Service Control Manager

The Microsoft Exchange Routing Engine service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

Service Control Manager

The Microsoft Exchange Information Store service terminated with service-specific error 0 (0x0).

Service Control Manager

The PfModNT service failed to start due to the following error:
The system cannot find the file specified.

Service Control Manager

The ServiceABC service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 0 milliseconds: No action.

LicenseService

Replication of license information failed because the License Logging Service on server <Server> could not be contacted.

LicenseService

Replication of license information failed because the License Logging Service on server <PDC servername> could not be contacted.

Removable Storage Service

RSM could not load media in drive Drive 0 of library Iomega RRD2.

Service Control Manager

The ABC service was unable to log on as DOMAIN\service.account with the currently configured password due to the following error:
Logon failure: unknown user name or bad password.

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

.NET Runtime Optimization Service

.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: Microsoft.ReportingServices.QueryDesigners, Version=9.0.242.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91 . Error code = 0x80070002

Service Control Manager

The APC UPS Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Windows SharePoint Services 3

Timer

The Execute method of job definition Microsoft.Office.Server.Administration.ApplicationServerAdministrationServiceJob (ID 693fe0b2-6c9f-47bf-9d1a-c6a2aa7cd3c3) threw an exception. More information is included below.

Attempted to read or write protected memory. This is often an indication that other memory is corrupt.

NtServicePack

Windows XP Service Pack 3 installation failed.
Access is denied.

VWServicesPA

Source: Process AnalyzerCube Processing Status: DTSRun: Loading...DTSRun: Executing...DTSRun OnStart: DTSStep_DTSOlapProcess.Task_1DTSRun OnError: DTSStep_DTSOlapProcess.Task_1, Error = -2147221384 (80040078) Error string: More than the maximum of 64,000 dimension member children for a single parent (dimension 'Zaaknummer', level 'Zaaknummer', member '141715'). Error source: Zaaknummer Help file: Help context: 1000440Error Detail Records:Error: 0 (0)

Windows SharePoint Services 3

The Execute method of job definition Microsoft.Office.Server.Administration.ApplicationServerAdministrationServiceJob (ID a778c03a-b4d5-47ad-b0d5-6130b9c8ba14) threw an exception. More information is included below.

Attempted to read or write protected memory. This is often an indication that other memory is corrupt.

Service Control Manager

None

Timeout (30000 milliseconds) waiting for the hpqwmiex service to connect.

Report Server Windows Service (EVENTSENTRY)

Startup/Shutdown

The report server database is an invalid version.

User Profile Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-3955188477-656860062-1151124159-1021:
Process 6540 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3955188477-656860062-1151124159-1021
Process 1356 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955188477-656860062-1151124159-1021\Printers\DevModePerUser

Windows Search Service

Gatherer

A document ID cannot be allocated.
Context: Windows Application, SystemIndex Catalog
Details:
The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f)

Apache Service

The Apache service named reported the following error:
>>> httpd.exe: Syntax error on line 116 of C:/Program Files (x86)/CollabNet Subversion Server/httpd/conf/httpd.conf: Cannot load C:/Program Files (x86)/CollabNet Subversion Server/httpd/modules/mod_dav_svn.so into server: The specified module could not be found.

Service Control Manager

The following boot-start or system-start driver(s) failed to load: storflt

Service Control Manager

Error

EVENT # 9697313
EVENT LOG System
EVENT TYPE Error
SOURCE Service Control Manager
EVENT ID 7011
COMPUTERNAME SERVER
DATE / TIME 7/28/2009 8:11:23 PM
MESSAGE Timeout (30000 milliseconds) waiting for a transaction response from the SharedAccess service.

Windows Server Update Services

Clients

Some client computers have not reported back to the server in the last 30 days. 4 have been detected so far.

service control manager

The Debug Diagnostic service entered the running state

service control manager

none

The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).

NVRAIDSERVICE

Access failure: Critical error on disk XXXXXXX (Port: SATA 2.0).

NVRAIDSERVICE

Error message from one of the disks failing on an onboard nVidia nForce4 RAID controller.

Service Control Manager

________________________________________
EVENT # 170686
EVENT LOG System
EVENT TYPE Error
SOURCE Service Control Manager
EVENT ID 7034
COMPUTERNAME HDQ121
DATE / TIME 3/8/2011 3:29:02 PM
MESSAGE The McAfee Engine Service service terminated unexpectedly. It has done this 2 time(s).
________________________________________

Find out more about the event at http://www.myeventlog.com.

Service Control Manager

The start type of the Windows Modules Installer service was changed from auto start to demand start.

EventSentry Network Services

Snmp Trap

A SNMP trap was received:

Version: 1
Community: public
Trap Sender: vmware1.domain.local (192.168.12.55)
Trap ID: vmware.vmwProductSpecific.vmwESX.vmkLoaded (1.3.6.1.4.1.6876.4.1.6.1)

Trap Bindings:
1: vmware.vmwTraps.vmwVmID (1.3.6.1.4.1.6876.50.101) = 1
2: vmware.vmwTraps.vmwVmConfigFilePath (1.3.6.1.4.1.6876.50.102) = /vmfs/volumes/474c55f6-89ccc558-5555-001143ebb975/TestServerF/TestServerF.vmx
3: vmware.vmwVirtMachines.vmwVmTable.vmwVmEntry.vmwVmDisplayName.1 (1.3.6.1.4.1.6876.2.1.1.2.1) = TEST07-W2K3-DE

EventSentry Network Services

Snmp Trap

A SNMP trap was received:

Version: 3
Username: public
Trap Sender: ups41.domain.local (192.168.16.117)
Trap ID: apc (1.3.6.1.4.1.318.0.10)
Engine ID: 0x800000000300C0B74DD7A6
Security Level: Authentication and Privacy

Trap Bindings:
1: apc.apcmgmt.mtrapargs.mtrapargsString (1.3.6.1.4.1.318.2.3.3.0) = UPS: Passed a self-test.

