Windows Event Logs 3

Find it. Solve it.
Post Reply
thaterrormessage
Site Admin
Posts: 7243
Joined: Tue Jul 14, 2020 3:21 pm

Windows Event Logs 3

Post by thaterrormessage »

Log Name: System
Source: Schannel
Date: 12/15/2021 5:48:26 AM
Event ID: 36874
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: FHCWBGENMP02.
Description:
An TLS 1.1 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
<EventID>36874</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2021-12-15T11:48:26.144275300Z" />
<EventRecordID>1516634</EventRecordID>
<Correlation />
<Execution ProcessID="620" ThreadID="1040" />
<Channel>System</Channel>
<Computer>FHCWBGENMP02.</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Protocol">TLS 1.1</Data>
</EventData>
</Event>

Log Name: System
Source: Schannel
Date: 12/15/2021 5:48:26 AM
Event ID: 36888
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: FHCWBGENMP02.
Description:
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
<EventID>36888</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2021-12-15T11:48:26.054429700Z" />
<EventRecordID>1516633</EventRecordID>
<Correlation />
<Execution ProcessID="620" ThreadID="1040" />
<Channel>System</Channel>
<Computer>FHCWBGENMP02.</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="AlertDesc">40</Data>
<Data Name="ErrorState">1205</Data>
</EventData>
</Event>

Log Name: System
Source: Schannel
Date: 12/15/2021 5:48:26 AM
Event ID: 36874
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: FHCWBGENMP02.
Description:
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
<EventID>36874</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2021-12-15T11:48:26.054429700Z" />
<EventRecordID>1516632</EventRecordID>
<Correlation />
<Execution ProcessID="620" ThreadID="1040" />
<Channel>System</Channel>
<Computer>FHCWBGENMP02.</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Protocol">TLS 1.0</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 12/15/2021 5:55:06 AM
Event ID: 7031
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: FHCWBGENMP02.
Description:
The Network List Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7031</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2021-12-15T11:55:06.453132000Z" />
<EventRecordID>1516658</EventRecordID>
<Correlation />
<Execution ProcessID="612" ThreadID="3636" />
<Channel>System</Channel>
<Computer>FHCWBGENMP02.</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Network List Service</Data>
<Data Name="param2">1</Data>
<Data Name="param3">100</Data>
<Data Name="param4">1</Data>
<Data Name="param5">Restart the service</Data>
<Binary>6E0065007400700072006F0066006D000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 12/15/2021 5:55:06 AM
Event ID: 7031
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: FHCWBGENMP02.
Description:
The Windows Font Cache Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7031</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2021-12-15T11:55:06.453132000Z" />
<EventRecordID>1516657</EventRecordID>
<Correlation />
<Execution ProcessID="612" ThreadID="3636" />
<Channel>System</Channel>
<Computer>FHCWBGENMP02.</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Windows Font Cache Service</Data>
<Data Name="param2">1</Data>
<Data Name="param3">60000</Data>
<Data Name="param4">1</Data>
<Data Name="param5">Restart the service</Data>
<Binary>46006F006E007400430061006300680065000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 12/15/2021 5:55:06 AM
Event ID: 7031
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: FHCWBGENMP02.
Description:
The COM+ Event System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7031</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2021-12-15T11:55:06.453132000Z" />
<EventRecordID>1516656</EventRecordID>
<Correlation />
<Execution ProcessID="612" ThreadID="3636" />
<Channel>System</Channel>
<Computer>FHCWBGENMP02.</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">COM+ Event System</Data>
<Data Name="param2">1</Data>
<Data Name="param3">1000</Data>
<Data Name="param4">1</Data>
<Data Name="param5">Restart the service</Data>
<Binary>4500760065006E007400530079007300740065006D000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 12/15/2021 5:53:55 AM
Event ID: 10036
Task Category: None
Level: Error
Keywords: Classic

Computer: FHCWBGENMP02.
Description:
The server-side authentication level policy does not allow the user\SID (S-1-5-21-220523388-682003330-725345543-32684) from address 10.40.131.252 to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10036</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2021-12-15T11:53:55.935965600Z" />
<EventRecordID>1516653</EventRecordID>
<Correlation />
<Execution ProcessID="724" ThreadID="4072" />
<Channel>System</Channel>
<Computer>FHCWBGENMP02.</Computer>
<Security UserID="S-1-5-21-220523388-682003330-725345543-32684" />
</System>
<EventData>
<Data Name="Domain Name"></Data>
<Data Name="User Name"></Data>
<Data Name="SID">S-1-5-21-220523388-682003330-725345543-32684</Data>
<Data Name="Client IP Address">10.40.131.252</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 12/15/2021 5:49:55 AM
Event ID: 10036
Task Category: None
Level: Error
Keywords: Classic
User:
Computer: FHCWBGENMP02.
Description:
The server-side authentication level policy does not allow the user\SID (S-1-5-21-220523388-682003330-725345543-32684) from address 10.40.131.252 to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10036</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2021-12-15T11:49:55.953574400Z" />
<EventRecordID>1516650</EventRecordID>
<Correlation />
<Execution ProcessID="724" ThreadID="5736" />
<Channel>System</Channel>
<Computer>FHCWBGENMP02.</Computer>
<Security UserID="S-1-5-21-220523388-682003330-725345543-32684" />
</System>
<EventData>
<Data Name="Domain Name"></Data>
<Data Name="User Name"></Data>
<Data Name="SID">S-1-5-21-220523388-682003330-725345543-32684</Data>
<Data Name="Client IP Address">10.40.131.252</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 2/20/2022 11:27:32 PM
Event ID: 7031
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: FHCWBGENMP02.
Description:
The Windows Font Cache Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7031</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-02-21T05:27:32.495720900Z" />
<EventRecordID>1561507</EventRecordID>
<Correlation />
<Execution ProcessID="600" ThreadID="4264" />
<Channel>System</Channel>
<Computer>FHCWBGENMP02.</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Windows Font Cache Service</Data>
<Data Name="param2">1</Data>
<Data Name="param3">60000</Data>
<Data Name="param4">1</Data>
<Data Name="param5">Restart the service</Data>
<Binary>46006F006E007400430061006300680065000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-WAS
Date: 1/22/2022 11:01:49 PM
Event ID: 5059
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: FHCWBGENMP02.
Description:
Application pool MarketDataLinks has been disabled. Windows Process Activation Service (WAS) encountered a failure when it started a worker process to serve the application pool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WAS" Guid="{524B5D04-133C-4A62-8362-64E8EDB9CE40}" EventSourceName="WAS" />
<EventID Qualifiers="49152">5059</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-01-23T05:01:49.000000000Z" />
<EventRecordID>1542169</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>FHCWBGENMP02.</Computer>
<Security />
</System>
<EventData>
<Data Name="AppPoolID">MarketDataLinks</Data>
<Binary>
</Binary>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 2/13/2022 11:34:02 PM
Event ID: 7032
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: FHCWBGENMP02.
Description:
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error:
An instance of the service is already running.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7032</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-02-14T05:34:02.697805200Z" />
<EventRecordID>1556919</EventRecordID>
<Correlation />
<Execution ProcessID="600" ThreadID="1412" />
<Channel>System</Channel>
<Computer>FHCWBGENMP02.</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">1</Data>
<Data Name="param2">Restart the service</Data>
<Data Name="param3">Network Store Interface Service</Data>
<Data Name="param4">%%1056</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Directory-Services-SAM
Date: 7/29/2021 9:21:39 PM
Event ID: 16969
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: FHCWBGENMP02.
Description:
1 remote calls to the SAM database have been denied in the past 900 seconds throttling window.
For more information please see http://go.microsoft.com/fwlink/?LinkId=787651.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Directory-Services-SAM" Guid="{0D4FDC09-8C27-494A-BDA0-505E4FD8ADAE}" />
<EventID>16969</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2021-07-30T02:21:39.439076600Z" />
<EventRecordID>1427578</EventRecordID>
<Correlation />
<Execution ProcessID="604" ThreadID="4696" />
<Channel>System</Channel>
<Computer>FHCWBGENMP02.</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="SAMMSG_REMOTE_SAM_SUPPRESSED_MESSAGE_COUNTER">
<Data Name="Throttle window:">900</Data>
<Data Name="Suppressed Message Count:">1</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Directory-Services-SAM
Date: 1/6/2022 1:30:26 PM
Event ID: 16969
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: FHCWBGENMP02.
Description:
3 remote calls to the SAM database have been denied in the past 900 seconds throttling window.
For more information please see http://go.microsoft.com/fwlink/?LinkId=787651.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Directory-Services-SAM" Guid="{0D4FDC09-8C27-494A-BDA0-505E4FD8ADAE}" />
<EventID>16969</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-01-06T19:30:26.073630900Z" />
<EventRecordID>1531462</EventRecordID>
<Correlation />
<Execution ProcessID="620" ThreadID="648" />
<Channel>System</Channel>
<Computer>FHCWBGENMP02.</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="SAMMSG_REMOTE_SAM_SUPPRESSED_MESSAGE_COUNTER">
<Data Name="Throttle window:">900</Data>
<Data Name="Suppressed Message Count:">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Directory-Services-SAM
Date: 7/30/2021 12:51:39 AM
Event ID: 16969
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: FHCWBGENMP02.
Description:
1 remote calls to the SAM database have been denied in the past 900 seconds throttling window.
For more information please see http://go.microsoft.com/fwlink/?LinkId=787651.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Directory-Services-SAM" Guid="{0D4FDC09-8C27-494A-BDA0-505E4FD8ADAE}" />
<EventID>16969</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2021-07-30T05:51:39.507923000Z" />
<EventRecordID>1427677</EventRecordID>
<Correlation />
<Execution ProcessID="604" ThreadID="640" />
<Channel>System</Channel>
<Computer>FHCWBGENMP02.</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="SAMMSG_REMOTE_SAM_SUPPRESSED_MESSAGE_COUNTER">
<Data Name="Throttle window:">900</Data>
<Data Name="Suppressed Message Count:">1</Data>
</EventData>
</Event>

Log Name: System
Source: LsaSrv
Date: 7/26/2021 4:23:12 AM
Event ID: 40968
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: FHCWBGENMP02.
Description:
The Security System has received an authentication request that could not be decoded. The request has failed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="LsaSrv" Guid="{199FE037-2B82-40A9-82AC-E1D46C792B99}" />
<EventID>40968</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2021-07-26T09:23:12.323374100Z" />
<EventRecordID>1425143</EventRecordID>
<Correlation />
<Execution ProcessID="604" ThreadID="4624" />
<Channel>System</Channel>
<Computer>FHCWBGENMP02.</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: LsaSrv
Date: 7/28/2021 7:06:59 AM
Event ID: 40968
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: FHCWBGENMP02.
Description:
The Security System has received an authentication request that could not be decoded. The request has failed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="LsaSrv" Guid="{199FE037-2B82-40A9-82AC-E1D46C792B99}" />
<EventID>40968</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2021-07-28T12:06:59.720955500Z" />
<EventRecordID>1426513</EventRecordID>
<Correlation />
<Execution ProcessID="604" ThreadID="2812" />
<Channel>System</Channel>
<Computer>FHCWBGENMP02.</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
</EventData>
</Event>
*IS THIS ERROR HAPPENING NOW? Reply in real-time below.* Hold software providers accountable - we rely on the community to acknowledge the same errors and their workarounds/fixes. Register to search and full board access.
Top
Post Reply

Return to “Latest”