SlideShare a Scribd company logo

Merged document

sreeja_16
sreeja_16

This document summarizes the analysis of Windows event log files. It discusses how to view event logs using the Event Viewer and export logs. It also describes using log parsing tools like Log Parser Lizard and Log Parser 2.2 to query error, warning and other event types from system logs. Specific event IDs are analyzed, like DCOM errors, service failures, DNS issues and hard disk errors. Methods to resolve issues causing these events are provided.

Engineering
1 of 14
Download to read offline
LOG ANALYSIS ON WINDOWS EVENT LOG FILES ASSIGNMENT SUBMITTED BY- Sreeja Swaminathan Puthan REG NO -RA1512023010015 BRANCH&SPECIFICATION - II M.TECH ISCF
1 LOG ANALYSIS ON WINDOWS EVENT LOG FILES Log Analysis: Log files are used to maintain a record of activities, e.g. activities of the operating system, certain applications, etc. Log files come in various formats, in general these formats can be divided in the following categories:  Binary formats  Text-based formats  in-database Event Viewer: On Windows the event logs can be managed with "Event Viewer" (eventvwr.msc) or "Windows Events Command Line Utility" (wevtutil.exe). Event Viewer can represent the EVTX files in both “general view” (and formatted view) and "details view" (which has both a "friendly view" and "XML view"). Note that the formatted view can hide significant event data that is stored in the event record and can be seen in the detailed view. If you export an event log from Event Viewer additional "display information" can be exported. This display information is stored in a corresponding file named: LocaleMetaData%FILENAME%_%LCID%.MTA Where LCID is the "locale identifier". To view the Windows Setup event logs 1. Start the Event Viewer, expand the Windows Logs node, and then click System. 2. In the Actions pane, click Open Saved Log and then locate the Setup.etl file. By default, this file is available in the %WINDIR%Panther directory. 3. The log file contents appear in the Event Viewer.
2 Fig-1: using open saved log in even viewer to display the saved log file for analysis To Export the log to a file From the command line, use the Wevtutil or Tracerpt commands to save the log to an .xml or text file. For information about how to use these tools, see the command-line Help. The following commands show examples of how to use the tools: Tracerpt /l C:windowspanthersetup.etl Fig-2: To dump the contents displayed in the event viewer using tracerpt into summary.txt
3 Fig-3: Summary.txt path and file opened Fig-4: For convenience the file is analyzed using notepad++
4 LOG ANALYSIS USING LOG PARSER LIZARD AND LOG PARSER 2.2 Download and Install Log Parser lizard and Log Parser 2.2 from https://www.microsoft.com/en-us/download/details.aspx?id=2465 Fig-5: Querying for event types from System Fig-6: Displaying the result table for event type from System ERROR EVENTS: Below figure shows the list of error events occurred in event viewer
5 Fig-5: Query to display all the error event type log from system Fig-6: Displaying the error event log from System Fig-7: Query to display the event type 10010 from system
6 Fig-8: Displaying the result for the 10010 event type DCOM- 10010 event Id error usually causes due to incorrect permissions. To solve the DCOM-10010 following steps will help. 1. In the %windir%/registration folder, make sure that the Everyone group has Read permissions. 2. In the %windir%/registration folder, make sure that the SYSTEM account has Full Control permissions. 3. In the %windir%/registration folder, make sure that the Administrators group has Full Control permissions. 4. In the advanced security properties of the .clb files in the %windir%/registration folder, make sure that the Allow inheritable auditing entries from the parent to propagate to this object and all objects. Include these with entries explicitly defined here option is selected. 5. Make sure that the Everyone group has one of the following permissions: •Traverse permissions (“List Folder Contents”) on all parent directories, including %systemdrive%, %windir%, and %windir%registration •The Bypass traverse checking user right To assign the Bypass traverse checking user right to the Everyone group, follow these steps: 1. Click Start, click Run, type gpedit.msc, and then click OK. 2. Expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then expand User Rights Assignment. 3. Right-click Bypass traverse checking, and then click Properties. 4. Click Add User or Group. 5. Type Everyone and click ok Fig 9: time generated when dcom error occurred in the system
7 Event type-1001, BugCheck System reboots itself showing A BLUE SCREEN due to KERNEL CRASH in Windows.  We can change some settings to let the system show the error message.  Right click the My Computer icon on the desktop and choose Properties. On the Advanced table, click Startup and Recovery. In that dialog uncheck "Automatically reboot".  Make sure you check "Write an event to the system log" and "send an administrative alert".  In the Write Debugging Information section, choose "Complete Memory Dump" from the drop list. Then the file path is: %SystemRoot%MEMORY.DMP Fig 10- Event id 17, source BTHUSB The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver had been unloaded.
8 Fig 11- Event I D – 2505, server error display The server could not bind to the transport Device<device name> because another computer on the network has the same name. The server could not start. Fig 12- Event ID -6008 and it’s a event log error This occurs due to unexpected shutdown of the device previously. Fig 13- Error occurred due to service control manager and event id-7023. Service Control Manager (SCM) stops services and driver services. It also reports when services terminate unexpectedly or fail to restart after it takes corrective action.
9 Fig 13-The system detected an address conflict for IP address 192.168.1.10 with the system having network hardware address E0-2C-B2-F2-50-CA. Network operations on this system may be disrupted as a result. Fig 14- Service control manager failure log on service. The SSDP Discovery service failed to start due to the following error: %%1069 When a service does not start because of a logon failure or when you uninstall Windows XP Service Pack 3 from your computer, you may receive either of the following error messages in the system event log after you restart the computer. This behavior can occur if you configure the service to log on to a user account, and any of the following conditions are true:  The right to log on as a service is revoked for the specified user account.  The password is changed on the user account that the service uses to log on.  The password data in the registry is damaged.
10 Warning events: Fig 15- Obtaining all the warning events from system using event viewer Fig 16- Querying for warning events using Log parser Lizard . Fig 17- Displaying 10 warning events from system for Event ID -1
11 This Problem seem to be logged in the case that a VMWare software solution (like VMWare Workstation or VMWare Server) is installed on a host inside a network where there is already a DHCP-server configured. In most cases you can safely stop the VMWare DHCP- service and use your own DHCP-service. Fig 18- Event ID -1014, Microsoft windows dns client –Source  TCP/IP Offload is enabled for a network adapter  TCP/IP v6 is enabled and their ISP does not yet support TCP/IP v6.  The spanning tree “portfast" setting is not enabled on your servers switch ports.  Router and PC communicating on different channel or standard. Method one: Disable RSS, Autotuning, and Taskoffload 1. Run the following command in an elevated command prompt in Windows 7: netsh interface tcp set global rss=disabled netsh interface tcp set global autotuninglevel=disabled netsh int ip set global taskoffload=disabled 2. Disable the Scalable Networking Pack (SNP) in Windows 7 by changing the registry settings as follows: Perform a full-system backup before you disable the SNP. [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters] EnableTCPChimney=dword:00000000 EnableTCPA=dword:00000000 EnableRSS=dword:00000000
12 If the registry keys do not exist, create them, and then assign the previous values. Method two : Disable TCP/IP v6 To disable TCP/IP v6 1. Click Start, click Control Panel, click Network and Internet, and then click View network status and tasks. 2. In the left pane, click Manage Network Connections. 3. Right-click Local Area Connection, and then click Properties. 4. In the pop-up box, clear the Internet Protocol Version 6 (TCP/IPv6) check box. 5. Click OK, and then restart your computer. To enable Tcp IP 1. Follow steps 1 through 3 in the previous procedure. 2. In the pop-up box, select the Internet Protocol Version 6 (TCP/IPv6) check box. 3. Click OK, and then restart your computer. Method three: Enable the spanning tree portfast setting in your router This action varies depending on your infrastructure router. Consult your manufacturer for further details. Method four: Set you router and PC to communicate on same channel and standard manually 1. Go to your router admin page which should be 192.168.1.1 (confirm with router manufacturer). 2. Navigate to Wi-Fi settings and choose a channel which should comply with your location, for ex: 11. Save. 3. Choose Standard to broadcast Wi-Fi signal as G only not abgn, bgn, gn (If your router is N capable and any PC in your home/office is only G ready). Save. 4. Go to your PC Network and Sharing Center (Windows 7) and Click on Change Adapter Settings, select you Wi-Fi adapter, right click and choose Properties. 5. In pop up window select Configure, in next window click on Advance tab and browse
13 settings there and choose same channel you choose in you router for ex: 11 and the same standard as G not abgn, bgn or gn. Save and Exit. Fig 19- An error was detected on device DeviceHarddisk1DR2 during a paging operation. Fig 20- Event Id – 4229 and warning occurred from source – Tcp I P TCP/IP when detects high memory utilization it terminates some existing system connections to maintain stability. Fig 21- Warning event occurred due to event id- 1073 from source- User 32 This is a warning event occurred due to user’s attempt to shut down or restarting the computer has been failed. This issue occurs because the ExitWindowsEx function does not handle the EWX_LOGOFF flag correctly.

