphics card.
Source
atirage
Level
Error
Description
Unable to map required address ranges for graphics card.
Source
BES Crypto Kernel
Level
Error
Description
The description for Event ID ( 2 ) in Source ( BES Crypto Kernel ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: Error 0x80090016 while initializing random number generator.
Source
ccPwdSvc
Level
Error
Description
Application terminated
Source
Citrix Resource Management
Level
Error
Description
Resource Manager failed to create or connect to its local Microsoft Access database. The database file may be in use by another process. The drive you have chosen to install Resource Manager on may be full. A Resource Manager directory may be missing. Microsoft ODBC and the Microsoft Access driver may not be installed correctly.
Source
CLUSIIS4
Level
Error
Description
Server W3SVC instance <instance number> does not respond to <protocol name> query, error <error code>.
For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.
Source
Compaq Insight Manager 7
Level
Warning
Description
compaq Insight Manager 7 Application Stopped.
Source
Compaq Power Management
Level
Information
Description
<computer name> shutdown has been cancelled.
Source
crypt32
Level
Information
Description
Successful auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Source
CTBusBroker
Level
Error
Description
TDM bus user settings were rewritten because of bus configuration failure 0x20000060. This will happen if the resources have changed and is usually not cause for alarm.
Source
DB2
Level
Error
Description
The description for Event ID ( 2 ) in Source ( DB2 ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: database_monitor  sqm.sqlm_log_ev_err 2.2055.
Source
Device Lock
Level
Error
Description
\Device\LanmanRedirector\;E:0\ppws012\Paypoint - Access is denied. (5)
Source
Disk
Level
Error
Description
The driver could not allocate something necessary for the request for <device>.
Source
dmboot
Level
Warning
Description
Volume Volume1(C): started in failed redundency mode.
Source
dmboot
Level
Error
Description
dmboot: Failed to start volume Volume2 (no mountpoint).
Source
DNS
Level
Information
Description
The DNS server has started.
Source
DPM-EM
Level
Error
Description
The replica of <volume name> on <computer name> is inconsistent with the protected data source. All protection activities for data source will fail until the replica is synchronized with consistency check. (ID: 3106) The replica on the DPM server for <volume name> on <computer name> is inconsistent. Changes cannot be applied to file \RECOVERYBIN\<file path>. (ID: 109) DPM PS ID: <guid>^|^<computer name>^|^Replica is inconsistent^|^DPM Protected^|^Replica^|^D:When a consistency check runs on the protected volume, the replica becomes consistent and then intermittently fails again. In the description of the Event error, the path of the file will always start with \RECOVERYBIN.
Source
elipsanagent
Level
Error
Description
The description for Event ID ( 2 ) in Source ( elipsanagent ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description see Help and Support for details. The following information is part of the event: ??????????????????????.
Source
EQ Device Control Engine
Level
Error
Description
An exception was caught. File: .\DCETSDeviceController.cpp Line: 4293.
Source
eXclaimer
Level
Error
Description
eXclaimer was unable to open the file <file>. The error was 33.
Source
ExtremeZ-IP
Level
Error
Description
Long delays processing Mac client commands have been detected. This could be an indication of a server hardware or operating system problem. Please see the following knowledge base article for further information.
Source
ExWin32
Level
Error
Description
The Exchange IFS failed to commit changes to the database for <file name>.eml because of error 80030009. Changes related to this object may have been lost.
Source
FAXmaker
Level
Error
Description
Unable to logon MAPI session.
Source
FireWall-1
Level
Information
Description
FireWall-1: <user>@<server> Logged in.
Source
Flpydisk
Level
Error
Description
The description for Event ID ( 2 ) in Source ( Flpydisk ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: \Device\Floppy0.
Source
FW1
Level
Information
Description
The description for Event ID ( 2 ) in Source ( FW1 ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: , Attached to UKNOWN. Data: 0000:
Source
GFI EventsManager
Level
Warning
Description
<?xml version="1.0" encoding="utf-16"?>
<CheckResults xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<checkID>2</checkID>
<setID>0</setID>
<checkResult>0</checkResult>
<computer>W2K8SV02</computer>
<resultDetails />
</CheckResults>
Source
Hardlock
Level
Warning
Description
...\SafeKey\SafeFAST registry key not found.
Source
HECI
Level
Information
Description
The description for Event ID ( 2 ) in Source ( HECI ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description see Help and Support for details. The following information is part of the event:
Source
HidBth
Level
Warning
Description
Bluetooth HID device (00:0d:3a:a4:59:5c) either went out of range or became unresponsive.
Source
hidsys
Level
Error
Description
The description for Event ID ( 2 ) in Source ( hidsys ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: \Device\HidSys.
Source
IAS
Level
Warning
Description
User <username> was denied access.
Fully-Qualified-User-Name = <domain>/<OU or container>/<username>
NAS-IP-Address = <ip address>
NAS-Identifier = <not present>
Called-Station-Identifier = <not present>
Calling-Station-Identifier = <ip address>
Client-Friendly-Name = <IAS Client name>
Client-IP-Address = <ip address>
NAS-Port-Type = Virtual
NAS-Port = 131
Policy-Name = Allow access if dial-in permission is enabled
Authentication-Type = PAP
EAP-Type = <undetermined>
Reason-Code = 66
Reason = <reason>
Source
IISCTLS
Level
Information
Description
IIS stop command received from user DOMAIN\username. The logged data is the status code.
Source
IISLOG
Level
Error
Description
IIS Logging was unable to create the directory <directory name(s)>. The data is the error.
For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.
Source
Insight Manager 7
Level
Warning
Description
A login attempt was made by an invalid user.
Source
intelppm
Level
Error
Description
The Acpi 2.0 _PCT object returned an invalid value of <value>.
Source
LDM
Level
Error
Description
<description>. (<error code>).
Source
LMS
Level
Error
Description
LMS Service lost connection to HECI driver.
Source
LOGITECH
Level
Error
Description
The description for Event ID ( 2 ) in Source ( LOGITECH ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event:.
Source
MFSNMPAgent
Level
Information
Description
MetaFrame SNMP Agent acquired a license. MetaFrame SNMP Agent is enabled.
Source
Microsoft CRM
Level
Error
Description
MSCRM Platform Error Report:
--------------------------------------------------------------------------------------------------------
Error: Unable to access crystal; check to see if you have enough licenses : Unable to log into crystal; check to see if you have enough licenses : Unable to communicate with crystallogon.csp

