Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1003

Source
102
Level
Error
Description
Error code 000000d1, parameter1 00000012, parameter2 00000002, parameter3 00000000, parameter4 00000012.
Source
Active Directory
Level
Error
Description
The Windows Directory Service database could not be initialized and returned error <error code>. Unrecoverable error, the directory can't continue.
Source
APCPBEAgent
Level
Information
Description
Utility Power Restored.
Source
ASP.NET 1.0.3705.0
Level
Error
Description
aspnet_wp.exe  (PID: <ID>) was recycled because it was suspected to be in a deadlocked state. It did not send any responses for pending requests in the last 180 seconds.
Source
ASP.NET 1.0.3705.288
Level
Error
Description
aspnet_wp.exe (PID: <value>) was recycled because it was suspected to be in a deadlocked state. It did not send any responses for pending requests in the last 180 seconds.
Source
ASP.NET 1.1.4322.0
Level
Error
Description
aspnet_wp.exe  (PID: <PID>) was recycled because it was suspected to be in a deadlocked state. It did not send any responses for pending requests in the last 180 seconds. This timeout may be adjusted  using the <processModel responseDeadlockInterval> setting in machine.config.
Source
ASP.NET 2.0.50727.0
Level
Error
Description
aspnet_wp.exe  (PID: <PID>) was recycled because it was suspected to be in a deadlocked state. It did not send any responses for pending requests in the last 180 seconds. This timeout may be adjusted using the <processModel responseDeadlockInterval> setting in machine.config.
Source
AvExchlnstall
Level
Error
Description
The description for Event ID (1003) in source (AvExchlnstall) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer.
Source
BINLSVC
Level
Information
Description
The BINL service successfully read its settings from the directory service.
Source
DHCP
Level
Warning
Description
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address <MAC address>. The following error occurred:
<error description>. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server."
Source
DHCP
Level
Error
Description
DHCP failed to obtain a lease for the card with network address <adapter address>.
Source
DhcpServer
Level
Error
Description
The DHCP server failed to register its registry data. The following error occourred: The system cannot find the path specified.
Source
EvntAgnt
Level
Warning
Description
TraceFileName parameter not located in registry; Default trace file used is .
Source
IISInfoCtrs
Level
Error
Description
Unable to query the IIS Info service performance data. The error code returned by the service is data DWORD 0.
Source
ISCT Agent
Level
Error
Description
1. Message:  CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect status = 0x2

2. Message:  CAgentState::UpdateSASD   Failed to set the sleep time error=0

2. Message:  CISCTPnpDriverApi::SetBIOSWakeTime   *****IOCTL_ISCT_SASD(SASD) Failed Error=0x2
Source
MetaframeEvents
Level
Error
Description
Error 997: Overlapped I/O operation is in progress.
Source
Microsoft Office 11
Level
Error
Description
Hanging application <application> version <version> stamp <stamp> hanging module <module> version <version> stamp <stamp> debug <value> hang address <address>.
Source
Microsoft Search
Level
Information
Description
The Search service has started.
Source
Microsoft-Windows-CertificateServicesClient
Level
Warning
Description
Certificate Services Client failed to invoke the Providers in response to event 512. Error code 2147956401.
Source
Microsoft-Windows-Diagnosis-PLA
Level
Error
Description
Data collector set <set name> started as <set name>.
Source
Microsoft-Windows-Perflib
Level
Error
Description
The object length of an object returned by Extensible Counter DLL "C:\Windows\system32\wbem\wmiaprpl.dll" for the "WmiApRpl" service was not correct. The sum of the object lengths returned did not match the size of the buffer returned.  The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the count of objects.
