Windows Event Logs 1

Find it. Solve it.
Post Reply
thaterrormessage
Site Admin
Posts: 7238
Joined: Tue Jul 14, 2020 3:21 pm

Windows Event Logs 1

Post by thaterrormessage »

Log Name: System
Source: Microsoft-Windows-Kernel-Power
Date: 2/7/2022 11:21:59 AM
Event ID: 41
Task Category: (63)
Level: Critical
Keywords: (70368744177664),(2)
User: SYSTEM
Computer: WIN10BASE
Description:
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331c3b3a-2005-44c2-ac5e-77220c37d6b4}" />
<EventID>41</EventID>
<Version>6</Version>
<Level>1</Level>
<Task>63</Task>
<Opcode>0</Opcode>
<Keywords>0x8000400000000002</Keywords>
<TimeCreated SystemTime="2022-02-07T17:21:59.955821400Z" />
<EventRecordID>40941</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>WIN10BASE</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BugcheckCode">0</Data>
<Data Name="BugcheckParameter1">0x0</Data>
<Data Name="BugcheckParameter2">0x0</Data>
<Data Name="BugcheckParameter3">0x0</Data>
<Data Name="BugcheckParameter4">0x0</Data>
<Data Name="SleepInProgress">0</Data>
<Data Name="PowerButtonTimestamp">0</Data>
<Data Name="BootAppStatus">0</Data>
<Data Name="Checkpoint">0</Data>
<Data Name="ConnectedStandbyInProgress">false</Data>
<Data Name="SystemSleepTransitionsToOn">0</Data>
<Data Name="CsEntryScenarioInstanceId">0</Data>
<Data Name="BugcheckInfoFromEFI">false</Data>
<Data Name="CheckpointStatus">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 2/25/2022 6:59:18 AM
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: LOCAL SERVICE
Computer: fhccxw10mp30077.
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-02-25T12:59:18.004646400Z" />
<EventRecordID>41090</EventRecordID>
<Correlation />
<Execution ProcessID="2040" ThreadID="1388" />
<Channel>System</Channel>
<Computer>fhccxw10mp30077.</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</Data>
<Data Name="param5">{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">LOCAL SERVICE</Data>
<Data Name="param8">S-1-5-19</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/19/2022 10:44:53 AM
Event ID: 7043
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: WIN10BASE
Description:
The Liquidware Labs Command Service service did not shut down properly after receiving a preshutdown control.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7043</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-01-19T16:44:53.283040100Z" />
<EventRecordID>40836</EventRecordID>
<Correlation ActivityID="{957c0cf3-0d51-0000-8229-7c95510dd801}" />
<Execution ProcessID="1596" ThreadID="3104" />
<Channel>System</Channel>
<Computer>WIN10BASE</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Liquidware Labs Command Service</Data>
<Binary>500072006F0075004E006500740043006D00640053006500720076006900630065000000</Binary>
</EventData>
</Event>