Recommended

Fcm rapid-install-11122-1634210
Fcm rapid-install-11122-1634210Fcm rapid-install-11122-1634210
Fcm rapid-install-11122-1634210
raman pattanaik
 
Readme
ReadmeReadme
ReadmeMarcus Zinn
 
SysInfoTools Eml to PST Converter
SysInfoTools Eml to PST ConverterSysInfoTools Eml to PST Converter
SysInfoTools Eml to PST Converter
SysInfoTools Software
 
SysInfoTools MSG to PST Converter
SysInfoTools MSG to PST ConverterSysInfoTools MSG to PST Converter
SysInfoTools MSG to PST Converter
SysInfoTools Software
 
SysInfoTools DBF File Repair
SysInfoTools DBF File RepairSysInfoTools DBF File Repair
SysInfoTools DBF File Repair
SysInfoTools Software
 
SysInfoTools MBOX Converter
SysInfoTools MBOX ConverterSysInfoTools MBOX Converter
SysInfoTools MBOX Converter
SysInfoTools Software
 
SysInfoTools MSG to EML Converter
SysInfoTools MSG to EML ConverterSysInfoTools MSG to EML Converter
SysInfoTools MSG to EML Converter
SysInfoTools Software
 
SysInfoTools Merge NSF
SysInfoTools Merge NSFSysInfoTools Merge NSF
SysInfoTools Merge NSF
SysInfoTools Software
 

