is launched, Click below image to access it is launched, Click below image to access it
Technology and Entertainment Blog

Windows Event Logs

Windows Event Logs

All Type of Common Windows Event (Information, Warning, Error, Audit) IDs

We have 150+ Windows Service event log listed below, which will help you know which event id to check for troubleshooting any issue.

Operating System Events :

-> Event ID 11707, Product: ABC  Installation operation completed successfully
-> Event ID 11724, Product: ABC  Removal completed successfully.
-> Event ID 7036, When we stop\start any service manually system generate event ID 7036 mentioning service name and status and in details
-> Event ID 7009, Timeout (30000 milimseconds) waiting for the service name to connect.
-> Event ID 7000, The service name failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
-> Event ID 7024, when a service terminated with error? i believe for all services
-> Event ID 35, The time service is now synchronizing the system time with the time source (abc.local)
-> Event ID 37, The time provider NtpClient is currently receiving valid time data from This event occurs after the server is restarted? mostly likley. Source - W32Time.
-> Information Event 38, W32Time, The time provider NtpClient cannot reach or it currently receiving invalid time data from server.dc.local. Ip address.
-> Event ID 6013, The system uptime is --- seconds. This occurs when a system is restarted? No, it occurs every day at 12pm on both 2k3 and 2k8 OS and increased the uptime seconds.
-> Event ID 7036, The service name entered the running/stopped state.
-> Event ID 7035, The '' service was successfully sent a stop control. This event mentions the user name who stopped the service.
-> Event ID 1074, The process explorer.exe has initiated the restart of computer --- on behalf of user (OS- Win 2003)
-> Event ID 1074, The process winlogon.exe has initiated the restart of computer --- on behalf of user NT AUTHORITY\SYSTEM (OS- Win 2003)
-> Event ID 26, Application popup: Windows: Other people are logged on to this computer. Restarting Windows might cause them to lose data.
-> Event ID 7031, The service name terminated unexpectedly. It has done this 8 times(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.
-> Event ID 104, EventLog, The '' log file was cleared.
-> Event ID 8015, BROWSER, The browser has forced an election on network \Device\NetBT_Tcpip_{64FCCB5D-3081-4C3D-9504-8366D14A367C} because a Windows Server (or domain master) browser is started. (OS- Win 2003)
-> Event ID 4294, IPSec, The IPSec driver has entered Secure mode. IPSec policies, if they have been configured, are now being applied to this computer.(OS- Win 2003)
-> Event ID 4104, Winlogon, Windows license validated. (Win 2008)
-> Event ID 14533, DfsSvc, DFS has finished building all namespaces. (OS- Win 2003)  
-> Event ID 4295, IPSec, The IPSec Driver is starting in Bypass mode. No IPSec security is being applied while this computer starts up. IPSec policies, if they have been assigned, will be applied to this computer after the IPSec services start.(OS- Win 2003)
-> Event ID 26, Application Popup, Application popup: Service Control Manager  : At least one service or driver failed during system startup.  Use Event Viewer to examine the event log for details. (OS- Win 2003)
-> Error Event ID 6008, EventLog, The previous system shutdown at 8:46:51 PM on 11/22/2011 was unexpected. (OS- Win 2003)
-> Event ID 1005, Customer Experience Improvement Program data was successfully consolidated into file that will be sent to Microsoft for analysis only if user has opted to join the windows Customer Experience Improvement Program.
-> Warning Event ID 1076, USER32, The reason supplied by user CARC\Administrator for the last unexpected shutdown of this computer is: Other (Unplanned) (OS- Win 2003)
-> Warning Event 2013, Srv, The C: disk is at or near capacity. You may need to delete some files (OS-2003)
-> Information Event 1002, Winlogon, The shell stopped unexpectedly and Explorer.exe was restarted. (OS-2003)
-> Warning Event 4, b57w2k, Broadcom NetXtreme Gigabit Ethernet #2: The network link is down.  Check to make sure the network cable is properly connected.
-> Information Event 11,b57w2k, Broadcom NetXtreme Gigabit Ethernet #2: Network controller configured for 1Gb full-duplex link.
-> Error, Event 7022, Service Control Manager, The "" service hung on starting.
-> Information, Event 36, Ntfs, A user hit their quota threshold on volume C:  (OS-2003)
-> Information, Event 26212, Chkdsk, Chkdsk was executed in read-only mode on a volume snapshot. (OS-2003)
-> Information, Event 7, crypt32, Successful auto update retrieval of third-party root list sequence number from: <> (OS-2003)
-> Warning, Event 1073, Source : USER32 . The attempt by dc\admin to restart\shutdown computer 'dc-name' failed. (OS-2003).