Source
Microsoft-Windows-Security-SPP
Level
Information
Description
The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 2077f0b2-b2e2-43c5-a3b2-2079d527f56a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
2: 2b117cfd-aed1-475e-b68f-d0c06ca9c4e8, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
3: 7f99509a-a8af-4839-a031-f36adc209a57, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
4: ae3800b9-bb05-4a4c-9d5e-1e25cd26975f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
5: bfb30674-7c9a-4624-9309-9914cfd5b05c, 1, 1 [(0 [0x00000000, 1, 0], [(?)(?)( 1 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)( 7 0x00000000 2010/06/01)(?)(?)])(1 )(2 )]
6: e07989ff-9cc4-450c-8a0c-ffe9f7bfa57d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
7: e5903ef0-5584-484f-9e33-c1dc48ed160c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
8: f792792d-4d26-43f3-a568-8e0d98cd622c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
9: 18579d00-6c51-4907-a16e-3ba4aa9ba6f7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
10: afd5f68f-b70f-4000-a21d-28dbc8be8b07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
11: fd8f859a-bb37-4928-bec1-2e7a2e8d9e4b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
Source
MSExchangeCluster
Level
Error
Description
Exchange System Attendant: Failed to bring the resource online.
Source
MSExchangeDS
Level
Information
Description
The Directory was shut down successfully.
Source
MSExchangeIS
Level
Error
Description
The disk is full. Attempting to stop the Microsoft Exchange Information Store service.
Source
MSExchangeMU
Level
Information
Description
Metabase Update agent exiting. For more information, click http://www.microsoft.com/contentredirect.asp.
Source
NfsSvr
Level
Warning
Description
Mapping information could not be obtained from Username mapping. Another attempt will be made after 30 minutes.
Source
NTDS General
Level
Error
Description
The Windows Directory Services database cannot be initialized and returned error <error code>. Unrecoverable error, the directory can't continue.
Source
Office Software Protection Platform Service
Level
Information
Description
The Software Protection service has completed licensing status check.
Application Id=59a52881-a989-479d-af46-f275c6370663
Licensing Status=
1: 0248c7a3-0740-4aa9-b4e2-9d51d8b13528 1 0 [(0 [0xC004F014 0 0] [()()()()()()])(1 )(2 )]
2: 0aebdf46-4084-4c03-b276-72e473b1b4b0 1 0 [(0 [0xC004F014 0 0] [()()()()()()])(1 )(2 )]
3: 175d1eed-a58e-4ca6-a712-56c9a5fc2c21 1 0 [(0 [0xC004F014 0 0] [()()()()()()])(1 )(2 )]
4: 35cb890a-91eb-4acc-8c22-c1f4443af630 1 0 [(0 [0xC004F014 0 0] [()()()()()()])(1 )(2 )]
5: 4631a3f9-6cb5-41fa-9c09-3a56f5964702 1 0 [(0 [0xC004F014 0 0] [()()()()()()])(1 )(2 )]
6: 46c05e2d-6280-47bf-9d18-3e8e9a5231e1 1 0 [(0 [0xC004F014 0 0] [()()()()()()])(1 )(2 )]
7: 6c162e12-c502-4abf-8c26-f38668409172 1 0 [(0 [0xC004F014 0 0] [()()()()()()])(1 )(2 )]
8: 714bf8ed-0082-48c7-b135-77640026d026 1 0 [(0 [0xC004F014 0 0] [()()()()()()])(1 )(2 )]
9: 72381d02-e871-4f37-b3e6-0ee15333035c 1 0 [(0 [0xC004F014 0 0] [()()()()()()])(1 )(2 )]
10: 8c0d01dc-9002-4e6e-ae6f-dc240ccca1f8 1 0 [(0 [0xC004F014 0 0] [()()()()()()])(1 )(2 )]
11: 8c8cd357-b14e-4a71-a3b0-0c29c75e9a01 1 0 [(0 [0xC004F014 0 0] [()()()()()()])(1 )(2 )]
12: 8c9cebbb-6624-456e-bcfa-07c6b05e7d36 1 0 [(0 [0xC004F014 0 0] [()()()()()()])(1 )(2 )]