Recommended

Fcm rapid-install-11122-1634210
Fcm rapid-install-11122-1634210Fcm rapid-install-11122-1634210
Fcm rapid-install-11122-1634210
raman pattanaik
 
Readme
ReadmeReadme
ReadmeMarcus Zinn
 
SysInfoTools Eml to PST Converter
SysInfoTools Eml to PST ConverterSysInfoTools Eml to PST Converter
SysInfoTools Eml to PST Converter
SysInfoTools Software
 
SysInfoTools MSG to PST Converter
SysInfoTools MSG to PST ConverterSysInfoTools MSG to PST Converter
SysInfoTools MSG to PST Converter
SysInfoTools Software
 
SysInfoTools DBF File Repair
SysInfoTools DBF File RepairSysInfoTools DBF File Repair
SysInfoTools DBF File Repair
SysInfoTools Software
 
SysInfoTools MBOX Converter
SysInfoTools MBOX ConverterSysInfoTools MBOX Converter
SysInfoTools MBOX Converter
SysInfoTools Software
 
SysInfoTools MSG to EML Converter
SysInfoTools MSG to EML ConverterSysInfoTools MSG to EML Converter
SysInfoTools MSG to EML Converter
SysInfoTools Software
 
SysInfoTools Merge NSF
SysInfoTools Merge NSFSysInfoTools Merge NSF
SysInfoTools Merge NSF
SysInfoTools Software
 
Windows firewall
Windows firewall Windows firewall
Windows firewall
sameer farooq
 
SysInfoTools PST to NSF Converter
SysInfoTools PST to NSF ConverterSysInfoTools PST to NSF Converter
SysInfoTools PST to NSF Converter
SysInfoTools Software
 
SysInfoTools Exchange to Lotus Notes Converter
SysInfoTools Exchange to Lotus Notes ConverterSysInfoTools Exchange to Lotus Notes Converter
SysInfoTools Exchange to Lotus Notes Converter
SysInfoTools Software
 
SysInfoTools Add Outlook PST
SysInfoTools Add Outlook PSTSysInfoTools Add Outlook PST
SysInfoTools Add Outlook PST
SysInfoTools Software
 
Pws altboot
Pws altbootPws altboot
Pws altboot
Eanes Sabino
 
Toyotaotcvimgtssoftwareoverview 160525025652
Toyotaotcvimgtssoftwareoverview 160525025652Toyotaotcvimgtssoftwareoverview 160525025652
Toyotaotcvimgtssoftwareoverview 160525025652
Chatchai Nuanhing
 
Windows Firewall & Its Configuration
Windows Firewall & Its ConfigurationWindows Firewall & Its Configuration
Windows Firewall & Its Configuration
Soban Ahmad
 
Project Pt1
Project Pt1Project Pt1
Project Pt1Emmanuel McCain
 
manual vvtk camera_st7501
manual vvtk camera_st7501manual vvtk camera_st7501
manual vvtk camera_st7501
TSOLUTIONS
 
GeoVision : Video Management Solutions : Open Windows Firewall to allow Webca...
GeoVision : Video Management Solutions : Open Windows Firewall to allow Webca...GeoVision : Video Management Solutions : Open Windows Firewall to allow Webca...
GeoVision : Video Management Solutions : Open Windows Firewall to allow Webca...
TSOLUTIONS
 
Installation & Initial Configuration
Installation & Initial ConfigurationInstallation & Initial Configuration
Installation & Initial ConfigurationSyAM Software
 
TekSMTP Manual
TekSMTP ManualTekSMTP Manual
TekSMTP Manual
Yasin KAPLAN
 
Overview Of Windows Xp Service Pack 3
Overview Of Windows Xp Service Pack 3Overview Of Windows Xp Service Pack 3
Overview Of Windows Xp Service Pack 3ranjeetsg
 
To pass ite chapter 5 exam
To pass ite chapter 5 examTo pass ite chapter 5 exam
To pass ite chapter 5 exam
Ahmed Abdullah
 
Look trough your windows 10 privacy settings
Look trough your windows 10 privacy settingsLook trough your windows 10 privacy settings
Look trough your windows 10 privacy settings
Klaus Drosch
 
Como usar Order Specific Files
Como usar Order Specific FilesComo usar Order Specific Files
Como usar Order Specific Filesfaqrelion
 
WSUS30SP2StepbyStep
WSUS30SP2StepbyStepWSUS30SP2StepbyStep
WSUS30SP2StepbyStepFahad Noaman
 
Die Energiewende – Traum oder Trauma für die IT-Stromversorgung?
Die Energiewende – Traum oder Trauma für die IT-Stromversorgung?Die Energiewende – Traum oder Trauma für die IT-Stromversorgung?
Die Energiewende – Traum oder Trauma für die IT-Stromversorgung?
Thomas-Krenn.AG
 
Root-Server absichern - Webinar-Präsentation
Root-Server absichern - Webinar-PräsentationRoot-Server absichern - Webinar-Präsentation
Root-Server absichern - Webinar-Präsentation
Thomas-Krenn.AG
 
Пример индивидуального проекта
Пример индивидуального проектаПример индивидуального проекта
Пример индивидуального проекта
Юлия Середина
 
Scaffolding thinking through design
Scaffolding thinking through designScaffolding thinking through design
Scaffolding thinking through designLeslie Eaves
 
