Over 1 million tech questions and answers.

Microsoft.TriGateway causing Event 4776 every few seconds on all Domain Controllers

Q: Microsoft.TriGateway causing Event 4776 every few seconds on all Domain Controllers

After the 1.9 upgrade we got an Timeline event about Brute Force attacks.
When investigating and looking at Event Logs >Security I started to panic when noticing 4776 errors against user: "administrator" and the source workstation was always a domain controller.
This would happen every few seconds. Stopping the ATA gateway service on the domain controllers stopped this behaviour.
Any ideas or recommendations?
The computer attempted to validate the credentials for an account.

Logon Account: [email protected]
Source Workstation: DC4
Error Code: 0xc0000064

Read other answers
Preferred Solution: Microsoft.TriGateway causing Event 4776 every few seconds on all Domain Controllers

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)


Can Microsoft please provide methodology for setting up Windows Event forwarding (Sender initiated) for a Domain Controller based on a Windows Server 2012 R2 Core installation? Unfortunately all of your documentation relies on using the local Event
Viewer GUI to set this up. Connecting Event Viewer from a full Server 2012 installation to a Core Installation loses this ability entirely. The only option I've tried to employ so far leverages an .xml file, but I am not sure it is working correctly.

Please note: this is for Windows Security Event ID 4776 ingestion.

Read other answers

can't find a forum on security logs, hope someone can help me here.
Monitoring logs from my clients I noticed a peak of event 4776 from a client, it lasted for about one hour: about 2500 events per minute.
All the logs have error code 0xc000006A = user name is correct but the password is wrong.
I can't see any evidence of malicious activity on the client. How can I continue my investigation to understand what happened?
Thank you in advance.

Read other answers


If I use WEF,is it required to configure the DC and member server to forward Event ID 4776 ?

Or the DC only ?

Read other answers

When dealing with Event-ID 4776 is ATA interested in failed or successfull (or both) credential validation events ?

Read other answers

Hello, All,

First of all, I am very excited to be deploying ATA 1.6 in our environment. I am glad to see that the product is being fitted with so many features.
The absolute highlight of this release must be the Lightweight Gateway. For us, having a gateway for each Virtual Host that hosted a DC in our organization would have been a big headache with the previous version of ATA. We can now avoid that step with the
lightweight gateway.
One thing that I've not been able to determine by looking at documentation or the forums is whether we still need to do Event Forwarding of Event ID 4776 if all DC's are equipped with a Lightweight Gateway. Does the lightweight gateway also read events,
or do we have to enable the gateway as an event forwarding destination in ATA and then configure event forwarding from one ATA lightweight GW to the next or even to itself (I am not even sure if this makes any sense?)
I know better than assuming something that I haven't seen in documentation so I thought I would ask.

Read other answers

Hi Just installed the latest version of Windows 2003 for Small Business (Sp1)

I have installed this OS on a new Fujitsu PRIMERGY TX150 S4.

Now I want just to use this Server as a server on a Workgroup. But the OS insists that it should be the Domain Controller. And then it just shuts it self down. Below is a log from the event viewer. Is there a way around this or will I have to bow down to the might of Microsoft. Just don't really want to configure the entire Lan from workgroup to Domain
Event ID 1014
Source SBCore

This computer must be configured as a domain controller. It will be shut down in 30 minutes. To prevent this computer from shutting down, run Setup on the disk that you used to install the operating system to configure the computer as a domain controller.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

A:Domain Controllers - Can anyone help please

Read other 8 answers

We have a primary and secondary domain controller on our network. We use a windows 2000 exchange server as our primary controller and another server as our secondary controller. to start, the active directories are not the same, as they should be between the two servers. how do i fix that?

the other problem I am starting to have is that the Windows xp client machines can't find the domain after being rebooted. I end up having to rejoin the domain in order to get the client machines to log on. If the client logs off, without rebooting, logging back onto the domain is no problem. I think this has something to do with the clients trying to log onto the secondary controller for some reason, and since the active directories arent sync'd, its only causing more problems...can anyone shed some light on the subject? thanks.

A:Domain Controllers

Hey DVation, sounds like you need to force replication for Active Directory between your Primary and Secondary domain controllers. Only members of Domain Admins or Enterprise Admins groups can perform this function unless you have been delegated the appropropriate permissions.
Refer to the following link for details:
As far as your XP machines go, make sure that your DNS suffix for each PC is correct and that your IP, DNS, and Gateway addresses are correct. Windows 2000/XP use DNS for name resolution in an Active Directory environment. Also, is Active Directory running in Mixed Mode or Native Mode?

