Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [windows-event-log]

"Event log" usually refers to the system/server logs on Microsoft Windows machines.

"Event log" usually refers to the system/server logs on Microsoft Windows machines.

617 questions
3
votes
1 answer

Not seeing IIS related messages in Event Log

We've got a problem with a web service that we think is causing the app pool to restart itself but we're not seeing a message in the event log. This raises the question of whether or not our hypothesis is correct. So two questions…
ShaneC
  • 221
  • 4
  • 9
3
votes
1 answer

Using Powershell, compare the TimeCreated values of two events and take action if one is older than the other

I've created my own event log called ScriptEvents that I use a few scripts to write to. What I'd like to do is run these commands (or something equivalent): Get-WinEvent -FilterHashtable @{logname='ScriptEvents'; id=1} -MaxEvents 1 Get-WinEvent…
JeffHarbert
  • 75
  • 8
3
votes
1 answer

I need an XPath query to view all events in the Windows event log (custom view)

In Windows powershell you can type get-winevents without any parameters and it will dump all events. I would like access to all events in the event viewer using a custom view. I can of course just check off everything but this results in an xml…
test
  • 317
  • 1
  • 3
  • 7
3
votes
2 answers

What's this odd logon failure I see every day?

I'm having something weird happen on a Windows Server 2008 R2 server. Every day at exactly 9:00 PM, an Audit Failure is registered in Event Viewer, saying that an account failed to log on for reason "Unknown user name or bad password.". The weird…
Micha
  • 250
  • 3
  • 8
3
votes
2 answers

Event 34 on Windows 2008 R2 write cache and sysvol on system drive

I have Windows Server 2008 R2 running as Active Directory Primary Domain Controller. Since our domain is not large, I put the SYSVOL and NTDS folders in the default location on the system drive (SSD in a software RAID 1). I now get the 34 event…
user170182
  • 31
  • 1
3
votes
1 answer

security_error_ring_buffer_recorded in system health log - what does it mean?

Our company is running a few servers for a couple of websites. The server are running Windows Server 2012 and for databases we have MS SQL Server 2012. Today I was checking the log files located in: "C:\Program Files\Microsoft SQL…
Levi
  • 185
  • 1
  • 2
  • 9
3
votes
2 answers

Is there a way to search all the event-logs on a LAN for a specifc event?

Is there a way to search all the event-logs on a LAN for a specifc event?
cagcowboy
  • 1,072
  • 1
  • 14
  • 21
3
votes
5 answers

System State Backups using NTbackup fail with error 0x800423f4 (relating to volume shadow copy)

We have a Windows Server 2003 R2 running Service Pack 2. It is a domain controller (Global Catalog) and our main internal DNS server. We run a System State backup of the machine to back up Active Directory information and save the backup to a…
Paul Zimmerman
  • 66
  • 1
  • 1
  • 5
3
votes
2 answers

What log messages do I need to look for that indicate the start of a log-off in Windows Event Viewer?

Is there an Info message in Windows Event viewer that indicates the start of a log off? I'm trying to spot errors and warnings as a user logs off.
leeand00
  • 4,869
  • 15
  • 69
  • 110
3
votes
1 answer

Audit when users log on and off servers

We have contractors periodically remoting into our production servers and goodness know what changes that they could potentially make. So What can I use to log when users log on or off a server(s)? Windows Server 2003 AD Domain
Jake
  • 2,268
  • 5
  • 30
  • 40
3
votes
2 answers

Event ID 6009: is this event triggered only when a user-initiated shutdown has occurred?

Like the title says. From what I've briefly read, 6009 occurs when CTRL-ALT-DEL or Start > Shutdown is initiated by a user. If a shutdown sequence is initiated by SYSTEM for example, would this event also be logged?
gravyface
  • 13,957
  • 19
  • 68
  • 100
3
votes
1 answer

Save and clear eventlogs

I am looking for ideas on how to save and clear event logs on multiple servers through use of a script. There used to be a tool for Windows Server 2000 called "Eventlog.pl" that could save and clear event logs remotely. I haven't found anything…
Jake
  • 2,268
  • 5
  • 30
  • 40
3
votes
8 answers

How to track down the cause of Windows Server 2008 crashing?

I have Windows Server 2008 running under VMware. Recently, its started to crash roughly every day, with continuous 100% CPU utilization, and no response in the GUI. Is there a step-by-step technique to track down the source of this problem? What…
Contango
  • 1,150
  • 5
  • 15
  • 31
3
votes
2 answers

Can not see entries in Application Log in Event Viewer

Last week our Application Log appeared to be corrupt. Event Viewer said the log was 20MB, and had 18,446,744,073,709,550,735 (0.000000000008674 bits each) records (which can not possibly be true), and mmc would crash whenever we tried to view the…
yakatz
  • 1,213
  • 4
  • 12
  • 35
3
votes
1 answer

Event ID 8021 The browser was unable to retrieve a list of servers from the browser master

We have a LAN where workstations are randomly losing network connectivity for brief moments of time. The workstations can also take a long time to login to the domain. During our troubleshooting we have found an error log on a few Windows 7…
Ash
  • 485
  • 9
  • 18
  • 28
1 2 3
41 42