Error Message: Unable to access crystal; check to see if you have enough licenses : Unable to log into crystal; check to see if you have enough licenses : Unable to communicate with crystallogon.csp

Error Details: Details on this error have not been provided by the platform.

Source File: Not available

Line Number: Not available

Stack Trace Info:    at System.Web.UI.Page.HandleError(Exception e)
   at System.Web.UI.Page.ProcessRequestMain()
   at System.Web.UI.Page.ProcessRequest()
   at System.Web.UI.Page.ProcessRequest(HttpContext context)
   at System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step Boolean& completedSynchronously)
Source
Microsoft Project Server Tracing Eventlog Provider
Level
Error
Description
component: <component name>
File: <file path>
Line: <value>
Error Number: <error code>
Description: <description>
Source
Microsoft Web Proxy
Level
Error
Description
Microsoft Web Proxy was unable to open ODBC Data Source proxylog, Table: msp_log, under User Name [<domain name>\<user name>]. The ODBC Error description is: The operation completed successfully. . For more information about this event, see ISA Server Help.
Source
Microsoft-Windows-Kernel-EventTracing
Level
Error
Description
Session "WbadminUIInBuiltTracing" failed to start with the following error: 0xC0000035
Source
Microsoft-Windows-WHEA-Logger
Level
Warning
Description
A corrected hardware error occurred. A record describing the condition is contained in the data section of this event.
Source
MPathSrv
Level
Error
Description
The description for Event ID ( 2 ) in Source ( MPathSrv ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: PowerPath Driver not loaded!.
Source
MSExchange Configuration Core
Level
Error
Description
The description for Event ID 2 from source MSExchange Configuration Core cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer the display information had to be saved with the event.