Read other 3 answers

I have quite a number of DC's and the configuration of port mirroring is something that we just cant take on.

I understand there is going to be a release of ATA where the port mirroring is not a requirement and an agent will take that role on the DC.

Anyone heard of this?

Read other answers

Actually, I have 2 DC's 1 Threat Management Gateway, 1 Windows Server (Web Server), 1 Windows Storage Server, 2 Exchange servers and 1 Sharepoint Server and 2 Hyper-V servers. ALL Running Server 2008 R2

Should I be upgrading any of these to SP1?

A:Upgrade Domain Controllers to SP1 or not

Hello Abuttino,

I would recommend to wait until the "official" SP1 RTM is released by Microsoft sometime this first quarter of 2011. Afterwards, it should be available in Windows Update, and for download (standalone version) directly from Microsoft.

Hope this helps,

Read other 2 answers


I have an older 2000 server which is a domain controller, I can not for the life of me figure out how to demote the machine so i can rejoin it to a new domain. I do not need two domain controllers in this network.
any ideas on how to? i already tried start>run>dcpromo

I decided to post here since i didn't see a section for server 2000. thanks

A:problems with Domain controllers

Read other 7 answers


I just swapped out domain controllers and am now having synchronizing issues. It is still looking for the old server that i just replaced and i cant make it look for the new one. Does anyone have any suggestions?


Read other answers

I have only got 2 domain controllers on my network, the primary server deals with all my DNS, file charing etc, server2 is our proxy server but also doubles up as a backup domain controller.
The problem is server2 cannot update active directory from server1
i get the following message when trying to connect to server1 from server2
"The domain controller server1 was not validated because. The RPC server is unavailable"
I am also getting plenty of error events on both servers, the error i am getting on server1 is event 1645
"The Directory Service received a failure while trying to perform an authenticated RPC call to another Domain Controller. The failure is that the desired Service Principal Name (SPN) is not registered on the target server. The server being contacted is daa52d87-1d82-44f1-b032-a6930524e669._msdcs.isenterprisesintl.co.uk. The SPN being used is E3514235-4B06-11D1-AB04-00C04FC2DCD2/daa52d87-1d82-44f1-b032-a693[email protected]
Please verify that the names of the target server and domain are correct. Please also verify that the SPN is registered on the computer account object for the target server on the KDC servicing the request. If the target server has been recently promoted, it will be necessary for knowledge of this computer's identity to replicate to the KDC before this computer can be authenticated. "
I have looked this up on ms.com and found an article explaing a hotfix will fix this. All updates are installed, so it obvious... Read more

A:Domain controllers cant replicate

just been running a few more checks and have seen a descrepancy between the 2 servers
Schema server = server1
Domain server = server1
PDC server = server1
RID server = server1
Infrastructure server = server1
Schema server = server1
Domain server = server1
PDC server = server1
RID server = server1
Infrastructure server = server2 ---- ????

I have tried to change this setting on server2 in active directory operations masters, but it says
"The current domain controller is the operations master. To transfer the operations master role to another computer, you must first conenct to it"
But it wont let me connect to the other DC because it cant find the RPC server!!! argghh
is there another way to alter these settings?? anyone??

Read other 1 answers

Unless i am missing something we cant "detect" a new domain controller added to a enviroment as this is a "regular" task , not sure if admin logging on to new server would trigger in a enviroment that have been running more than 30 days

Adding Domain Controllers to sentisive groups
Listing Domain Controllers not monitored by ATA
List newly created/removed domain controllers

Would be a great feature for future versions

Read other answers

Hope this belongs here............

I have some questions regarding changing the hardware in my domain controller. Im basically rebuilding it with new Processor, RAM, Mobo, etc.
Its just a desktop computer running Windows Server 2003. I plan to keep all the names of the machine and IP/domain the same. Is there anything I need to lookout for by doing this? I dont want to lose my active directory and user accounts on the machines that rely on this domain controller. Can I just build the new server, set it up as a domain controller with all the same settings and the computers will be aable to log into the new controller with the same users?