13: 8dd1b467-f97b-493e-8df3-ba3113c9e6cc 1 0 [(0 [0xC004F014 0 0] [()()()()()()])(1 )(2 )]
14: 8fd365e7-a2d0-4275-986a-aab64f264a57 1 0 [(0 [0xC004F014 0 0] [()()()()()()])(1 )(2 )]
15: a2aec78f-6912-491b-8c0e-3dc93986e93c 1 0 [(0 [0xC004F014 0 0] [()()()()()()])(1 )(2 )]
16: b101f5b5-c65c-4d09-bbce-c163ef8e1667 1 0 [(0 [0xC004F014 0 0] [()()()()()()])(1 )(2 )]
17: b331c8cf-25ed-44cf-8bb8-c0df920754e1 1 0 [(0 [0xC004F014 0 0] [()()()()()()])(1 )(2 )]
18: bf4eb0e8-5584-4d21-82d0-cde414724942 1 0 [(0 [0xC004F014 0 0] [()()()()()()])(1 )(2 )]
19: cec08034-a389-449b-a77a-b6e108825347 1 0 [(0 [0xC004F014 0 0] [()()()()()()])(1 )(2 )]
20: cff38370-227d-48d1-afc5-3ccb502454f4 1 0 [(0 [0xC004F014 0 0] [()()()()()()])(1 )(2 )]
21: dac1d6e7-3d5b-426d-86dd-d523feb5725f 1 0 [(0 [0xC004F014 0 0] [()()()()()()])(1 )(2 )]
22: dda35b34-c94b-4622-9727-6f33109b9e0c 1 0 [(0 [0xC004F014 0 0] [()()()()()()])(1 )(2 )]
23: e705662b-3b8b-482e-8efd-a40b97447514 1 1 [(0 [0x00000000 1 0] [()()( 1 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)( 7 0x00000000 2010/10/31)()()])(1 )(2 )]
24: ef671765-fe3f-4836-b046-43ab4e23dc03 1 0 [(0 [0xC004F014 0 0] [()()()()()()])(1 )(2 )]
Source
PLA
Level
Information
Description
Data collector set <set name> started as <set name>.
Source
SceCli
Level
Error
Description
Policy change from LSA/SAM can't be saved in the policy storage. Error <error code> to save policy change in the local GPO database.
Source
scesrv
Level
Error
Description
Policy change from LSA/SAM can't be saved in the policy storage. Error <error number> to save policy change in the default GPOs. For more debugging information, please look security\logs\scepol.log under Windows root.
Source
Shadow Session
Level
Error
Description
Error 997: Overlapped I/O operation in progress.
Source
SNMP
Level
Information
Description
The SNMP Service has stopped successfully.
Source
System
Level
Error
Description
Error code <error code>, parameter1 <value>, parameter2 <value>, parameter3 <value>, parameter4 <value>.
Source
System Error
Level
Error
Description
Error code <error code>, parameter1 <value>, parameter2 <value>, parameter3 <value>, parameter4 <value>.
Source
TermService
Level
Information
Description
The terminal service client has provided an invalid license.
Source
TermServJet
Level
Error
Description
Session Directory server name <name> is invalid.
Source
TWPOPUP.DLL
Level
Error
Description
The description for Event ID ( 1003 ) in Source ( TWPOPUP.DLL ) could not be found. It contains the following insertion string(s): The following requested video mode was not available:  800 x 552 x 16 BPP
The video mode has been set to the following mode:  800 x 552 x 8 BPP

License not installed for requested video mode.
Source
UPS
Level
Warning
Description
Unable to communicate with UPS.
Source
Userenv
Level
Error
Description
Windows cannot process Group Policy Client Side Extension (Folder Redirection). Exception <error code>.
Source
Volume Shadow Copy Service Task
Level
Error
Description
The task associated with resource '<resource>' couldn't be deleted. You will need to delete it manually by removing it from the Scheduled Tasks folder. The associated error code is stored in the data section.
Source
w3ctrs
Level
Error
Description
Unable to query the W3SVC (HTTP) service performance data. The error code returned by the service is data DWORD 0.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...