Peligros en las redes sociales
Peligros en las redes socialesPeligros en las redes sociales
Peligros en las redes sociales
Juancho Serra
 

More Related Content

What's hot

Windows firewall
Windows firewall Windows firewall
Windows firewall
sameer farooq
 
SysInfoTools PST to NSF Converter
SysInfoTools PST to NSF ConverterSysInfoTools PST to NSF Converter
SysInfoTools PST to NSF Converter
SysInfoTools Software
 
SysInfoTools Exchange to Lotus Notes Converter
SysInfoTools Exchange to Lotus Notes ConverterSysInfoTools Exchange to Lotus Notes Converter
SysInfoTools Exchange to Lotus Notes Converter
SysInfoTools Software
 
SysInfoTools Add Outlook PST
SysInfoTools Add Outlook PSTSysInfoTools Add Outlook PST
SysInfoTools Add Outlook PST
SysInfoTools Software
 
Pws altboot
Pws altbootPws altboot
Pws altboot
Eanes Sabino
 
Toyotaotcvimgtssoftwareoverview 160525025652
Toyotaotcvimgtssoftwareoverview 160525025652Toyotaotcvimgtssoftwareoverview 160525025652
Toyotaotcvimgtssoftwareoverview 160525025652
Chatchai Nuanhing
 
Windows Firewall & Its Configuration
Windows Firewall & Its ConfigurationWindows Firewall & Its Configuration
Windows Firewall & Its Configuration
Soban Ahmad
 
manual vvtk camera_st7501
manual vvtk camera_st7501manual vvtk camera_st7501
manual vvtk camera_st7501
TSOLUTIONS
 
GeoVision : Video Management Solutions : Open Windows Firewall to allow Webca...
GeoVision : Video Management Solutions : Open Windows Firewall to allow Webca...GeoVision : Video Management Solutions : Open Windows Firewall to allow Webca...
GeoVision : Video Management Solutions : Open Windows Firewall to allow Webca...
TSOLUTIONS
 
Installation & Initial Configuration
Installation & Initial ConfigurationInstallation & Initial Configuration
Installation & Initial ConfigurationSyAM Software
 
TekSMTP Manual
TekSMTP ManualTekSMTP Manual
TekSMTP Manual
Yasin KAPLAN
 
Overview Of Windows Xp Service Pack 3
Overview Of Windows Xp Service Pack 3Overview Of Windows Xp Service Pack 3
Overview Of Windows Xp Service Pack 3ranjeetsg
 
To pass ite chapter 5 exam
To pass ite chapter 5 examTo pass ite chapter 5 exam
To pass ite chapter 5 exam
Ahmed Abdullah
 
Look trough your windows 10 privacy settings
Look trough your windows 10 privacy settingsLook trough your windows 10 privacy settings
Look trough your windows 10 privacy settings
Klaus Drosch
 
Como usar Order Specific Files
Como usar Order Specific FilesComo usar Order Specific Files
Como usar Order Specific Filesfaqrelion
 
WSUS30SP2StepbyStep
WSUS30SP2StepbyStepWSUS30SP2StepbyStep
WSUS30SP2StepbyStepFahad Noaman
 

What's hot (17)

Windows firewall
Windows firewall Windows firewall
Windows firewall
 
SysInfoTools PST to NSF Converter
SysInfoTools PST to NSF ConverterSysInfoTools PST to NSF Converter
SysInfoTools PST to NSF Converter
 
SysInfoTools Exchange to Lotus Notes Converter
SysInfoTools Exchange to Lotus Notes ConverterSysInfoTools Exchange to Lotus Notes Converter
SysInfoTools Exchange to Lotus Notes Converter
 
SysInfoTools Add Outlook PST
SysInfoTools Add Outlook PSTSysInfoTools Add Outlook PST
SysInfoTools Add Outlook PST
 
Pws altboot
Pws altbootPws altboot
Pws altboot
 
Toyotaotcvimgtssoftwareoverview 160525025652
Toyotaotcvimgtssoftwareoverview 160525025652Toyotaotcvimgtssoftwareoverview 160525025652
Toyotaotcvimgtssoftwareoverview 160525025652
 
Windows Firewall & Its Configuration
Windows Firewall & Its ConfigurationWindows Firewall & Its Configuration
Windows Firewall & Its Configuration
 
Project Pt1
Project Pt1Project Pt1
Project Pt1
 
manual vvtk camera_st7501
manual vvtk camera_st7501manual vvtk camera_st7501
manual vvtk camera_st7501
 
GeoVision : Video Management Solutions : Open Windows Firewall to allow Webca...
GeoVision : Video Management Solutions : Open Windows Firewall to allow Webca...GeoVision : Video Management Solutions : Open Windows Firewall to allow Webca...
GeoVision : Video Management Solutions : Open Windows Firewall to allow Webca...
 