A:Changing Domain Controllers

Read other 6 answers

i configured a domain controller on my virtualbox and i want to connect another DC to it. the guest machine is windoms 8. the network adapter i used is NAT. first DC IP:192,168,5.2, Gateway:, Subnet mask: and DNS as the gateway IP. for the second domain controller, server IP:, gateway: and DNS as the IP of the first DC.. dont know why they are not communicating with each other. The moment i run dcpromo on the second DC it comes up with an error message to check my DNS and the domain name...it comes with this error too, 0x000005B4_TIMEOUT.....CAN ANYONE HELP

Read other answers

Hi everybody,
after my last Implementation of ATA (one week ago) I got a strange "condition". It's an implementation with LWGW on all DCs (Server 2012 R2), no seperate gateway installation.
Everything worked like a charm, as always, just worked through the deployment guide. We get alerts on DNS Enums or suspitious AD requests. We see logons on different member servers and clients if we search for them. We see changes to security groups and
we even see if I create a new service on one of the DCs so I guess event forwarding works.
What we don't see: Any logons on the domain controllers. It doesn't matter if I rdp into one of the DCs or via console. If I search for one of the domain controllers and let ATA show the "profile page" of it, the timeline ist just empty. Tried
different DCs, different user accounts, even created new users and new domain admins. ATA doesn't recognize any logon on domain controllers.
I appreciate any hints.


Thanks, regards, tim

Read other answers

I was excited to see that the new ATA 1.6 has a Lightweight Gateway that no longer requires port mirroring by installing it directly on the Domain Controllers. This makes total sense to me and gives me confidence in this ATA team. We have VMWare
and the port mirroring was an issue.
However, we are not excited about the .NET requirement on the Domain Controllers. The installation does indicate it is needed for the setup, but does anyone know if we can uninstall the .NET component once the installation is complete? Any thoughts?

Read other answers

Hi All,
I am trying to configure ATA Lightweight gateway on additional domain controller. I am getting the error.
The Console, https://ata.domain.com,  returned an error while attempting to register  the gateway. For more details, please review the Center error logs.

I can open https://ata.domain.com from the DC without any issue and the Port required for the communication is open.
There is no error in Application or system logs on DC or ATA server.
Center error logs in ATA is also not pointing to any error.

Thank you for assistance.

Read other answers

At my work we have an active directory domain. In the root of this domain there are two domain controllers.

ie dc1.mywork.com, dc2.mywork.com

When users login, they always seem to get authenticated by dc2, as you can see the login script running from that server, and when we shut down dc2, no one can login.

(have not shut down dc2 for any length of time to see if dc1 will eventually "take over" the login duties)

Where can I specify which server provides authentication for the domain? Or can I be assured that dc1 will take over for dc2 when dc2 goes down?

Read other answers

I have over 400 domain controllers. The initial look at ATA seemed to require port mirroring on the DC's and that was just impossible. I was told an agent of some type on the DC's was coming. Is that an option now?

Read other answers

i have been having this error for a couple days now and it also seems to be associated with another crash im getting from a game i play also.

first one is a memory dump blue screen issue and the other is just the game crashing.


Log Name:      Application
:        Microsoft-Windows-WMI
:          1/17/2015 10:53:52 AM
Event ID
:      10
Task Category
... Read more

A:Event ID 10 Event Filter Query Functionality CAUSING BLUE SCREEN

Still nothing responded on this.

Read other 1 answers

Hello guys

Every time i turn on my computer, log in, within a few seconds into the loading the desktop i get an error message saying "services and controller app has encountered a problem and needs to close..." and shortly after that i get a system auto restart due to services.exe terminating.

It is very annoying and i believe i have malware..

Help is very much appreciated thank you.

A:Services&Controllers causing 60sec shutdown

bump. can someone please help me..

Read other 13 answers

I have the latest version of ATA - 1.9.7312.32791
I have deployed ATA Lightweight Gateway to many domain controllers throughout my organisation from exactly the same "Microsoft ATA Gateway setup.exe" with accompanying .json file in the same folder.

Nearly all the Domain Controllers have been Windows Server 2016 Core with a quiet install via command line.
The installation has worked perfectly with the exception of two domain controllers on the same physical subnet/site.
The installation error code in the log is:
Error [\[]TaskAwaiter[\]] System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
Failed to validate certificate thumbprint [\[]thumbprint=FC78E602AA1E8BF57CC2270E81788E5ADC511DF4[\]]

Seeing as every other installation worked fine, I suspect something must be blocking or interfering with the certificate being successfully negotiated back at the ATA centre
The likelyhood if being an error with the JSON file is extremely small as the failures occurred in the middle of the installation program, with successful implementations either side of the two that failed.

What can I get the network team to check regarding firewalls, network traffic or blocked ports?

Has anyone seen similar?

Thank you


Read other answers

I want to set all my domain controllers (DC and RDC) to pull time from time.windows.com. In order to achieve this I am planing to create a gp (Computer Configuration/Policies/Administrative Templates/System/Windows Time Service/Time Providers)and
link to Domain Controller OU.
My question is, is it the best thing to do, or is there any risk or best practices with respect to this.

