Search Results

Search found 51448 results on 2058 pages for 'log files'.

Page 97/2058 | < Previous Page | 93 94 95 96 97 98 99 100 101 102 103 104  | Next Page >

  • Event ID: 861 - The Windows Firewall has detected an application listening for incoming traffic

    - by Chris Marisic
    Firstly, my machines aren't compromised any person suggesting such will be DV'd. The security logs on some of my networks client machines (all Windows Xp Sp3) get filled with these useless error messages. Security Failure Audit Detailed Tracking Event ID: 861 User: NT AUTHORITY\NETWORK SERVICE The Windows Firewall has detected an application listening for incoming traffic. Name: - Path: C:\WINDOWS\system32\svchost.exe Process identifier: 976 User account: NETWORK SERVICE User domain: NT AUTHORITY Service: Yes RPC server: No IP version: IPv4 IP protocol: UDP Port number: 55035 Allowed: No User notified: No It's always on various random ports of UDP so setting up a port exception isn't really an option. It's always from svchost or lsass both of which are running services from DLLs. One of the most offending processes seems to the be DnsCache. I have in my global policy under AT < Network < Network Connection < Widnows Firewall < Domain Profile (I haven't changed any standard profile options do both need configured? To allow remote administration and desktop exceptions and have a custom program exception list that has %SystemRoot%\system32\svchost.exe:*:enabled:svchost (Windows won't allow you to add this exception on a local machine but it let me have it on here in the global policy it just doesn't seem to do anything) %SystemRoot%\system32\lsass.exe:*enabled:lsass (I think this one ended all of my LSASS messages) %SystemRoot%\system32\dnsrslvr.dll:*:enabled:dnscache (I tried adding the dll itself to the exception list, this didn't seem to do anything) Is there really any other options left other than disabling the Windows Firewall entirely, disabling auditing entirely or just changing the event viewer to just auto overwrite when needed? I'd much rather fix the problem and get rid of these entries ever being created instead of just trying to cover up the problem.

    Read the article

  • Errors Event 7888, 6102, 6641 MOSS

    - by Mayra Gonzalez
    I'm getting this errors on my Server. Version MOSS 2007, on Windows Server Standar 2008 and this message appear every minute. Next, you can find its descriptions: Can any one help me with this? Thanks Event ID 7888 A runtime exception was detected. Details follow. Message: Attempted to perform an unauthorized operation. Techinal Details: System.UnauthorizedAccessException: Attempted to perform an unauthorized operation. at Microsoft.Office.Server.Infrastructure.SharedServiceAccessControlList.AccessCheckThrowIfUnauthorized(SharedServiceRights rights) at Microsoft.Office.Server.Infrastructure.SharedServiceAccessControlList.Microsoft.Office.Server.Administration.ISerializableSharedObject.GetObjectData(SharedObjectSerializationContext context) at Microsoft.Office.Server.Administration.SharedObjectFormatter.Serialize(XmlWriter writer, SharedObject sharedObject) at Microsoft.Office.Server.Administration.SharedObjectStore.PutObject(SharedObject sharedObject) at Microsoft.Office.Server.Administration.SharedObject.Update() at Microsoft.Office.Server.Infrastructure.SharedServiceAccessControlList.EnsureFullPermissionSet(String principalName) at Microsoft.Office.Server.Administration.SharedResourceProvider.SynchronizeSharedServiceAccessControlList() at Microsoft.Office.Server.Administration.SharedResourceProvider.Microsoft.Office.Server.Administration.ISharedComponent.Synchronize() Event ID 6641 The SSP Timer Job Distribution List Import Job was not run. Reason: Index was outside the bounds of the array. Technical Support Details: System.IndexOutOfRangeException: Index was outside the bounds of the array. at Microsoft.Office.Server.Utilities.WindowsSecurity.GetUserTokenFromCredentials(String userDomainName, String password, LogonType logonType) at Microsoft.Office.Server.Utilities.WindowsSecurity.GetUserTokenFromCredentials(String userDomainName, String password) at Microsoft.Office.Server.Administration.JobHandler.Execute(Object state, Boolean timedOut) Event ID 6102: LoadBalancer.RegisterLauncher failed: Unable to connect to the remote server

    Read the article

  • Over 200 active requests like "OPTIONS * HTTP/1.0" 200 - "-" "Apache (internal dummy connection)"