Log Name: System
Source: EventLog
Date: 2/7/2022 11:22:12 AM
Event ID: 6008
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: WIN10BASE
Description:
The previous system shutdown at 11:17:13 AM on ?2/?7/?2022 was unexpected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6008</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-02-07T17:22:12.622103200Z" />
<EventRecordID>40921</EventRecordID>
<Channel>System</Channel>
<Computer>WIN10BASE</Computer>
<Security />
</System>
<EventData>
<Data>11:17:13 AM</Data>
<Data>?2/?7/?2022</Data>
<Data>
</Data>
<Data>
</Data>
<Data>69</Data>
<Data>
</Data>
<Data>
</Data>
<Binary>E6070200010007000B0011000D00E101E607020001000700110011000D00E1013C0000003C000000000000000000000000000000000000000100000000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 2/25/2022 6:59:18 AM
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: LOCAL SERVICE
Computer: fhccxw10mp30077.
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-02-25T12:59:18.004646400Z" />
<EventRecordID>41089</EventRecordID>
<Correlation />
<Execution ProcessID="2040" ThreadID="3940" />
<Channel>System</Channel>
<Computer>fhccxw10mp30077.</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</Data>
<Data Name="param5">{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">LOCAL SERVICE</Data>
<Data Name="param8">S-1-5-19</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Eventlog
Date: 2/25/2022 6:58:15 AM
Event ID: 40
Task Category: None
Level: Error
Keywords: Service availability
User: LOCAL SERVICE
Computer: fhccxw10mp30077.
Description:
The event logging service encountered an error when attempting to apply one or more policy settings.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
<EventID>40</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000020000</Keywords>
<TimeCreated SystemTime="2022-02-25T12:58:15.862504200Z" />
<EventRecordID>41079</EventRecordID>
<Correlation />
<Execution ProcessID="2568" ThreadID="2840" />
<Channel>System</Channel>
<Computer>fhccxw10mp30077.</Computer>
<Security UserID="S-1-5-19" />
</System>
<UserData>
<ChannelPolicyApplicationError xmlns="http://manifests.microsoft.com/win/2004 ... s/eventlog">
<ErrorCode>5</ErrorCode>
<ChannelPath>Security</ChannelPath>
</ChannelPolicyApplicationError>
</UserData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 2/7/2022 11:17:48 AM
Event ID: 7031
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: WIN10BASE
Description:
The Citrix Desktop Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7031</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-02-07T17:17:48.181232100Z" />
<EventRecordID>40916</EventRecordID>
<Correlation />
<Execution ProcessID="1596" ThreadID="8208" />
<Channel>System</Channel>
<Computer>WIN10BASE</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Citrix Desktop Service</Data>
<Data Name="param2">1</Data>
<Data Name="param3">60000</Data>
<Data Name="param4">1</Data>
<Data Name="param5">Restart the service</Data>
<Binary>420072006F006B00650072004100670065006E0074000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 1/19/2022 10:36:36 AM
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: FHCCXW10MP30077\Citrix
Computer: WIN10BASE
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user WIN10BASE\Citrix SID (S-1-5-21-2038672713-1475193631-3324638967-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-01-19T16:36:36.472134500Z" />
<EventRecordID>40831</EventRecordID>
<Correlation />
<Execution ProcessID="1988" ThreadID="10436" />
<Channel>System</Channel>
<Computer>WIN10BASE</Computer>
<Security UserID="S-1-5-21-2038672713-1475193631-3324638967-1001" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}</Data>
<Data Name="param5">{15C20B67-12E7-4BB6-92BB-7AFF07997402}</Data>
<Data Name="param6">WIN10BASE</Data>
<Data Name="param7">Citrix</Data>
<Data Name="param8">S-1-5-21-2038672713-1475193631-3324638967-1001</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 2/25/2022 7:00:31 AM
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User:
Computer: fhccxw10mp30077.
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user SID (S-1-5-21-220523388-682003330-725345543-20366) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-02-25T13:00:31.130071000Z" />
<EventRecordID>41115</EventRecordID>
<Correlation />
<Execution ProcessID="2040" ThreadID="3940" />
<Channel>System</Channel>
<Computer>fhccxw10mp30077.</Computer>
<Security UserID="S-1-5-21-220523388-682003330-725345543-20366" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}</Data>
<Data Name="param5">{15C20B67-12E7-4BB6-92BB-7AFF07997402}</Data>
<Data Name="param6"></Data>
<Data Name="param7"></Data>
<Data Name="param8">S-1-5-21-220523388-682003330-725345543-20366</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 2/7/2022 11:23:20 AM
Event ID: 7043
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: WIN10BASE
Description:
The Liquidware Labs Command Service service did not shut down properly after receiving a preshutdown control.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7043</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-02-07T17:23:20.373702600Z" />
<EventRecordID>40974</EventRecordID>
<Correlation ActivityID="{32d8492e-1c47-0003-f84c-d832471cd801}" />
<Execution ProcessID="1640" ThreadID="5056" />
<Channel>System</Channel>
<Computer>WIN10BASE</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Liquidware Labs Command Service</Data>
<Binary>500072006F0075004E006500740043006D00640053006500720076006900630065000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 1/19/2022 10:40:14 AM
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: FHCCXW10MP30077\Citrix
Computer: WIN10BASE
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user WIN10BASE\Citrix SID (S-1-5-21-2038672713-1475193631-3324638967-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-01-19T16:40:14.135139900Z" />
<EventRecordID>40832</EventRecordID>
<Correlation />
<Execution ProcessID="1988" ThreadID="8220" />
<Channel>System</Channel>
<Computer>WIN10BASE</Computer>
<Security UserID="S-1-5-21-2038672713-1475193631-3324638967-1001" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}</Data>
<Data Name="param5">{15C20B67-12E7-4BB6-92BB-7AFF07997402}</Data>
<Data Name="param6">WIN10BASE</Data>
<Data Name="param7">Citrix</Data>
<Data Name="param8">S-1-5-21-2038672713-1475193631-3324638967-1001</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 2/25/2022 7:01:09 AM
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic

Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
(S-1-5-21-220523388-682003330-725345543-20366) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-02-25T13:01:09.040733600Z" />
<EventRecordID>41116</EventRecordID>
<Correlation />
<Execution ProcessID="2040" ThreadID="3940" />
<Channel>System</Channel>
<Computer>fhccxw10mp30077.</Computer>
<Security UserID="S-1-5-21-220523388-682003330-725345543-20366" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}</Data>
<Data Name="param5">{15C20B67-12E7-4BB6-92BB-7AFF07997402}</Data>