Read other answers

I am attempting to lab up ATA 1.7.1, and am having a similar issue to the following ATA Forum thread: https://social.technet.microsoft.com/Forums/security/en-US/c817193a-9859-48fa-a208-eb644b17005b/service-on-lightweight-gateway-wont-start?forum=mata
Event viewer is showing that the service is attempting to restart, and the ATA logs are full of this error (occurs every 20 seconds):
2016-10-18 23:49:50.2983 856 5 00000000-0000-0000-0000-000000000000 Error [DirectoryServicesClient+<OnInitializeAsync>d__12] Microsoft.Tri.Infrastructure.ExtendedException: Domain controllers are not configured
at Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.<OnInitializeAsync>d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Tri.Infrastructure.Framework.Module.<InitializeAsync>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Tri.Infrastructure.Framework.ModuleManager.<OnInitializeAsync>d__4.MoveNext()
--- End of stack trace from previous location whe... Read more

Read other answers

I come to you again seeking help. We have a problem with our logon and startup to our Windows 7 Enterprise system. We have more than 3000 Windows Desktops situated in roughly 20+ buildings around
campus. Almost every computer on campus has the problem that I will be describing. I have spent over two months peering over etl files from Windows Performance Analyzer (A great product) and hundreds of thousands of event logs. I come to you today humbled
that I could not figure this out. The problem as simply put our logon times are extremely long. An average first time logon is roughly 2-10 minutes depending on the software installed. All computers are Windows 7, the oldest computers being 5 years old. Startup
times on various computers range from good (1-2 minutes) to very bad (5-60). Our second time logons range from 30 seconds to 4 minutes. We have a gigabit connection between each computer on the network. We have 5 domain controllers which also double as our
DNS servers.
My original posts on:
Technet: http://social.technet.microsoft.com/Forums/en/w7itproperf/thread/e8400dbe-e6b8-4b1d-8851-a03e7af32e6e
Reddit: http://www.reddit.com/r/sysadmin/comments/w5f38/network_logon_issues_with_group_policy_and/
I followed a lot of what you all told me to do from testing the domain controllers with dcdiag and also completing netlogon tests. I did group policy tests where I got rid of the group policy
and just did default policy and it only slightly fixed the prob... Read more

A:Major Network Logon Issues (8 Domain Controllers and 3.5 thousand workstations) DNS, Time Server, DHCP, and Group Policy Errors


I would like to suggest using Network Monitor to troubleshoot the issue.


Jeremy Wu
TechNet Community Support

Read other 4 answers

no info comes up with diagnosis/analysis for this URGENT item in Event Log...was directed to you for further assistance.      Add'l/same problem w/Event ID 100. Please advise ASAP?  Tnx, Karen


Read other answers

I have been fighting a problem with a new Windows 8 deployment for over 3 weeks now.

I need to deploy over 700 Windows 8 Pro systems by August 1 for a school corporation and I have been stalled on this one issue.

I am using Windows MDT2012 Update 1 for deployment. The computers I am deploying images to are Lenovo Thinkpad E530C and E531 laptops. I have deployed new images to about 40 laptops in a lab that all have experienced the problem.

The problem presents itself during a domain user logon to a Windows 8 Pro system. After the user types in their domain user name and password, the login process looks normal for the first 30 seconds. Then, instead of displaying the Start screen, the screen goes black for 10 minutes. After the 10 minute delay, the Start screen displays and everything runs normally.

The problem is random. It is not specific to any user account or laptop. Sometimes a user can log into a laptop with no problem and then the same user can log into the same laptop and get the 10 minute delay.

I opened a case with Microsoft Product Support on 7/15 but so far, that has gotten me no where. They gathered a ton of logs but did not give me any analysis. They examined my Group Policies and spent an hour on one of the systems that experienced the 10 minute delay during the login I started so I could get them set up with a remote session. So far, no solution.

I did some research of my own and came across the Windows Performance Toolkit in the Windows 8 SDK.
I ended... Read more

A:AUInstallAgent takes 600 seconds during domain logon

I do not have any experience with your situation, but it appears the information you are getting about the boot process is very basic. Did Microsoft suggest you run a utility called Process Monitor, which can be set to monitor the boot and create a log?

If not, I would go to the SysInternals site and download and run it. There are tutorials on how to set it up, but you can set it to monitor the boot sequence. In your situation, it will probably show something being done over and over, or time gaps where nothing is being done.

I am sure a Domain setup is different from normal user setup, but your might try disabling the service you mention (AllUserInstallAgent) for testing. It is disabled in a non-domain type install, or at least it is in 8.1

Sorry I can't help more.