Print Events :

-> Information Event ID 10, Print, Document 42, Outlook - Memo, owned by username was printed on machine name via port ip .. size in bytes, pages printed: 2 (OS-2003)

Windows Backup Events :

-> Event ID 14, Source: Microsoft-Windows-Backup/Operational, Backup completed, this event occurs on Win 2008 and SBS server for inbuilt-backup service.
-> Event ID 1, Source: Microsoft-Windows-Backup/Operational, Backup started, this event occurs on Win 2008 and SBS server for inbuilt-backup service.

WSUS Events :

-> Error Event ID 20, Source Windows Update Agent, Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332).
-> Event ID 4377, NtServicePack, Windows Server 2003 Hotfix KB2544893-v2 was installed.
-> Event ID 19, Source Windows Update Agent, Installation Successful: Windows successfully installed the following update: Security Update for Windows Server 2003 (KB2564958) (OS- Win 2003)

LogMeIn Events :
-> Information Event ID 102, LogMein, User '' has successfully logged on from IP address ''. Secure (SSL) Connection: Yes
-> Error Event ID 104, LogMein, Unsuccessful logon attempt from IP address ''. Secure (SSL) Connection: Yes
-> Information Event ID 106, LogMein, User '' from IP address '' has been logged out by the service due to reaching the preset amount of idle time.
-> Information Event ID 205, LogMein, User '' from IP address '' ended a Remote Control session.
-Warning, Event ID 104, LogMeIn, Unsuccessful logon attempt from IP address Secure (SSL) Connection: Yes

IIS Events :

-> Information Event 1074, W3SVC,
-> Event ID 5076, WAS, A worker process with process id of '116116' serving application pool 'SBS Sharepoint AppPool' has requested a recycle because it reached its scheduled recycle time. (Win 2008)
-> Event ID 3201, IIS start command received from user dc\admin. The logged data is the status code. Source - IIS-IISRESET
-> Event ID 4, Source: IISCTLS, IIS kill command received from user dc/user.
-> Event ID 2, Source: IISCTLS, IIS stop command received from user dc/user.  All these three 4,2,1 id belongs to IIS version 6
-> Event ID 1, Source: IISCTLS, IIS start command received from user dc/user.
-> Event ID 3201, When we hit IISRESET IIS creates information event ID 3201

SQL Events :
-> Event ID 8957, DBCC CHECKDB (DB_Name) executed by dc\user found -- errors and repaired -- errors. Elapsed time: _ hours _ minutes _ seconds.
-> Event ID 1485 Database mirroring has been enabled on this instance of SQL Server. (OS-2003)
-> Event ID 18264 Database Backed up

Symantec Antivirus Events :

-> Information Event 3, Symantec Antivirus, Scan started on selected drives and folders and all extensions.
-> Information Event 7, Symantec Antivirus, New virus definition file loaded. Version: ().
-> Information Event 2, Symantec Antivirus, Scan Complete:  Risks: 0   Scanned: 1378   Files/Folders/Drives Omitted: 0 Trusted Files Skipped: 520
-> Information Event 65, Symantec Antivirus, Scan Suspended:  Risks: 0   Scanned: 1408   Files/Folders/Drives Omitted: 0 Trusted Files Skipped: 1354
-> Information Event 66, Symantec Antivirus, Scan resumed on all drives and all extensions.

DHCP Events :

Information ##
-> Event ID 1043, DhcpServer,  The DHCP/BINL service on the local machine has determined that it is authorized to start.  It is servicing clients now. (OS- Win 2003)
-> Event ID 4097, Wins, WINS initialized properly and is now fully operational. (OS- Win 2003)

Warning ##
-> Warning Event 1020, DhcpServer, Scope,, is 82 percent full with only 9 IP addresses remaining.

SharePoint Event :

Information ##
-> Event ID 101, Configuration of the sharepoint products has succeeded.
-> Event ID 7041, Topology, The credentials used for the windows service "SPWriterV4' were updated by PRACOM\spfarm. Find this event in shared operational section.
-> Event ID 97, Admin Audit, An incremental crawl was started on 'MySite Crawler' by Share\mossadmin. Find this event in shared operational logs section.

If you want to add more windows service events log here please do write to us or send event ids via comments.

No comments: