Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [eventviewer]

This tag is for questions about Windows' Event Viewer. Event Viewer is where Windows stores logs generated by the Operating System and certain applications.

This tag is for questions about Windows' Event Viewer and Event Logs. Event Viewer is where Windows stores logs generated by the Operating System and certain applications.

Event Viewer has three primary logging areas:

  • Application
  • Security
  • System

Recent Versions of Windows (Vista and later / Server 2008 and later) have a large number of additional log areas.

Most Windows components (such as services) log to the System log, with notable exceptions being IIS and user-related operations (such as folder redirection at login) which log to the Application log. Programs that you write should log either to their own log areas or to the Application log. The Security log records successful and failed logins.

See also:

202 questions
0
votes
0 answers

Windows event log shows events in the future

One of my Windows server VMs seems to be time travelling without my permission: Screenshot of Windows Event Viewer The text reads: time service was not able to sync the system time since 1601267 seconds (adds up to the ≈ 18 days it jumps into the…
md7
  • 1
  • 2
0
votes
1 answer

Hourly fatal windows alert

On one of my windows server 2012 R2 (going to upgrade), my event logger has been filled with Event ID 36887 A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40. with Source Schannel It occurs…
SILENT
  • 163
  • 1
  • 1
  • 9
0
votes
0 answers

Which process is writing to specific Event Viewer Log

I republished a Windows Service to change the name of the Event Viewer file it logs to. However it continues to use the old log. I see the new one listed under Applications and Services Logs however it is empty. I see the both the new one and the…
Adam
  • 1
0
votes
0 answers

Windows audit "Removable Storage" not generating an event for file deletion

I have a Windows 10 system on which I have enabled removable storage audits (via GPO: Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> Audit Policies -> Object Access -> Audit…
tjlds
  • 3
  • 2
0
votes
1 answer

What controls the timing of the Windows Certificate Services event "Close to expiration" ID 1003?

I have a Windows Server which started logging this warning event 36/37 days before a certificate's expiry date and I would like to understand what controls/sets this timing and how it can be configured. The certificate in question was not…
bchen
  • 3
  • 2
0
votes
2 answers

How can I hide the "Actions" panel / tab / pane in Windows "Event Viewer"?

I want to get rid of the "Actions" panel in the Event Viewer. It doesn't help me. I've made it as small as possible but I just want to hide it.
mnemotronic
  • 131
  • 3
0
votes
1 answer

why chrome.exe and svchost.exe connecting to RDP port 3389 on 127.0.0.1

i noticed in the event viewer that chrome.exe and svchost.exe are connecting to 127.0.0.1 remotely using RDP port 3389 on multiple Pc's . i couldn't figure out why this event happens even though that none of the employee is using chrome remote…
charles nawar
  • 1
  • 1
0
votes
1 answer

Event 4771 (Bad Password Logon) Does not show proper client

We are having issues with frequently locked out accounts. We are having 4771 {Bad Password} events on our main DC. Issue: Within the event, the client machine is not properly shown. Instead another DC is shown as client host name: only in rare…
Julian Bechtold
  • 123
  • 6
0
votes
0 answers

Windows Server 2019 - Audit which human-user who restart a service

Trying to audit which AD-user who actually restart a service on a particular service. The service (MyService) is using a serviceaccount to run and get access to different resources. I want to audit when my user or any actual human user manually…
TheSwede86
  • 21
  • 3
0
votes
1 answer

My windows Task Schdulrer is raising this error "0xE0434352"

I have windows server 2012 R2, and i have some tasks inside Windows Task scheduler which use to work well, but yesterday they start to return this error 0xE0434352, as follow:- I checked the Event Viewer logs and i found this error:- Faulting…
test test
  • 1
  • 12
0
votes
1 answer

Windows System, Application logs vs. "Applications and Services" logs in Event Viewer

Do Error and Warning events from the Microsoft "Applications and Services Logs" get sent to the Windows Application and/or System logs? For example, if AppHost generated an Error event, would it show up in Application and/or System? Is there a…
public wireless
  • 113
  • 3
0
votes
1 answer

EVENTID 4648. Mismatch ,Subject (Standard User), CredentialsUsed (Admin), Target(Localhost)

In the Event ID 4648, The subject's Account Name is the "Standard user". But under the credentials used section, the account name is of the "Administrator" and the Target Server is "LocalHost"and Account Domain is same as well. How is this possible?…
Akhil Abraham
  • 1
  • 1
-1
votes
1 answer

EventViewer Error "local computer may not have the necessary registry"

I am trying to review event viewer logs that was archived from another Server. When accessed, the events are listed properly, but details of each event give the following error: The description for Event ID .... in Source…
Karim Z.
  • 19
  • 1
  • 2
-1
votes
2 answers

Group Policy to enable file audit

What am I missing here? I'm trying to enable file auditing so I can see who deleted a file via security logs in event viewer. I created the below group policy Computer Configuration > Windows Settings > Local Policies/Audit Policy > Audit Object…
selachka
  • 1
  • 1
  • 4
-1
votes
1 answer

Hard disk failure or about to fail Intel RST software RAID-1 volume event log

If any one of the two Hardisk of Intel rapid Storage Technology(IRST) Software RAID-1 is about to fail or already failed, then what event will write in event viewer log and what is the Event ID for that.
Shashi
  • 1
  • 1
  • 1
1 2 3
13
14