Edit: I forgot to mention, just in case it might be relevant, that update KB2821895 made some fairly serious changes. You might want to check out the info page in the link. At the bottom it does state you will want to run DISM.exe prior to deployments.

A servicing stack update is available for Windows RT and Windows 8: June 2013

Read other 1 answers

Hi all, new to the sight but so far it has been very informative. I seem to have a problem with my system that is not uncommon. An svchost.exe process, I believe the sound driver, seems to have been infiltrated by some nasty buggers that dont want to die. I have currently running Panda Titanium and Ewido, neither of which has been able to deal with the problem. Specifically, the malware in question consumes 100% CPU every 10 seconds or so. If I end the svchost.exe process, the CPU usage returns to normal, but I have no sound. Any advice?

Here is the hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 12:56:03 PM, on 7/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program File... Read more

A:svchost.exe causing 100% cpu every 10 seconds

Sorry for the delay but we're a bit short handed at the moment. It's been sometime since the last hijackthis log is posted. If you still require assistance, please post a fresh hijackthis log. I'm subscribed to this thread & would be notified of your reply.

Read other 19 answers


I have some unusual and unsolved pc freeze for 1 1/2 years now, always the same and has never been fixed, reformat, sent in, new drives, updates, everything. Just once in a while during normal use or almost always during the use of the flash player (youtube.com eg.) or scrolling through a long file list in the explorer; the result is a frozen screen and a sound like porcelain or metal crashing down an echoing staircase (same sound repeating). - But this is not about that, just so you know that there are unsolved issues.

Today (09:43) my pc just stopped and rebooted. And so I checked a few things and found my way to the event viewer, where a warning was displayed:

Warning - WHEA-Logger - Event 17

I went to 'view all instances' and saw that I had over 15000 warnings of the same occurrence since I started my pc on Sunday 12:31.

The last search for an event like this (mostly with 3-4 warnings only) are about 2 years old, therefore I am opening a new thread.

I tried a few things:
- Updated all drivers
- Did different virus scans (kaspersky deep scan still running)
- Checked CPU temperature and cooling system
- Manually checked for new programs /changes in system files etc.

The general display of the Warning itself is:

A corrected hardware error has occurred.

Component: PCI Express Root Port
Error Source: Advanced Error Reporting (PCI Express)

Busevice:Function: 0x0:0x3:0x0
Vendor IDevice ID: 0x8086:0x340a
Class Code: 0x30400

The details view of this entry con... Read more

A:Warning - HWEA-Logger - Event 17 ; every 3 seconds and counting...

For WHEA-Logger errors I would suspect chipset drivers.

See if there is an updated version on the manufacturer's website. Just download and execute the chipset driver once you find it. It will tell you if it is already installed.

Read other 5 answers

Hey all

I don't know much about computers, but have been buying parts to build a new one lately, nothing special/expensive.. it's only been missing a graphics card and has ran fine without it, but it came today, and when plugged in the computer just shuts down about 3 seconds after I switch it on, I've looked for threads about this before but the problems all seem slightly different to mine

When I remove the graphics card again it works perfectly, so I think I can safely conclude that it's the problem, it has an independant power supply,which I don't have a cable for yet, but the instructions imply that it's optional? It also said something about disabling the motherboards graphics utilities if it has any built in, which I was told mine does, but I don't know how to do that

Maybe the cable is mandatory, maybe I just need to disable something, or maybe the graphics card isn't compatible? I'm hoping for any suggestions so I know what to do next

The card is an Inno 3D Nvidia GeForce 8500 series, 512MB DDR2 PCI Express, and the motherboard is a Foxconn 45CM-S.

Thankyou for your time

A:New graphics card causing shut down several seconds after switching it on, help?

you need to plug in the 6 pin power connectors for that card and if i remember right you can disable your on board graphics through device manager, try doing it through safe mode.

Read other 1 answers

I received a windows network error and went into events log and it has a warning on it. How do I resolve? do I need to assign a task to it or somehow delete. There are several events with warning from source Microsoft windows kernel processor power. Please

Read other answers

1) Ever since my Vostro 470 arrived in April, in my Windows application event log I get an error every fifteen seconds - always - from boot to shut down. The error is:
"ATI EEU Client event error" Application log, event ID: 16388, source: ATIeRecord
2) The driver crashes regularly and Windows has to restart it. The crash seems to happen mostly when Microsoft Office 2013 is animating, such as document scrolling, but can happen at any time and this maybe since I just use Office probably more than anything else. The error in this instance is:
"Display driver amdkmdap stopped responding and has successfully recovered."System log, Event ID: 4101, source: display, level: warning
I have the latest chipset and ATI display drivers from Dell's website.  Unfortunately, that driver seems to be very behind ATI's drivers, it's dated 4th July 2012 - version 8.981.0.0 (but the package itself is dated 2nd March 2013).  I have tried getting a newer driver from ATI - but it cannot detect the HD 7570 perhaps because it is an OEM device??  I cannot find any alternative driver.
I am running Windows 8 Pro, 64-bit and using the factory installation.  This problem occurred out-of-the-box before I made any changes at all.  I'm surprised a Dell desktop can leave the factory in this state.  One of the reasons I buy Dell is to feel assured that the PC will at least work, even if it's not a top performer.
Please advise.

A:ATI EEU Client event error every 15 seconds (Vostro 470, AMD Radeon HD 7570)

OK I can confirm that after nearly a week of use, including intensive business use, and a little gaming, having turned on all the extra options I had before turned off because of all of the issues, the latest drivers now seem to be working just fine.
Just to recap, I am now using Windows 8.1, have updated the BIOS to rev 12, installed the October updated drivers (video: of 30/08/2013) as well as the October updates of the network, chipset and audio drivers.
I have left the installed services including the "helper" (hinderer) services as they are - that is they ARE running.
I am not getting any display driver crashes, no errors in the event log.  I am quite certain too that my PC as a whole is performing much better than it did before, particularly in program loading, etc.  No idea why though and perhaps it is my imagination based on pure relief...?
Thanks everyone particularly Hammerklavier for your time and assistance!

Read other 26 answers

After removing one DC SERVER02 from my Windows 2003 SBS network the clients are now all bringing up the following message in the event log and the drive mappings are no longer working, even though there is a second DC SERVER01 still on the network.

Event ID: 1054
Source: Userenv
Type: Error
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted). Group Policy processing aborted.

Both servers are meant to have the same role as a DC so that if one server goes down then the other server will take over. Any ideas?

A:Event id 1054 after removing one Domain Controller.

SBS can be the only domain controller on a domain, you can only add member servers. I have the feeling the server you removed was acting as the domain controller. All of the scripts for mapping drives were on the DC Server02 since it will not replicate scripts to an SBS server.

Read other 3 answers

Having problems with a long time to login to the domain (server is Windows 2008.)  Login takes 7 to 15 minutes for one user's profile and only 6 seconds for the administrator. The system is an HP 4520s ProBook running Windows 7 64 bit, 4 Gb RAM, Intel
i5 CPU M460 @ 2.53 GHz. This is a new Win 7 laptop deployed about a week ago.
Ran MSCONFIG and disabled all non essential apps. User also had the desktop background set to point to multiple photos for a background slideshow.  Changed it to the standard Windows 7 background, which takes login time down to about 2 to
4 minutes.  The administrator and other logins for other users on this machine take only 6 to 30 seconds. 
Any ideas?

A:Windows 7 64 bit, domain login takes 7 to 15 minutes for one user's profile and 6 seconds for the administrator.

Hi Caro Boyd,
Thanks for the post!
In order to figure out which took a long time during the boot ,I recommend you use the
Process Monitor. Check which took the long time after winlogon.exe started.
MiyaThis posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer
your question. This can be beneficial to other community members reading the thread.

Read other 3 answers

Most of the time when starting/restarting my machine I will get the warning messages below in my event log. The three of them always appear together. Regardless of what the messages say I have full Internet connectivity and I am wondering if some process is trying to make an Internet connection before the network is fully initialized.

I realize it's only a warning but I'm curious what is causing this. I tried setting the Windows Update service to Automatic Delayed Start but that had no affect.


200 - A connection to the Windows Update service could not be established.
201 - A connection to the Windows Metadata and Internet Services (WMIS) could not be established.
202 - The Network List Manager reports no connectivity to the internet.

A:What is causing these warnings in my Event Log?

You would have to open each one up to find out. Are you running any kind of third party Internet Security Software?

Read other 3 answers

Can faulty heatsink cause computer to shut down within seconds of starting?

A:Faulty heatsink causing computer shut down within seconds of starting?

I'm not sure how you can have a faulty heatsink since it's essentially just a chunk of aluminum with fins. However, if it is not installed properly then yes, it could cause the problem you are seeing. The problem could be too much thermal grease or that the heatsink is not seated correctly. These kinds of problems can cause the CPU to overheat and shutdown.

Read other 3 answers

Microsoft Message Analyzer - Microsoft Security Event Logs - How to Group by IP Address and Sort Top talkers highest to lowest
I open a saved Microsoft Security Event Log evtx file and right click one of the event and group by IP address.
This gives me a count of how many security events is generated per IP Address.
However, I do not know how to sort highest to lowest the top talker. Basically, which IP address generated the most security events in my log file.