Installation & Initial Configuration
Installation & Initial ConfigurationInstallation & Initial Configuration
Installation & Initial Configuration
 
TekSMTP Manual
TekSMTP ManualTekSMTP Manual
TekSMTP Manual
 
Overview Of Windows Xp Service Pack 3
Overview Of Windows Xp Service Pack 3Overview Of Windows Xp Service Pack 3
Overview Of Windows Xp Service Pack 3
 
To pass ite chapter 5 exam
To pass ite chapter 5 examTo pass ite chapter 5 exam
To pass ite chapter 5 exam
 
Look trough your windows 10 privacy settings
Look trough your windows 10 privacy settingsLook trough your windows 10 privacy settings
Look trough your windows 10 privacy settings
 
Como usar Order Specific Files
Como usar Order Specific FilesComo usar Order Specific Files
Como usar Order Specific Files
 
WSUS30SP2StepbyStep
WSUS30SP2StepbyStepWSUS30SP2StepbyStep
WSUS30SP2StepbyStep
 

Viewers also liked

Die Energiewende – Traum oder Trauma für die IT-Stromversorgung?
Die Energiewende – Traum oder Trauma für die IT-Stromversorgung?Die Energiewende – Traum oder Trauma für die IT-Stromversorgung?
Die Energiewende – Traum oder Trauma für die IT-Stromversorgung?
Thomas-Krenn.AG
 
Root-Server absichern - Webinar-Präsentation
Root-Server absichern - Webinar-PräsentationRoot-Server absichern - Webinar-Präsentation
Root-Server absichern - Webinar-Präsentation
Thomas-Krenn.AG
 
Пример индивидуального проекта
Пример индивидуального проектаПример индивидуального проекта
Пример индивидуального проекта
Юлия Середина
 
Scaffolding thinking through design
Scaffolding thinking through designScaffolding thinking through design
Scaffolding thinking through designLeslie Eaves
 
Peligros en las redes sociales
Peligros en las redes socialesPeligros en las redes sociales
Peligros en las redes sociales
Juancho Serra
 
середовища передачі даних
середовища передачі данихсередовища передачі даних
середовища передачі даних
Toaderi Kelbea
 
Caballos finos presentacion
Caballos finos presentacionCaballos finos presentacion
Caballos finos presentacion
Maria fernanda Napoles Abad
 
After
AfterAfter
After
Laura Nuñez
 
Violencia de genero
Violencia de generoViolencia de genero
Violencia de genero
Magui zalazar
 
Normas de etiqueta en internet
Normas de etiqueta en internetNormas de etiqueta en internet
Normas de etiqueta en internet
nataliatdc
 
ADEKOYA OLUMAYOWA OLUFEMI CV
ADEKOYA OLUMAYOWA OLUFEMI CVADEKOYA OLUMAYOWA OLUFEMI CV
ADEKOYA OLUMAYOWA OLUFEMI CVadekoya olumayowa
 
Virus
VirusVirus
Virus
Juancho Serra
 

Viewers also liked (13)

Die Energiewende – Traum oder Trauma für die IT-Stromversorgung?
Die Energiewende – Traum oder Trauma für die IT-Stromversorgung?Die Energiewende – Traum oder Trauma für die IT-Stromversorgung?
Die Energiewende – Traum oder Trauma für die IT-Stromversorgung?
 
Root-Server absichern - Webinar-Präsentation
Root-Server absichern - Webinar-PräsentationRoot-Server absichern - Webinar-Präsentation
Root-Server absichern - Webinar-Präsentation
 
Пример индивидуального проекта
Пример индивидуального проектаПример индивидуального проекта
Пример индивидуального проекта
 
Scaffolding thinking through design
Scaffolding thinking through designScaffolding thinking through design
Scaffolding thinking through design
 
Peligros en las redes sociales
Peligros en las redes socialesPeligros en las redes sociales
Peligros en las redes sociales
 
середовища передачі даних
середовища передачі данихсередовища передачі даних
середовища передачі даних
 
Caballos finos presentacion
Caballos finos presentacionCaballos finos presentacion
Caballos finos presentacion
 
4497.full
4497.full4497.full
4497.full
 
After
AfterAfter
After
 
Violencia de genero
Violencia de generoViolencia de genero
Violencia de genero
 
Normas de etiqueta en internet
Normas de etiqueta en internetNormas de etiqueta en internet
Normas de etiqueta en internet
 
ADEKOYA OLUMAYOWA OLUFEMI CV
ADEKOYA OLUMAYOWA OLUFEMI CVADEKOYA OLUMAYOWA OLUFEMI CV
ADEKOYA OLUMAYOWA OLUFEMI CV
 
Virus
VirusVirus
Virus
 

Similar to Merged document

Windows splunk logging cheat sheet Oct 2016 - MalwareArchaeology.com
Windows splunk logging cheat sheet Oct 2016 - MalwareArchaeology.comWindows splunk logging cheat sheet Oct 2016 - MalwareArchaeology.com
Windows splunk logging cheat sheet Oct 2016 - MalwareArchaeology.com
Michael Gough
 
Handson1 6 federp
Handson1 6 federpHandson1 6 federp
Handson1 6 federp
federpmatc
 
Windows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeology
Windows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeologyWindows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeology
Windows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeology
Michael Gough
 
3 App Compat Win7
3 App Compat Win73 App Compat Win7
3 App Compat Win7
llangit
 
Monitoring of computers
Monitoring of computers Monitoring of computers
Monitoring of computers
carlosrudy_45
 
VMS Troubleshooting Guide
VMS Troubleshooting GuideVMS Troubleshooting Guide
VMS Troubleshooting GuideMichael Dotson
 
Network Administration
Network AdministrationNetwork Administration
Network Administrationbutest
 