The following information was included with the event:

12048
w3wp.exe
Exception from CmdletLogger.AsyncCommit : System.ArgumentException: activityScope is null.
   at Microsoft.Exchange.Diagnostics.CmdletInfra.CmdletLogger.AsyncCommit(Guid cmdletUniqueId Boolean forceSync)
   at Microsoft.Exchange.Configuration.Tasks.LoggingModule.CommitLog(String loggingStep)

the message resource is present but the message is not found in the string/message table

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="MSExchange Configuration Core" />
    <EventID Qualifiers="49152">2</EventID>
    <Level>2</Level>
    <Task>1</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-12-11T14:55:23.000000000Z" />
    <EventRecordID>1727928</EventRecordID>
    <Channel>Application</Channel>
    <Computer>ERMAILP6.everestre.net</Computer>
    <Security />
  </System>
  <EventData>
    <Data>12048</Data>
    <Data>w3wp.exe</Data>
    <Data>Exception from CmdletLogger.AsyncCommit : System.ArgumentException: activityScope is null.
   at Microsoft.Exchange.Diagnostics.CmdletInfra.CmdletLogger.AsyncCommit(Guid cmdletUniqueId Boolean forceSync)
   at Microsoft.Exchange.Configuration.Tasks.LoggingModule.CommitLog(String loggingStep)</Data>
  </EventData>
</Event>
Source
NRPE_NT
Level
Warning
Description
NRPE_NT: <error>.
Source
NSClient
Level
Error
Description
NSClient Error: PDH.dll Collect CPU - ERROR: 0x800007D6
Source
nvatabus
Level
Information
Description
Device identified.
Source
OMCI
Level
Warning
Description
Disk free space has dropped below the minimum threshold. Free up space on your hard disk drive by:
1. Backing up your data to a tape backup, ZIP or network drive.
2. Delete unused files.  
If you are unsure which files are safe to move or delete, contact your Help Desk or consult your software manuals.
Source
OMCI
Level
Warning
Description
Chassis intrusion detected. This typically does NOT indicate a hardware failure.
1. Contact your Help Desk if you did not personally open your chassis.
2. Enter System Setup & Set Chassis Intrusion to "Clear".
Source
otman4
Level
Warning
Description
Error <error code> during OTM operation, OTM disabled for rest of the session.
Source
OtMan5
Level
Warning
Description
Error e0001005 during OTM operationm OTM disabled for rest of the session.
Source
ParVdm
Level
Error
Description
Unable to get device object pointer for port object.
Source
PjTraceSvc
Level
Error
Description
A message passed to the tracing service had an incorrect format, the message follows
<Error><Component></Component><File>C:\Office\dev\project\WebClient\source\server\pjdbcomm\Main.cpp</File><Line>66</Line><Description><![CDATA[process terminated.]]></Description></Error>
Source
pnupsvc
Level
Error
Description
Cannot add printer HP LaserJet 4050 Series PCL6 (Copy 1) [KeriazeJ:3] (error=1796).
Source
POPconSrv
Level
Warning
Description
Warning: POP3 Mail request not possible. Timeout by waiting for Host.
Source
PremierAccess Agent Service
Level
Error
Description
Error: Problem with filter session.  SCC error: 11 OS error: 109.
Source
Print
Level
Information
Description
Printer <printer name> was created.
Source
Print
Level
Error
Description
Priority of document <document name> on <printer name>, owner <owner name>, was changed from <initial priority> to <changed priority>.
Source
redbook
Level
Error
Description
Redbook could not open the MIXER device. It may not exist, be in use, or there may be other audio problems. Redbook requires both a WDM audio driver and kernel streaming to be enabled. The audio device may have changed in an unsafe manner, been removed, or have other problems.
Source
Regional and Language Options
Level
Information
Description
Default User User Interface Language has been changed to <code>.
Source
RPC Proxy
Level
Error
Description
The following ValidPorts registry key could not be parsed. <computer name>: 100'5000. The RPC Proxy cannot load. The ValidPorts registry key might have been configured incorrectly. User Action Verify that the ValidPorts registry value is set correctly. If the value is not correct, edit the registry key to reflect the correct value.