Read other answers

Hi, its a while since ive posted here and have started a new account becuse i dont seem to be able to log in under my old name...


i keep getting this crash, where, if i leave computer unattended for a while i come back and it has completely rebboted without shutting down. everytime i log back in i get the error message saying the system has suffered a crash or similar would you like to check for a solution. i click yes, but a solution is never found.

sometmes the crash happens every day. sometimes it happens fter i leave it in sleep mode. sometimes it doesnt happen for 3 or four days.

any help would be hugely appreciated.

today i discovered the event viewer and at the time of the crash i have

12/7/10 12.26:41 "kernal power - 41 - 63"

but i checked a while later and it seems there are errors all the time...

here is the log for the last few hours. at the bottom is the kernal power event.

Error 12/07/2010 16:05:23 CAPI2 4107 None
Error 12/07/2010 16:05:23 CAPI2 4107 None
Error 12/07/2010 16:05:00 CAPI2 4107 None
Error 12/07/2010 16:05:00 CAPI2 4107 None
Error 12/07/2010 16:05:00 CAPI2 4107 None
Error 12/07/2010 16:05:00 CAPI2 4107 None
Error 12/07/2010 16:04:02 CAPI2 4107 None
Error 12/07/2010 16:02:29 CAPI2 4107 None
Error 12/07/2010 16:02:29 CAPI2 4107 None
Error 12/07/2010 16:02:29 CAPI2 4107 None
Error 12/07/2010 16:02:28 CAPI2 4107 None
Error 12/07/2010 15:44:37 CAPI2 4107 None
Error 12/07/2010 15:05:00 CAPI2 4107 No... Read more

A:Random Kernal(41) Crash - event error every few seconds - massive help needed...

Error 12/07/2010 12:26:30 CAPI2 4107 None
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.co...throotstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Warning 12/07/2010 12:26:26 Wininit 11 None
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Error 12/07/2010 12:26:27 Eventlog 1101 Event processing
Audit events have been dropped by the transport. 0

Critical 12/07/2010 12:26:10 Kernel-Power 41 (63)
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Error 12/07/2010 12:26:25 BugCheck 1001 None
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000003b9, 0x0000000000000002, 0x0000000000000000, 0xfffff80002b0f6e5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071210-26738-01.

Error 12/07/2010 12:26:19 EventLog 6008 None
The previous system shutdown at 12:24:00 on ‎12/‎07/‎2010 was unexpected.

Error 12/07/2010 12:11:35 CAPI2 4107 None
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.co...throotstl.cab> with error: A required certificat... Read more

Read other 17 answers

Hey guys,

This error started happening only on computers with 1511 installed. The original RTM of Windows 10 doesn't do this, nor do Windows 7, 8 and 8.1. I tried some Google searches but all I see are relevant to 7 or 8, not Windows 10. It must have been something changed between RTM and 1511 that did it, too.


This only happens once, but let me explain.

When I refurbish computers for our employees, I wipe the hard drive completely (either diskpart "clean" via the recovery shell, or using DBAN to wipe the partition table if I can't get into WinRE.

I then boot it up using network boot. We have a Windows Deployment Services server set up so we can install Windows using PXE. I put the Windows 10 Enterprise Version 1511 .wim in there and it installs fine.

After install I make a local account, make sure the drivers get installed automatically (so far, it's been auto-magic for all our hardware, even NVIDIA and AMD graphics cards), install antivirus + MS Office and whatever special software that employee would need, and then I name the machine and put it on the domain.

To prevent extra crap from being created in C:/Users (and in the registry) I don't log in with a domain account. I let the employees do that themselves.

The first time any domain account* tries to log in, it errors after about 20 seconds with

Windows couldn't connect to the System Event Notification Service service.

Please consult your system administrator.
If they put thei... Read more

A:System Event Notification errors with domain logins


we are experiencing the same issue. Did you ever get to the bottom of this?


Read other 0 answers

I've been having this issue for a few weeks, and am still not 100% sure if this error is causing the crash.
I have tried fixing by looking it up, but haven't had much luck.
The error is

Session "Microsoft Security Client OOBE" stopped due to the following error: 0xC000000D
Event ID 3

I have read that deleting the EppOobe.etl can temporarily fix this error/crash but it hasn't for me.
I did a full clean reformat and am continuing to crash. I haven't completely ruled out software being the cause of the issue because I still get this same exact error right before a crash. By crash I mean everything just freezes up, sound will loop.
I have to hold the power button to turn off and turn back on.
Any help would be appreciated, this is driving me nuts.
As of right now I'm completely uninstalling MSE to see if the error goes away and the crashes.