Manual BASE Insight Lite Edition (En)
Manual BASE Insight Lite Edition (En)Manual BASE Insight Lite Edition (En)
Manual BASE Insight Lite Edition (En)
BeAnywhere
 
Windows logging cheat sheet
Windows logging cheat sheetWindows logging cheat sheet
Windows logging cheat sheet
Michael Gough
 
Smart Printing Technical Presentation
Smart Printing Technical PresentationSmart Printing Technical Presentation
Smart Printing Technical Presentation
JohnTileyITQ
 
Server-410_RatanMohapatra
Server-410_RatanMohapatraServer-410_RatanMohapatra
Server-410_RatanMohapatraRatan Mohapatra
 
Windows 7 Seminar - Acend Corporate Learning
Windows 7 Seminar - Acend Corporate LearningWindows 7 Seminar - Acend Corporate Learning
Windows 7 Seminar - Acend Corporate Learning
Acend Corporate Learning
 
John
JohnJohn
John
Lindsey Rivera
 
Forti gate troubleshooting_guide_v0.10
Forti gate troubleshooting_guide_v0.10Forti gate troubleshooting_guide_v0.10
Forti gate troubleshooting_guide_v0.10Phong Nguyễn
 
Training Alcatel-Lucent WDM PSS 183x
Training Alcatel-Lucent WDM PSS 183xTraining Alcatel-Lucent WDM PSS 183x
Training Alcatel-Lucent WDM PSS 183x
Abdelilah CHARBOUB
 
SOP - 2013 Server Build
SOP - 2013 Server BuildSOP - 2013 Server Build
SOP - 2013 Server BuildRobert Jones
 
HP ArcSight Logger Forwarding Connector for HP NNMI Configuration Guide 5.2.1...
HP ArcSight Logger Forwarding Connector for HP NNMI Configuration Guide 5.2.1...HP ArcSight Logger Forwarding Connector for HP NNMI Configuration Guide 5.2.1...
HP ArcSight Logger Forwarding Connector for HP NNMI Configuration Guide 5.2.1...
Protect724manoj
 
Operating System & Utility Programme
Operating System & Utility ProgrammeOperating System & Utility Programme
Operating System & Utility Programme
bbp2067
 

Similar to Merged document (20)

Windows splunk logging cheat sheet Oct 2016 - MalwareArchaeology.com
Windows splunk logging cheat sheet Oct 2016 - MalwareArchaeology.comWindows splunk logging cheat sheet Oct 2016 - MalwareArchaeology.com
Windows splunk logging cheat sheet Oct 2016 - MalwareArchaeology.com
 
Handson1 6 federp
Handson1 6 federpHandson1 6 federp
Handson1 6 federp
 
Windows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeology
Windows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeologyWindows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeology
Windows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeology
 
3 App Compat Win7
3 App Compat Win73 App Compat Win7
3 App Compat Win7
 
Monitoring of computers
Monitoring of computers Monitoring of computers
Monitoring of computers
 
PRTG
PRTGPRTG
PRTG
 
VMS Troubleshooting Guide
VMS Troubleshooting GuideVMS Troubleshooting Guide
VMS Troubleshooting Guide
 
Network Administration
Network AdministrationNetwork Administration
Network Administration
 
Manual BASE Insight Lite Edition (En)
Manual BASE Insight Lite Edition (En)Manual BASE Insight Lite Edition (En)
Manual BASE Insight Lite Edition (En)
 
Windows logging cheat sheet
Windows logging cheat sheetWindows logging cheat sheet
Windows logging cheat sheet
 
Smart Printing Technical Presentation
Smart Printing Technical PresentationSmart Printing Technical Presentation
Smart Printing Technical Presentation
 
Server-410_RatanMohapatra
Server-410_RatanMohapatraServer-410_RatanMohapatra
Server-410_RatanMohapatra
 
Windows 7 Seminar - Acend Corporate Learning
Windows 7 Seminar - Acend Corporate LearningWindows 7 Seminar - Acend Corporate Learning
Windows 7 Seminar - Acend Corporate Learning
 
John
JohnJohn
John
 
Forti gate troubleshooting_guide_v0.10
Forti gate troubleshooting_guide_v0.10Forti gate troubleshooting_guide_v0.10
Forti gate troubleshooting_guide_v0.10
 
Aruba cppm 6_1_user_guide
Aruba cppm 6_1_user_guideAruba cppm 6_1_user_guide
Aruba cppm 6_1_user_guide
 
Training Alcatel-Lucent WDM PSS 183x
Training Alcatel-Lucent WDM PSS 183xTraining Alcatel-Lucent WDM PSS 183x
Training Alcatel-Lucent WDM PSS 183x
 
SOP - 2013 Server Build
SOP - 2013 Server BuildSOP - 2013 Server Build
SOP - 2013 Server Build
 
HP ArcSight Logger Forwarding Connector for HP NNMI Configuration Guide 5.2.1...
HP ArcSight Logger Forwarding Connector for HP NNMI Configuration Guide 5.2.1...HP ArcSight Logger Forwarding Connector for HP NNMI Configuration Guide 5.2.1...
HP ArcSight Logger Forwarding Connector for HP NNMI Configuration Guide 5.2.1...
 
