Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [eventviewer]

This tag is for questions about Windows' Event Viewer. Event Viewer is where Windows stores logs generated by the Operating System and certain applications.

This tag is for questions about Windows' Event Viewer and Event Logs. Event Viewer is where Windows stores logs generated by the Operating System and certain applications.

Event Viewer has three primary logging areas:

  • Application
  • Security
  • System

Recent Versions of Windows (Vista and later / Server 2008 and later) have a large number of additional log areas.

Most Windows components (such as services) log to the System log, with notable exceptions being IIS and user-related operations (such as folder redirection at login) which log to the Application log. Programs that you write should log either to their own log areas or to the Application log. The Security log records successful and failed logins.

See also:

202 questions
2
votes
1 answer

Discrepancy between Event Log taken from Powershell and with Event Log Viewer

Domain Controller OS - Window Server 2008 R2 Please see the First PrintScreen attached (Powershell.png). with the help of Powershell command I am trying to check the event Log of my DC. Please note the Red Rectangle Colour Box. Failure Reason:…
Param
  • 1,357
  • 14
  • 36
  • 52
2
votes
1 answer

Deleted a CA improperly and receiving a 10009 Event ID error

The basic run down is I didn't know what I was doing and I deleted a CA I stood up but I couldn't get to work properly. I know dumb. But that being said not much I can do about it now. I went through and attempted to remove all parts of it from AD…
Tim Murphy
  • 21
  • 2
2
votes
1 answer

Mrxsmb (Event 8003) brings down the Network

There a domain with Windows SBS 2003 as the DC. At regular intervals, I am faced with the Mrxsmb (Event 8003) error which brings down the network. We have to other Windows SBS 2003 servers on the network, one of which was causing this. I have…
rahuL
  • 692
  • 3
  • 12
  • 31
2
votes
4 answers

Is it possible to filter out (remove) a single Event ID from the Event Viewer?

Let's say I want to remove a single event from the view so I can view the rest. How do I accomplish this? This is on a Server 2003 R2 box.
Bigbio2002
  • 2,823
  • 12
  • 35
  • 54
2
votes
1 answer

Export from Saved system log

Using powershell, is there any way we can export system event logs from a saved system event log file (*.evt). Get-Eventlog does not recognize the "-logname "Saved system log"". Any ideas ?
whizkid
  • 355
  • 1
  • 4
  • 16
2
votes
1 answer

What could cause local folders in a Windows 2008 DFS replication group to randomly obtain system and hidden attributes

We have a Windows 2008 server (not R2) acting as a primary file source in a DFS replication group with a single other server that happens to be Windows Storage Server 2008. All is well in terms of 2-way replication. What we cannot explain is how…
Chris Klose
  • 21
  • 2
2
votes
0 answers

Why are the results of a chkdsk scan on drive C: not showing in the event viewer, but chkdsk results for N: are?

On a Server 2008 R2 member server I schedule chkdsk to check drives C: and N:. Only the results for the N: drive are seen in event viewer. In previous Windows Servers, chkdsk results for drive C: appeared in event viewer. Is that still the case or…
rjt
  • 578
  • 6
  • 26
2
votes
1 answer

Why is the user name "N/A" for most of the event log entries? How to get it filled in?

In my code, if something terribly goes wrong, I write something in the event log (using the ReportEvent function). For those entries, I get a user-id in the event log entry (5th argument of ReportEvent functions). For lots of other entries (from…
Patrick
  • 217
  • 3
  • 8
2
votes
2 answers

What are the codes at the end of some Event Viewer messages?

I am trying to find the cause of some errors in the Windows Event Log I get after a crash. At the end there are two codes. Example: NET Runtime version 2.0.50727.1433 - Fatal Execution Engine Error (7A097772) (80131506) What are these? The crash…
erik
  • 121
  • 3
2
votes
0 answers

Event ID for moving a file folder in Server 2003 R2

We had a file folder moved in our system last night, causing a ripple effect throughout our network, changing file paths and basically messing up our documents. We are doing an audit on the server logs to look for the time and user that moved the…
Kernel Panic
  • 291
  • 2
  • 8
  • 19
2
votes
2 answers

Event 4098, 0x80070533 Logon failure: account currently disabled?

Having started to upgrade our PCs to Windows 7 we have noticed that we are getting group policy warnings in Event Viewer such as: "The user 'Word.qat' preference item in the 'a_Office2007_Users {A084A37B-6D4C-41C0-8AF7-B891B87FC53B}' Group Policy…
Windos
  • 361
  • 3
  • 7
2
votes
1 answer

RDP connection has the source IP of the host server

I came across an event on one of my windows servers, Machine ABC has a successful incoming RDP connection from 192.168.0.16, But the IP of machine ABC is 192.168.0.16. Is it even possible that a machine can RDP into itself? Any leads as to how this…
Sachin
  • 31
  • 1
2
votes
1 answer

What time zone does windows event logs show

I have a doubt on the time zone shown in the windows event logs. I had read that if I export the windows event logs from another machine and open it in my machine which has a different time zone, the timings of the events will be converted to my…
user496934
  • 187
  • 7
1
vote
0 answers

Prevent Anonymous logons on windows-server 2016

I can't figure out how to entirely disable anonymous logon on Windows Server 2016 which is not a domain controller (regular instance). With the settings currently set I'm truly surprised to see such logons come through which stands opposite to…
Vega4
  • 131
  • 6
1
vote
1 answer

Can't Find Failed Authentication in Event Viewer

I'm trying to gather failed login/authentication events from DC's on a 2016 Domain. I can see 4625 Audit Failure events in the Security Logs on the Domain Controllers when a user fails to login at the log on screen. When I try to run an application…
Kraken
  • 13
  • 1
  • 3
1 2 3
13 14