    - by Stefan Lasiewski
    Some details: Webserver: Apache/2.2.13 (FreeBSD) mod_ssl/2.2.13 OpenSSL/0.9.8e OS: FreeBSD 7.2-RELEASE This is a FreeBSD Jail. I believe I use the Apache 'prefork' MPM (I run the default for FreeBSD). I use the default values for MaxClients (256) I have enabled mod_status, with "ExtendedStatus On". When I view /server-status , I see a handful of regular requests. I also see over 230 requests from the 'localhost', like these: 37-0 - 0/0/1 . 0.00 1510 0 0.0 0.00 0.00 127.0.0.2 www.example.gov OPTIONS * HTTP/1.0 38-0 - 0/0/1 . 0.00 1509 0 0.0 0.00 0.00 127.0.0.2 www.example.gov OPTIONS * HTTP/1.0 39-0 - 0/0/3 . 0.00 1482 0 0.0 0.00 0.00 127.0.0.2 www.example.gov OPTIONS * HTTP/1.0 40-0 - 0/0/6 . 0.00 1445 0 0.0 0.00 0.00 127.0.0.2 www.example.gov OPTIONS * HTTP/1.0 I also see about 2417 requests yesterday from the localhost, like these: Apr 14 11:16:40 192.168.16.127 httpd[431]: www.example.gov 127.0.0.2 - - [15/Apr/2010:11:16:40 -0700] "OPTIONS * HTTP/1.0" 200 - "-" "Apache (internal dummy connection)" The page at http://wiki.apache.org/httpd/InternalDummyConnection says "These requests are perfectly normal and you do not, in general, need to worry about them", but I'm not so sure. Why are there over 230 of these? Are these active connections? If I have "MaxClients 256", and over 230 of these connections, it seems that my webserver is dangerously close to running out of available connections. It also seems like Apache should only need a handful of these "internal dummy connections" We actually had two unexplained outages last night, and I am wondering if these "internal dummy connection" caused us to run out of available connections.

    Read the article

  • /server-status shows over 240 requests like "OPTIONS * HTTP/1.0" 200 - "-" "Apache (internal dummy c

    - by Stefan Lasiewski
    Some details: Webserver: Apache/2.2.13 (FreeBSD) mod_ssl/2.2.13 OpenSSL/0.9.8e OS: FreeBSD 7.2-RELEASE This is a FreeBSD Jail. I believe I use the Apache 'prefork' MPM (I run the default for FreeBSD). I use the default values for MaxClients (256) I have enabled mod_status, with "ExtendedStatus On". When I view /server-status , I see a handful of regular requests. I also see over 240 requests from the 'localhost', like these. 37-0 - 0/0/1 . 0.00 1510 0 0.0 0.00 0.00 127.0.0.2 www.example.gov OPTIONS * HTTP/1.0 38-0 - 0/0/1 . 0.00 1509 0 0.0 0.00 0.00 127.0.0.2 www.example.gov OPTIONS * HTTP/1.0 39-0 - 0/0/3 . 0.00 1482 0 0.0 0.00 0.00 127.0.0.2 www.example.gov OPTIONS * HTTP/1.0 40-0 - 0/0/6 . 0.00 1445 0 0.0 0.00 0.00 127.0.0.2 www.example.gov OPTIONS * HTTP/1.0 I also see about 2417 requests yesterday from the localhost, like these: Apr 14 11:16:40 192.168.16.127 httpd[431]: www.example.gov 127.0.0.2 - - [15/Apr/2010:11:16:40 -0700] "OPTIONS * HTTP/1.0" 200 - "-" "Apache (internal dummy connection)" The page at http://wiki.apache.org/httpd/InternalDummyConnection says "These requests are perfectly normal and you do not, in general, need to worry about them", but I'm not so sure. Why are there over 230 of these? Are these active connections? If I have "MaxClients 256", and over 230 of these connections, it seems that my webserver is dangerously close to running out of available connections. It also seems like Apache should only need a handful of these "internal dummy connections" We actually had two unexplained outages last night, and I am wondering if these "internal dummy connection" caused us to run out of available connections. UPDATE 2010/04/16 It is 8 hours later. The /server-status page still shows that there are 243 lines which say "www.example.gov OPTION *". I believe these connections are not active. The server is mostly idle (1 requests currently being processed, 9 idle workers). There are only 18 active httpd processes on the Unix host. If these connections are not active, why do they show up under /server-status? I would have expected them to expire a few minutes after they were initialized.

    Read the article

  • Event Viewer: atapi errors

    - by Wesley
    Specs for Samsung N120 Netbook Atom N270 @ 1.60 GHz / 160 GB IDE HDD / 2 GB PC2-5300 DDR2 RAM / Windows XP Home SP3 So I'm still getting some atapi errors in my Event Viewer. Here are two atapi errors I am getting over and over again: (1) The device, \Device\Ide\IdePort0, did not respond within the timeout period. (2) The driver detected a controller error on \Device\Ide\IdePort0. In addition, I am repeatedly getting this warning as well: (1) An error was detected on device \Device\Harddisk0\D during a paging operation. I just got this back from repair, where before, I couldn't boot at all because I was led to a black screen saying "Operating System Not Found". Still, I got it back and it can boot again, without any hard drive replacement or data loss. So, how can I get rid of these errors and warnings? What could have happened during repairs to allow my netbook to boot again? Thanks in advance.

    Read the article

  • New set up DHCP Server on Server 2008 R2 won't work, Event-ID 1046

    - by Ian
    I just set up a 2008 R2 as DC, and DNS. Both worked fine, DNS works fine forward and reverse lookup. Now I wanted to install DHCP. As soon as the installation of the role is finished, I get this Event-ID Error 1046: Link When I first set it up there was also a Event-ID 1059 Error: Link The dhcp server is authorized. I don't know what else I should do. Getting crazy here, hope you guys can help me.

    Read the article

  • Biztalk 2009 logshipping with SQL 2008

    - by Manjot
    Hi, I am setting up biztalk logshipping for Biztalk 2009 database. Following http://msdn.microsoft.com/en-us/library/aa560961.aspx article, I am doing the following to setup biztalk logshipping on destination server: Enable Ad-hoc queries by: sp_configure 'show advanced options',1 go reconfigure go sp_configure 'Ad Hoc Distributed Queries',1 go reconfigure go sp_configure 'show advanced options',0 go reconfigure go Execute LogShipping_Destination_Schema & LogShipping_Destination_Logic in master on destinations server Run: exec bts_ConfigureBizTalkLogShipping @nvcDescription = '', @nvcMgmtDatabaseName = '', @nvcMgmtServerName = '', @SourceServerName = null, -- null indicates that this destination server restores all databases @fLinkServers = 1 -- 1 automatically links the server to the management database When I run this I am receiving the following error: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. After some research I found some info : Usually this error means that the SQL Server Service Principal Name (SPN) was not configured, and NTLM was not being used as an authentication mechanism. SQl services are runing under different domain accounts. So, I asked the domain admin to create SPNs for the servers, SQL service accounts for beoth source and destination using name and FQDN. enabled computer name and service accounts for delegation. When I run the following: select * from sys.dm_exec_connections I get the the same error: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON' Any help please?

    Read the article

  • logparser Message with error codes

    - by nsr81
    Hi All, Is there anyway to get complete error message using LogParser? When I run the following query: logparser -i:EVT -o:NAT "SELECT TimeGenerated,EventID,Message from System WHERE EventTypeName='Error event'" I get the following output: 2009-09-02 19:35:44 7000 The USB Mass Storage Driver service failed to start due to the following error: %%1058 The full "Message" in EventViewer is: Description: The USB Mass Storage Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. How can I obtain complete message using logparser?

    Read the article

  • Setting up Splunk/IronPort WSA

    - by Ciddan
    Hello everyone! I recently stumbled across Splunk 4 (by way of an advert on this very site...) and found that it had an "App" that's designed to work with Cisco IronPort WebSecurity and E-Mail Appliances! That's really awesome, because good IronPort reporting is something our IT-dept. is looking for. Anyways - I'm totally lost on how to configure this thing. I've googled like a mad-man to find a guide or such like - but I haven't found anything. Has anyone here set up IP / Splunk? Any tips/pointers? Regards, Mikael Selander

    Read the article

  • Setting up Splunk/IronPort WSA

    - by Ciddan
    I recently stumbled across Splunk 4 (by way of an advert on this very site...) and found that it had an "App" that's designed to work with Cisco IronPort WebSecurity and E-Mail Appliances! That's really awesome, because good IronPort reporting is something our IT-dept. is looking for. Anyways - I'm totally lost on how to configure this thing. I've googled like a mad-man to find a guide or such like - but I haven't found anything. Has anyone here set up IP / Splunk? Any tips/pointers?

    Read the article

  • Several "SideBySide" errors in the event viewer (Windows XP SP3)

    - by Wesley
    Hi all, For some reason, my netbook continuously comes up with SideBySide errors in the event viewer under Computer Management. Is there some way to get rid of these errors? My netbook occasionally BSODs and looking back into the event viewer after, at least 8 SideBySide errors were logged prior to BSOD. Please help! Thanks in advance. Netbook is a Samsung N120 with upgraded RAM to 2 GB. EDIT: So, SideBySide errors have been resolved and apparently the BSOD isn't related. But I remember specifically, that last time I had a BSOD, it was due to an "unknown hard error." What causes that?