Operating System & Utility Programme
Operating System & Utility ProgrammeOperating System & Utility Programme
Operating System & Utility Programme
 

Recently uploaded

Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Dr.Costas Sachpazis
 
power quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptxpower quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptx
ViniHema
 
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxCFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
R&R Consult
 
ML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptxML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptx
Vijay Dialani, PhD
 
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Teleport Manpower Consultant
 
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
obonagu
 
ASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdfASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdf
AhmedHussein950959
 
HYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generationHYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generation
Robbie Edward Sayers
 
English lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdfEnglish lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdf
BrazilAccount1
 
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
bakpo1
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
zwunae
 
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdfGoverning Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
WENKENLI1
 
road safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdfroad safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdf
VENKATESHvenky89705
 
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdfHybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
fxintegritypublishin
 
block diagram and signal flow graph representation
block diagram and signal flow graph representationblock diagram and signal flow graph representation
block diagram and signal flow graph representation
Divya Somashekar
 
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
Amil Baba Dawood bangali
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
Neometrix_Engineering_Pvt_Ltd
 
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdfGen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdf
gdsczhcet
 
The role of big data in decision making.
The role of big data in decision making.The role of big data in decision making.
The role of big data in decision making.
ankuprajapati0525
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation & Control
 

Recently uploaded (20)

Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
 
power quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptxpower quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptx
 
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxCFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
 
ML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptxML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptx
 
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
 
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
 
ASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdfASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdf
 
HYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generationHYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generation
 
English lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdfEnglish lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdf
 
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
 
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdfGoverning Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
 
road safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdfroad safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdf
 
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdfHybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
 
block diagram and signal flow graph representation
block diagram and signal flow graph representationblock diagram and signal flow graph representation
block diagram and signal flow graph representation
 
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
 
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdfGen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdf
 
The role of big data in decision making.
The role of big data in decision making.The role of big data in decision making.
The role of big data in decision making.
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
 