<Data Name="param8">S-1-5-21-220523388-682003330-725345543-20366</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 2/7/2022 11:23:04 AM
Event ID: 7043
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: WIN10BASE
Description:
The Liquidware Labs Client License Service service did not shut down properly after receiving a preshutdown control.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7043</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-02-07T17:23:04.747254200Z" />
<EventRecordID>40972</EventRecordID>
<Correlation ActivityID="{32d8492e-1c47-0003-f84c-d832471cd801}" />
<Execution ProcessID="1640" ThreadID="5056" />
<Channel>System</Channel>
<Computer>WIN10BASE</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Liquidware Labs Client License Service</Data>
<Binary>500072006F0075004E006500740043006C00690065006E0074004C006900630065006E007300650053006500720076006900630065000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-PnP
Date: 2/7/2022 11:16:24 AM
Event ID: 219
Task Category: (212)
Level: Warning
Keywords:
User: SYSTEM
Computer: WIN10BASE
Description:
The driver \Driver\WUDFRd failed to load for the device PCI\VEN_5853&DEV_1003\1&79f5d87&4&03.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9c205a39-1250-487d-abd7-e831c6290539}" />
<EventID>219</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>212</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-02-07T17:16:24.064595200Z" />
<EventRecordID>40874</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="1036" />
<Channel>System</Channel>
<Computer>WIN10BASE</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriverNameLength">36</Data>
<Data Name="DriverName">PCI\VEN_5853&amp;DEV_1003\1&amp;79f5d87&amp;4&amp;03</Data>
<Data Name="Status">3221226341</Data>
<Data Name="FailureNameLength">14</Data>
<Data Name="FailureName">\Driver\WUDFRd</Data>
<Data Name="Version">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Time-Service
Date: 2/25/2022 6:57:53 AM
Event ID: 134
Task Category: None
Level: Warning
Keywords:
User: LOCAL SERVICE
Computer: fhccxw10mp30077.
Description:
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Time-Service" Guid="{06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb}" />
<EventID>134</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-02-25T12:57:53.171038500Z" />
<EventRecordID>41050</EventRecordID>
<Correlation />
<Execution ProcessID="2284" ThreadID="2608" />
<Channel>System</Channel>
<Computer>fhccxw10mp30077.</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData Name="TMP_EVENT_MANUAL_PEER_DNS_ERROR">
<Data Name="ErrorMessage">No such host is known. (0x80072AF9)</Data>
<Data Name="RetryMinutes">15</Data>
<Data Name="DomainPeer">time.windows.com,0x9</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-PnP
Date: 2/25/2022 6:57:09 AM
Event ID: 219
Task Category: (212)
Level: Warning
Keywords:
User: SYSTEM
Computer: fhccxw10mp30077.
Description:
The driver \Driver\WUDFRd failed to load for the device PCI\VEN_5853&DEV_1003\1&79f5d87&4&03.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9c205a39-1250-487d-abd7-e831c6290539}" />
<EventID>219</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>212</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-02-25T12:57:09.330129700Z" />
<EventRecordID>41013</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="1080" />
<Channel>System</Channel>
<Computer>fhccxw10mp30077.</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriverNameLength">36</Data>
<Data Name="DriverName">PCI\VEN_5853&amp;DEV_1003\1&amp;79f5d87&amp;4&amp;03</Data>
<Data Name="Status">3221226341</Data>
<Data Name="FailureNameLength">14</Data>
<Data Name="FailureName">\Driver\WUDFRd</Data>
<Data Name="Version">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 2/7/2022 11:22:39 AM
Event ID: 1014
Task Category: (1014)
Level: Warning
Keywords: (268435456)
User: NETWORK SERVICE
Computer: WIN10BASE
Description:
Name resolution for the name _ldap._tcp.??K timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1c95126e-7eea-49a9-a3fe-a378b03ddb4d}" />
<EventID>1014</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>1014</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000010000000</Keywords>
<TimeCreated SystemTime="2022-02-07T17:22:39.606889600Z" />
<EventRecordID>40970</EventRecordID>
<Correlation />
<Execution ProcessID="2960" ThreadID="2612" />
<Channel>System</Channel>
<Computer>WIN10BASE</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="QueryName">_ldap._tcp.??K</Data>
<Data Name="AddressLength">128</Data>
<Data Name="Address">020000000A2C81A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Time-Service
Date: 2/25/2022 6:57:51 AM
Event ID: 134
Task Category: None
Level: Warning
Keywords:
User: LOCAL SERVICE
Computer: fhccxw10mp30077.
Description:
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Time-Service" Guid="{06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb}" />
<EventID>134</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-02-25T12:57:51.610260600Z" />