Source
SAPlpd
Level
Warning
Description
The description for Event ID ( 2 ) in Source ( SAPlpd ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: The printer name is invalid.
Source
SccAAAServer
Level
Error
Description
The description for Event ID ( 2 ) in Source ( SccAAAServer ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: (EasspServerMsgs Eassp2-1 ERROR 2005/12/06 16:35:08.618 (CET)) IdMapper error: 2 - mapId(): Unable to translate AD id to a SafeWord one.
Source
Serial
Level
Information
Description
While validating that \device\serial0 was really a serial port, a fifo was detected. The fifo will be used.
Source
SHARSHTL
Level
Error
Description
The description for Event ID ( 2 ) in Source ( SHARSHTL ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: .
Source
SimpTcp
Level
Warning
Description
The Simple TCP/IP Services could not find the UDP Echo port. The UDP Echo service was not started.  
Source
SOCKS Filter
Level
Error
Description
SOCKS filter: failed to bind IP address <ip address>:<port> for listening.
Future SOCKS requests will be refused.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Source
SQLBrowser
Level
Warning
Description
The configuration of the SQL instance <instance name> is not valid.
Source
SQLCTR60
Level
Error
Description
OpenSQLPerformanceData: Cannot Connect to SQL Server - <server name>.
Source
STCAgent
Level
Error
Description
Termination reason code 5 [USER_LOGGING_OFF].
Source
STEMSND
Level
Error
Description
Critical error: SurfControl E-mail Filter has a critical logging error. Please check that the logging DSN is available and operational.
Source
Symantec AntiVirus
Level
Information
Description
Scan Complete:  Threats: <value>   Scanned: <value>   Files/Folders/Drives Omitted: <value>
Source
Symantec Mail Security for SMTP
Level
Warning
Description
Error <error code> receiving data from remote host. (<IP address>)
Source
TCPMon
Level
Warning
Description
The description for Event ID ( 2 ) in Source ( TCPMon ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description see Help and Support for details. The following information is part of the event: IP_192.168.1.251.
Source
Telephony Services
Level
Error
Description
Error: <error message>.
Source
UM Services
Level
Error
Description
Temperature Sensor <number> exceeded threshold of <value> Celcius. The current value is <value> Celcius.
Source
Virtual Server
Level
Information
Description
Virtual Server was successfully launched.
Source
vmbus
Level
Error
Description
The parent partition uses a different VMBus version. You need to Install a matching VMBus version in this guest installation.
Source
VMnetDHCP
Level
Error
Description
The description for Event ID ( 2 ) in Source ( VMnetDHCP ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: , SetServiceStatus.
Source
VxSvc_Alert
Level
Error
Description
<provider> provider reported physical disk <disk> was removed or is temporarily unavailable.
Source
Web Interface
Level
Error
Description
The description for Event ID ( 2 ) in Source ( Web Interface ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Failure while attempting to write to swec.md5.
Source
WindowsUpdateV3
Level
Warning
Description
The description for Event ID ( 2 ) in Source ( WindowsUpdateV3 ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: V3_2|4702|INSTALL| <Name of update package> |1,0,2195,0| <date> <time> |1|FAIL| <error number> |The system cannot find the file specified.|.
Source
WinSock Proxy Client
Level
Error
Description
Application [<application>]. Authentication failed. Check if the process doesn't run in the system account. If it does, force the credentials for the application via the client configuration and CREDTOOL.
Source
WLTRYSVC
Level
Error
Description
SetServiceStatus() failed

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...