Merged document

  • 1. LOG ANALYSIS ON WINDOWS EVENT LOG FILES ASSIGNMENT SUBMITTED BY- Sreeja Swaminathan Puthan REG NO -RA1512023010015 BRANCH&SPECIFICATION - II M.TECH ISCF
  • 2. 1 LOG ANALYSIS ON WINDOWS EVENT LOG FILES Log Analysis: Log files are used to maintain a record of activities, e.g. activities of the operating system, certain applications, etc. Log files come in various formats, in general these formats can be divided in the following categories:  Binary formats  Text-based formats  in-database Event Viewer: On Windows the event logs can be managed with "Event Viewer" (eventvwr.msc) or "Windows Events Command Line Utility" (wevtutil.exe). Event Viewer can represent the EVTX files in both “general view” (and formatted view) and "details view" (which has both a "friendly view" and "XML view"). Note that the formatted view can hide significant event data that is stored in the event record and can be seen in the detailed view. If you export an event log from Event Viewer additional "display information" can be exported. This display information is stored in a corresponding file named: LocaleMetaData%FILENAME%_%LCID%.MTA Where LCID is the "locale identifier". To view the Windows Setup event logs 1. Start the Event Viewer, expand the Windows Logs node, and then click System. 2. In the Actions pane, click Open Saved Log and then locate the Setup.etl file. By default, this file is available in the %WINDIR%Panther directory. 3. The log file contents appear in the Event Viewer.
  • 3. 2 Fig-1: using open saved log in even viewer to display the saved log file for analysis To Export the log to a file From the command line, use the Wevtutil or Tracerpt commands to save the log to an .xml or text file. For information about how to use these tools, see the command-line Help. The following commands show examples of how to use the tools: Tracerpt /l C:windowspanthersetup.etl Fig-2: To dump the contents displayed in the event viewer using tracerpt into summary.txt
  • 4. 3 Fig-3: Summary.txt path and file opened Fig-4: For convenience the file is analyzed using notepad++
  • 5. 4 LOG ANALYSIS USING LOG PARSER LIZARD AND LOG PARSER 2.2 Download and Install Log Parser lizard and Log Parser 2.2 from https://www.microsoft.com/en-us/download/details.aspx?id=2465 Fig-5: Querying for event types from System Fig-6: Displaying the result table for event type from System ERROR EVENTS: Below figure shows the list of error events occurred in event viewer
  • 6. 5 Fig-5: Query to display all the error event type log from system Fig-6: Displaying the error event log from System Fig-7: Query to display the event type 10010 from system
  • 7. 6 Fig-8: Displaying the result for the 10010 event type DCOM- 10010 event Id error usually causes due to incorrect permissions. To solve the DCOM-10010 following steps will help. 1. In the %windir%/registration folder, make sure that the Everyone group has Read permissions. 2. In the %windir%/registration folder, make sure that the SYSTEM account has Full Control permissions. 3. In the %windir%/registration folder, make sure that the Administrators group has Full Control permissions. 4. In the advanced security properties of the .clb files in the %windir%/registration folder, make sure that the Allow inheritable auditing entries from the parent to propagate to this object and all objects. Include these with entries explicitly defined here option is selected. 5. Make sure that the Everyone group has one of the following permissions: •Traverse permissions (“List Folder Contents”) on all parent directories, including %systemdrive%, %windir%, and %windir%registration •The Bypass traverse checking user right To assign the Bypass traverse checking user right to the Everyone group, follow these steps: 1. Click Start, click Run, type gpedit.msc, and then click OK. 2. Expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then expand User Rights Assignment. 3. Right-click Bypass traverse checking, and then click Properties. 4. Click Add User or Group. 5. Type Everyone and click ok Fig 9: time generated when dcom error occurred in the system
  • 8. 7 Event type-1001, BugCheck System reboots itself showing A BLUE SCREEN due to KERNEL CRASH in Windows.  We can change some settings to let the system show the error message.  Right click the My Computer icon on the desktop and choose Properties. On the Advanced table, click Startup and Recovery. In that dialog uncheck "Automatically reboot".  Make sure you check "Write an event to the system log" and "send an administrative alert".  In the Write Debugging Information section, choose "Complete Memory Dump" from the drop list. Then the file path is: %SystemRoot%MEMORY.DMP Fig 10- Event id 17, source BTHUSB The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver had been unloaded.
  • 9. 8 Fig 11- Event I D – 2505, server error display The server could not bind to the transport Device<device name> because another computer on the network has the same name. The server could not start. Fig 12- Event ID -6008 and it’s a event log error This occurs due to unexpected shutdown of the device previously. Fig 13- Error occurred due to service control manager and event id-7023. Service Control Manager (SCM) stops services and driver services. It also reports when services terminate unexpectedly or fail to restart after it takes corrective action.
  • 10. 9 Fig 13-The system detected an address conflict for IP address 192.168.1.10 with the system having network hardware address E0-2C-B2-F2-50-CA. Network operations on this system may be disrupted as a result. Fig 14- Service control manager failure log on service. The SSDP Discovery service failed to start due to the following error: %%1069 When a service does not start because of a logon failure or when you uninstall Windows XP Service Pack 3 from your computer, you may receive either of the following error messages in the system event log after you restart the computer. This behavior can occur if you configure the service to log on to a user account, and any of the following conditions are true:  The right to log on as a service is revoked for the specified user account.  The password is changed on the user account that the service uses to log on.  The password data in the registry is damaged.
  • 11. 10 Warning events: Fig 15- Obtaining all the warning events from system using event viewer Fig 16- Querying for warning events using Log parser Lizard . Fig 17- Displaying 10 warning events from system for Event ID -1
  • 12. 11 This Problem seem to be logged in the case that a VMWare software solution (like VMWare Workstation or VMWare Server) is installed on a host inside a network where there is already a DHCP-server configured. In most cases you can safely stop the VMWare DHCP- service and use your own DHCP-service. Fig 18- Event ID -1014, Microsoft windows dns client –Source  TCP/IP Offload is enabled for a network adapter  TCP/IP v6 is enabled and their ISP does not yet support TCP/IP v6.  The spanning tree “portfast" setting is not enabled on your servers switch ports.  Router and PC communicating on different channel or standard. Method one: Disable RSS, Autotuning, and Taskoffload 1. Run the following command in an elevated command prompt in Windows 7: netsh interface tcp set global rss=disabled netsh interface tcp set global autotuninglevel=disabled netsh int ip set global taskoffload=disabled 2. Disable the Scalable Networking Pack (SNP) in Windows 7 by changing the registry settings as follows: Perform a full-system backup before you disable the SNP. [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters] EnableTCPChimney=dword:00000000 EnableTCPA=dword:00000000 EnableRSS=dword:00000000
  • 13. 12 If the registry keys do not exist, create them, and then assign the previous values. Method two : Disable TCP/IP v6 To disable TCP/IP v6 1. Click Start, click Control Panel, click Network and Internet, and then click View network status and tasks. 2. In the left pane, click Manage Network Connections. 3. Right-click Local Area Connection, and then click Properties. 4. In the pop-up box, clear the Internet Protocol Version 6 (TCP/IPv6) check box. 5. Click OK, and then restart your computer. To enable Tcp IP 1. Follow steps 1 through 3 in the previous procedure. 2. In the pop-up box, select the Internet Protocol Version 6 (TCP/IPv6) check box. 3. Click OK, and then restart your computer. Method three: Enable the spanning tree portfast setting in your router This action varies depending on your infrastructure router. Consult your manufacturer for further details. Method four: Set you router and PC to communicate on same channel and standard manually 1. Go to your router admin page which should be 192.168.1.1 (confirm with router manufacturer). 2. Navigate to Wi-Fi settings and choose a channel which should comply with your location, for ex: 11. Save. 3. Choose Standard to broadcast Wi-Fi signal as G only not abgn, bgn, gn (If your router is N capable and any PC in your home/office is only G ready). Save. 4. Go to your PC Network and Sharing Center (Windows 7) and Click on Change Adapter Settings, select you Wi-Fi adapter, right click and choose Properties. 5. In pop up window select Configure, in next window click on Advance tab and browse
  • 14. 13 settings there and choose same channel you choose in you router for ex: 11 and the same standard as G not abgn, bgn or gn. Save and Exit. Fig 19- An error was detected on device DeviceHarddisk1DR2 during a paging operation. Fig 20- Event Id – 4229 and warning occurred from source – Tcp I P TCP/IP when detects high memory utilization it terminates some existing system connections to maintain stability. Fig 21- Warning event occurred due to event id- 1073 from source- User 32 This is a warning event occurred due to user’s attempt to shut down or restarting the computer has been failed. This issue occurs because the ExitWindowsEx function does not handle the EWX_LOGOFF flag correctly.