    Read the article

  • SBS 2003 no network connection and acting strangely a bunch of Event ID 13568

    - by JMan78
    I've got an SBS 2003 Standard server and it was running fine until earlier today when it was rebooted, after the reboot it has no network connection, I can't seem to right click on a lot of stuff and get dialog boxes, I can't launch IE, it's acting extremely strange. We are dead in the water at this point. I checked the event logs and noticed we're getting a ton of Event ID's 13568. I thought it was a Journal Wrap error, and while I was going to try to fix it using this article: http://support.microsoft.com/kb/290762 I can't even do that because after I set the D4 value, then went to restart NTFRS from command prompt and I got the following: System Error 1059 has occurred. Circular service dependency was specified. That is where I'm at and haven't been able to figure anything else out. ALso, I've posted this on EE, there are some screens of event logs and such there: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_27969593.html

    Read the article

  • PEN daemon as load balancer, IIS web logs not showing true requester IPs

    - by Aszurom
    I have a Hercules vmware appliance, which is a micro-linux vm that runs the PEN daemon and acts as a server load-balancer. It takes any incoming request on the appliance's IP and routes it out to a number of alternate IPs. The logs of the daemon show the true IP of the browsers hitting the website. The logs of the websites themselves (iis 6 and 7) only show the requester IP as being that of the load balancer. The IT manager tells me that when we had a hardware appliance (serveriron XL) doing the load balancing, the web logs reflected the requester IPs accurately. Is there any way to get this resolved with the daemon, or will I be digging that out of the closet and plugging it back in?

    Read the article

  • Is anybody using Splunk in a large-scale production environment?

    - by Nano Taboada
    I've been watching the videos at splunk.com and really it's hard to believe that one can get all those features for free, there's still that "where's the catch?" in the back of my head. So it'd be great if anybody that is actually using it Splunk on production would like to share their experiences, perhaps highlighting its benefits over, say, Nagios? Thanks much in advance.

    Read the article

  • Colorize Monitoring of Logs

    - by Ian
    I sometimes monitor apache and php error logs using tail under FreeBSD. Is there any way to get colorized output, either using tail or some other command line app? Alternatively, what is your favorite way to monitor the various web-related logs in realtime?

    Read the article

  • syslogd: Logfile format (not configuration format)

    - by chris_l
    Hi, I'd like to parse logfiles. Is the logfile format of syslogd the same for all systems? On my system (Debian Lenny), it's: Mar 7 04:22:40 my-host-name ... (I'm not much interested in the ... part) Can I rely on this? And is there maybe some more-or-less official description? The manpage of syslogd describes the config format, but not the logfile format. Ideally, the description would give the fields official names like (date, time, host, entry) or (datetime, hostname, message). Maybe additionally some regular expressions. I'd like to use the names and regexes in my script, to avoid an unnecessary deviation from the standard, and to make sure, that the script runs everywhere. Thanks Chris

    Read the article

  • IIS Logs not getting created

    - by Chris
    Hi I have a site running on IIS 6. I have turned on logging on the website tab of IIS and specified a directory for it to write to. Set it to an hourly schedule. However no logs are ever created. Have reset iis. checked disk space and permissions on the directory it is writing to but no logs are ever created. I can see this did work once, as there are logs created in the system32/logfiles directory from about a year ago. Even if I specify that directory nothing new gets created This is on a hosted service What else can I check? Is there any place that errors would be written to that might give me a clue as to what is going on? Have tried event viewer but nothing untoward in there Would appreciate any pointers on this

    Read the article

  • Event ID for modified GPOs

    - by Hinek
    I have to know, who (usersid or loginname) changed a specified GPO for a specified OU in the Active Directory. Given our audit settings include this, what would be the right Event ID to look for?

    Read the article

  • svchost.exe crash on wake up

    - by Serge
    Lately whenever I wake up my laptop from sleep I get a series of errors (generated by a host process failing) I haven't been able to figure out why this happens but I know which host process fails and was wondering if someone had some insight on why this keeps occuring 99% of the time when my laptop wakes up. here's the host process error Faulting application svchost.exe_SysMain, version 6.0.6001.18000, time stamp 0x47919291, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e0421d, exception code 0xc0000006, fault offset 0x000000000005a02d, process id 0x1738, application start time 0x01cae656279b1010. and here are some services that fail because of that host The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. The Wired AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. The ReadyBoost service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. The Network Connections service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Anyways I think you get the point, there are a few more. It got really annoying to wait for those services to restart so I created a batch file that does it automatically whenever the wlan stops I'm using Vista x64 on a Studio XPS 1640

    Read the article

< Previous Page | 93 94 95 96 97 98 99 100 101 102 103 104  | Next Page >