EventSentry Network Services

Syslog

syslog@vmserver5.domain.local[daemon.warning]: Server Administrator: Storage Service EventID: 2264 A device is missing.: Battery 0 Controller 0

Microsoft-Windows-Service Pack Installer

There is not enough free disk space to install the Service Pack. Required=4834 MB.

User profile service

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 5/12/2012 4:13:40 PM
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: NONEOFYOURBIZ2
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
9 user registry handles leaked from \Registry\User\S-1-5-21-664570727-300873648-2978798648-1000:
Process 664 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-664570727-300873648-2978798648-1000
Process 664 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-664570727-300873648-2978798648-1000
Process 1324 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-664570727-300873648-2978798648-1000
Process 1324 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-664570727-300873648-2978798648-1000
Process 1324 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-664570727-300873648-2978798648-1000
Process 664 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-664570727-300873648-2978798648-1000\Software\Microsoft\SystemCertificates\My
Process 664 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-664570727-300873648-2978798648-1000\Software\Microsoft\SystemCertificates\CA
Process 664 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-664570727-300873648-2978798648-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1324 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-664570727-300873648-2978798648-1000\Software\Microsoft\Windows\CurrentVersion\Explorer

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-05-12T20:13:40.907441900Z" />
<EventRecordID>30031</EventRecordID>
<Correlation />
<Execution ProcessID="416" ThreadID="4684" />
<Channel>Application</Channel>
<Computer>NONEOFYOURBIZ2</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">9 user registry handles leaked from \Registry\User\S-1-5-21-664570727-300873648-2978798648-1000:
Process 664 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-664570727-300873648-2978798648-1000
Process 664 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-664570727-300873648-2978798648-1000
Process 1324 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-664570727-300873648-2978798648-1000
Process 1324 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-664570727-300873648-2978798648-1000
Process 1324 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-664570727-300873648-2978798648-1000
Process 664 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-664570727-300873648-2978798648-1000\Software\Microsoft\SystemCertificates\My
Process 664 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-664570727-300873648-2978798648-1000\Software\Microsoft\SystemCertificates\CA
Process 664 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-664570727-300873648-2978798648-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1324 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-664570727-300873648-2978798648-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
</Data>
</EventData>
</Event>

Service Control Manager

The EventSentry service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Microsoft-Windows-CertificateServicesClient-AutoEnrollment

Certificate for %1 with Thumbprint %2 is about to expire or has already expired.

Service Control Manager

The VNC Server Version 4 service terminated unexpectedly. It has done this 1 time(s)

Service Control Manager

The Creative Audio Service service failed to start due to the following error:
The system cannot find the file specified.

Windows Media Player Network Sharing Service

Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

NtServicePack

None

Windows XP WIC installation failed.
Access is denied.

Microsoft-Windows-CertificateServicesClient-CertEnroll

Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from testsql.domain.local\TESTCA (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).

Microsoft-Windows-Time-Service

NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)

Service Control Manager

De Windows Presentation Foundation Font Cache 3.0.0.0-service is bij het starten vastgelopen.

Windows Server Update Services

Clients

No client computers have ever contacted the server.

Windows Server Update Services

Core

The catalog was last synchronized successfully 1 or more days ago.

Microsoft-Windows-DNS-Server-Service

Zone somedomain.local expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone. The zone has been shut down.

Service Control Manager Eventlog Provider

The windows Modules Installer Service failed to start due to the following error:The Service did not start due to a logon failure

Service Control Manager

Error

The Routing and Remote Access service terminated with the following service-specific error: The callback function must be invoked inline.

Service Control Manager

None

The Remote Desktop Services service terminated due to an error The specified file cannot be found.

Microsoft-Windows-ActiveDirectory_DomainService

Security

The directory has been configured to not enforce per-attribute authorization during LDAP add operations. Warning events will be logged, but no requests will be blocked. This setting is not secure and should only be used as a temporary troubleshooting step. Please review the suggested mitigations in the link below.

https://go.microsoft.com/fwlink/?linkid=2174032

OneApp_IGCC_WinService

none

TLBs created - Done

Service Control Manager

None

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

Python Service

The description for Event ID 255 from source Python Service cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Exception : (1058, 'StartService', 'The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.')

The message resource is present but the message was not found in the message table

TerminalServices-RemoteConnectionManager

None

The RD Session Host server received large number of incomplete connections. The system may be under attack.

Service Control Manager

The EuGdiDrv Service was not started due to the following error:
The specified path cannot be found.

Service Control Manager

The EuGdiDrv Service was not started due to the following error:
The specified path cannot be found.

Service Control Manager

None

The following boot-start or system-start driver(s) did not load:
dam

CertificateServicesClient-CertEnroll

Certificate enrollment for Local system failed in authentication to policy servers with ID {########-####-####-####-72067EF2E6D9} (The user name or password is incorrect. 0x8007052e (WIN32: 1326 ERROR_LOGON_FAILURE))

Microsoft-Windows-Directory-Services-SAM

There is no message from the SIEM logs I'm seeing from. Fields unique to this Event ID (Kibana Discover):

winlog.event_data.AccountDN
winlog.event_data.AccountSID
winlog.event_data.KeyHash

Service Control Manager

The FirmwareSwitchService service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.