Thanks in advance

I'll also add that I have monitored all my temps and nothing is wrong with them. If this error isn't causing the crash, then the only 2 things I have left to rule out is failing memory or PSU.

Using Asus Probe it shows that all my PSU voltages are normal, though, so I don't think it would be my PSU (?).

A:Event ID 3 Error - Causing crash

Ok... so far so good.
I'll review everything I did here for the "Answer" so if someone else encounters random issues this may help...
Symptoms: Crashing while playing a video game (World of Warcraft)
Solutions tried:
1. Memory test (good)
2. SFC scan, disk check (all good)
2. Power supply swap (good)
3. Reviewed temps of CPU and GPU (CPU high, GPU good)
4. CPU was high in temp, took apart entire computer, cleaned everything, CPU heatsink & reapplied thermal paste - CPU temp back to normal
5. Crashing still occured but less frequently at 3.6GHz, downclocked my overclock (i7 920 2.66GHz @ 4.0GHz down to 3.0GHz).

6. Ran Prime95 8 x 8 CPU stress test for a few hours, no issues. No crash so far.

Hope this helps anyone in the future with a very irritating problem. The solution seems to have been that my CPU can no longer hold a high overclock (almost 5 years old now and it's always been from 2.66 to 4.0). Unfortunate, but better than having to build
a new computer when you're limited on funds.

Read other 49 answers

This problem is a little tough to explain, but I'll try. I'd like to find if there is a resolution for it.

The way our company network is set up, we log into a domain. This gives me access to a number of network resources.

As a programmer of embedded equipment, one of the devices I've created can communicate via Ethernet to host systems.

Our network was originally laid out as a 253 system segment at 192.168.10.x (mask of and this network segment has no free space for me to add a number of these controllers onto it since it's filled up almost to it's entirety with systems and servers.

So, I've set these units as addresses in 192.168.0.x, and I've created an alternate IP address on my system as, with a mask of

This works, as the IP stack knows which address to send requests out to. If I address something in the 0.x range, the system originates at 0.250, anything else goes out as 10.x. The problem is, my network resources on the domain disappear occasionally, and when I delete the alternate IP address, they come back. I've been using this scheme for quite some time on Windows 2000, and it was never a problem, so something has changed over the years. It seems to work for a while, and then randomly the resources drop out.

Does anyone know why doing this would cause the connection to network resources to just vanish? It would seem that what m doing should work, since it does work. I just need to find the "irritant" that ca... Read more

A:Alternate IP Address causing Domain connections to drop

Hey Jeff,
I have a couple of questions. What domain are you working off of? Windows server 2003/2008, linux? I have noticed that things I was able to do on 2000 and XP are not working with 7. That's because 7 is more secure (which I love).

What antivirus program are you running? What type of devices do you have on this other subnet? Where I work we have 2 different subnets that work fine. We had to do a couple of things in the router though to get them do this since we have multiple locations. Let me know about those questions, and I'll see what I can help with.


Read other 9 answers

I installed ATA and I would like to send Events 4776  from Splunk.
ATA documentation asks for a field :
TimeGenerated = the timestamp of the actual event (make sure it?s not the timestamp of the arrival to the SIEM or when it?s sent to ATA). The format should match yyyyMMddHHmmss.FFFFFF, preferably in milliseconds accuracy, this is very important.
How is it  possible to get  4776 in  milliseconds? In my DCs the logging is up to seconds

Read other answers

Hey guys, Im in need of some assistance.

I am receiving the BSOD Bugcheckcode 0x03b which results in a crash and a critical event error event id 41 task error 63 and I am unsure how to fix this. I have spent quite some time looking up the problem and what others have done but to no avail. I am assuming that this service exception problem (0x03b) is what causes my computer to crash unexpectedly (event id 41 task 63).

Can someone help me out here? If you need my crashdumps or anything like that let me know along with the process of which to save and post it onto the thread.


A:BSOD 0x03B (causing?) Event ID 41 Task 63

Please read and follow the instructions here: Blue Screen of Death (BSOD) Posting Instructions

Read other 2 answers

Kernel Event taken to Microsoft Management Console and inadvertently attached a task to the Event. KERNEL BASE repeats itself nonstop in desktop having created an error in C:\Program Files (x86)\Dropbox\Client\PYTHON27.DLL
It does come out every time I turn the laptop on, but it also says that the specified module could not be found. Load Library (pythondll) failed. I just do not know how to proceed. Any ideas would come most welcome, thanks.

Read other answers