<EventRecordID>41048</EventRecordID>
<Correlation />
<Execution ProcessID="2284" ThreadID="2612" />
<Channel>System</Channel>
<Computer>fhccxw10mp30077.</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData Name="TMP_EVENT_MANUAL_PEER_DNS_ERROR">
<Data Name="ErrorMessage">No such host is known. (0x80072AF9)</Data>
<Data Name="RetryMinutes">15</Data>
<Data Name="DomainPeer">time.windows.com,0x9</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 2/7/2022 11:18:00 AM
Event ID: 1014
Task Category: (1014)
Level: Warning
Keywords: (268435456)
User: NETWORK SERVICE
Computer: WIN10BASE
Description:
Name resolution for the name splunk-data. timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1c95126e-7eea-49a9-a3fe-a378b03ddb4d}" />
<EventID>1014</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>1014</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000010000000</Keywords>
<TimeCreated SystemTime="2022-02-07T17:18:00.586002700Z" />
<EventRecordID>40919</EventRecordID>
<Correlation />
<Execution ProcessID="2600" ThreadID="3236" />
<Channel>System</Channel>
<Computer>WIN10BASE</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="QueryName">splunk-data.</Data>
<Data Name="AddressLength">128</Data>
<Data Name="Address">020000000A2C81A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-PnP
Date: 2/7/2022 11:22:00 AM
Event ID: 219
Task Category: (212)
Level: Warning
Keywords:
User: SYSTEM
Computer: WIN10BASE
Description:
The driver \Driver\WUDFRd failed to load for the device PCI\VEN_5853&DEV_1003\1&79f5d87&4&03.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9c205a39-1250-487d-abd7-e831c6290539}" />
<EventID>219</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>212</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-02-07T17:22:00.424863200Z" />
<EventRecordID>40948</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="664" />
<Channel>System</Channel>
<Computer>WIN10BASE</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriverNameLength">36</Data>
<Data Name="DriverName">PCI\VEN_5853&amp;DEV_1003\1&amp;79f5d87&amp;4&amp;03</Data>
<Data Name="Status">3221226341</Data>
<Data Name="FailureNameLength">14</Data>
<Data Name="FailureName">\Driver\WUDFRd</Data>
<Data Name="Version">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 2/7/2022 11:23:27 AM
Event ID: 1014
Task Category: (1014)
Level: Warning
Keywords: (268435456)
User: NETWORK SERVICE
Computer: fhccxw10mp30077.
Description:
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1c95126e-7eea-49a9-a3fe-a378b03ddb4d}" />
<EventID>1014</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>1014</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000010000000</Keywords>
<TimeCreated SystemTime="2022-02-07T17:23:27.429828500Z" />
<EventRecordID>40986</EventRecordID>
<Correlation />
<Execution ProcessID="2960" ThreadID="2612" />
<Channel>System</Channel>
<Computer>fhccxw10mp30077.</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="QueryName">wpad</Data>
<Data Name="AddressLength">128</Data>
<Data Name="Address">020000000A2C81A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 2/7/2022 11:22:25 AM
Event ID: 1014
Task Category: (1014)
Level: Warning
Keywords: (268435456)
User: NETWORK SERVICE
Computer: WIN10BASE
Description:
Name resolution for the name _ldap._tcp.dc._msdcs.. timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1c95126e-7eea-49a9-a3fe-a378b03ddb4d}" />
<EventID>1014</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>1014</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000010000000</Keywords>
<TimeCreated SystemTime="2022-02-07T17:22:25.130255600Z" />
<EventRecordID>40968</EventRecordID>
<Correlation />
<Execution ProcessID="2960" ThreadID="1556" />
<Channel>System</Channel>
<Computer>WIN10BASE</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="QueryName">_ldap._tcp.dc._msdcs..</Data>
<Data Name="AddressLength">128</Data>
<Data Name="Address">020000000A2C81A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 2/7/2022 11:17:28 AM
Event ID: 1014
Task Category: (1014)
Level: Warning
Keywords: (268435456)
User: NETWORK SERVICE
Computer: WIN10BASE
Description:
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1c95126e-7eea-49a9-a3fe-a378b03ddb4d}" />
<EventID>1014</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>1014</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000010000000</Keywords>
<TimeCreated SystemTime="2022-02-07T17:17:28.485416200Z" />
<EventRecordID>40908</EventRecordID>
<Correlation />
<Execution ProcessID="2600" ThreadID="3200" />
<Channel>System</Channel>
<Computer>WIN10BASE</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="QueryName">wpad</Data>
<Data Name="AddressLength">128</Data>
<Data Name="Address">020000000A2C81A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Data>
</EventData>
</Event>
*IS THIS ERROR HAPPENING NOW? Reply in real-time below.* Hold software providers accountable - we rely on the community to acknowledge the same errors and their workarounds/fixes. Register to search and full board access.
Post Reply