none
Troubleshooting nearly dead W2K8 server

    Question

  • Hi, I'm new here and a very novice server admin. (Calling myself an admin is a loose use of the word!)

    I have a W2K8 server acting as a file server and AD controller.

    It began locking up on me and I thought it was heat related on the CPU so I pulled the case open and put a large fan blowing directly into the case.

    That seemed to stop the lockups but the server seemed really slow.

    A few days later the server began locking up again.

    If I reboot the server (I have to power fail it once it is locked up) it will run for a little while (maybe 30 min) before locking up. However, I just figured out that even though it appears locked up, the TCP/IP stack is still working because it will respond to pings. That has the side effect of making PCs that are members of the domain to take a VERY long time to log in because the server is there from an IP perspective but the DC service is not there so the authentication has to time out.

    Any ideas what might be going wrong? I really need to revive the server long enough to pull the files from it and then I'm going to get rid of having a DC (I really don't need it) and just set up a box to share the drive space. (I might re-use the hardware if that is not the cause of the problem.)

    I have no idea if I'm looking at a hardware or software problem at this point.

    TIA for all help/advice/suggestions!

    Tuesday, July 16, 2013 7:33 PM

All replies

  • Could you share a screenshot of Task Manager "Performance" and "Processes" tabs?
    Tuesday, July 16, 2013 7:59 PM
  • Hello,

    what is the Manufacturer/Model of your Server? Depending on what you have, maybe there are Logs available through software of the Manufacturer.

    Please check the EventLogs to see if there are any Errors or Warnings present.

    Best Regards,
    Jens


    jensit.wordpress.com

    Wednesday, July 17, 2013 6:54 PM
  • Could you share a screenshot of Task Manager "Performance" and "Processes" tabs?

    Here are the screen shots. Nothing too suspicious that I can see.

    Thursday, July 18, 2013 3:04 PM
  • Hello,

    what is the Manufacturer/Model of your Server? Depending on what you have, maybe there are Logs available through software of the Manufacturer.

    Please check the EventLogs to see if there are any Errors or Warnings present.

    Best Regards,
    Jens


    jensit.wordpress.com

    Jens,

    It is a home built server so no luck on manufacturer logs in the event log.

    I looked in the logs and I'm seeing some things but I'm not sure if they are significant or not. All of the events below are from booting the server today.

    Log Name:      Security
    Source:        Microsoft-Windows-Eventlog
    Date:          7/18/2013 10:00:58 AM
    Event ID:      1101
    Task Category: Event processing
    Level:         Error
    Keywords:      Audit Success
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    Audit events have been dropped by the transport.  0
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
        <EventID>1101</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>101</Task>
        <Opcode>0</Opcode>
        <Keywords>0x4020000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:00:58.726557200Z" />
        <EventRecordID>9481229</EventRecordID>
        <Correlation />
        <Execution ProcessID="964" ThreadID="1416" />
        <Channel>Security</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <UserData>
        <AuditEventsDropped xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
          <Reason>0</Reason>
        </AuditEventsDropped>
      </UserData>
    </Event>

    Log Name:      Application
    Source:        Microsoft-Windows-WMI
    Date:          7/18/2013 10:10:38 AM
    Event ID:      10
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
        <EventID Qualifiers="49152">10</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:10:38.000000000Z" />
        <EventRecordID>151969</EventRecordID>
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Channel>Application</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data>//./root/CIMV2</Data>
        <Data>SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &gt; 99</Data>
        <Data>0x80041003</Data>
      </EventData>
    </Event>

    Log Name:      Application
    Source:        VSS
    Date:          7/18/2013 10:02:30 AM
    Event ID:      8193
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...).  hr = 0x80070005, Access is denied.
    .

    Operation:
       Initializing Writer

    Context:
       Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
       Writer Name: System Writer
       Writer Instance ID: {e3d70604-8159-46c6-bbb2-0f4b58829df5}
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="VSS" />
        <EventID Qualifiers="0">8193</EventID>
        <Level>2</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:02:30.000000000Z" />
        <EventRecordID>151957</EventRecordID>
        <Channel>Application</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data>RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)</Data>
        <Data>0x80070005, Access is denied.
    </Data>
        <Data>

    Operation:
       Initializing Writer

    Context:
       Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
       Writer Name: System Writer
       Writer Instance ID: {e3d70604-8159-46c6-bbb2-0f4b58829df5}</Data>
        <Binary>2D20436F64653A20524547524547534330303030303135362D2043616C6C3A20524547524547534330303030303132392D205049443A202030303030303437362D205449443A202030303030313731362D20434D443A2020433A5C57696E646F77735C73797374656D33325C737663686F73742E657865202D6B204E6574776F726B53657276696365202020202020202D20557365723A204E616D653A204E5420415554484F524954595C4E4554574F524B20534552564943452C205349443A532D312D352D3230</Binary>
      </EventData>
    </Event>

    Log Name:      Application
    Source:        Microsoft-Windows-Winlogon
    Date:          7/18/2013 10:02:00 AM
    Event ID:      6006
    Task Category: None
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    The winlogon notification subscriber <GPClient> took 94 second(s) to handle the notification event (CreateSession).
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Winlogon" Guid="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}" EventSourceName="Wlclntfy" />
        <EventID Qualifiers="32768">6006</EventID>
        <Version>0</Version>
        <Level>3</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:02:00.000000000Z" />
        <EventRecordID>151956</EventRecordID>
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Channel>Application</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data>GPClient</Data>
        <Data>94</Data>
        <Data>CreateSession</Data>
        <Binary>04000000</Binary>
      </EventData>
    </Event>

    Log Name:      Application
    Source:        Microsoft-Windows-Winlogon
    Date:          7/18/2013 10:01:26 AM
    Event ID:      6005
    Task Category: None
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:      BIG-RIG
    Description:
    The winlogon notification subscriber <GPClient> is taking long time to handle the notification event (CreateSession).
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Winlogon" Guid="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}" EventSourceName="Wlclntfy" />
        <EventID Qualifiers="32768">6005</EventID>
        <Version>0</Version>
        <Level>3</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:01:26.000000000Z" />
        <EventRecordID>151955</EventRecordID>
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Channel>Application</Channel>
        <Computer>BIG-RIG</Computer>
        <Security />
      </System>
      <EventData>
        <Data>GPClient</Data>
        <Data>CreateSession</Data>
        <Binary>00000000</Binary>
      </EventData>
    </Event>

    Thursday, July 18, 2013 3:14 PM
  • I was unable to get the system log into the same message

    System part 1

    Log Name:      System
    Source:        Ntfs
    Date:          7/18/2013 10:31:53 AM
    Event ID:      137
    Task Category: (2)
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    The default transaction resource manager on volume \Device\HarddiskVolumeShadowCopy365 encountered a non-retryable error and could not start.  The data contains the error code.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Ntfs" />
        <EventID Qualifiers="49156">137</EventID>
        <Level>2</Level>
        <Task>2</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:31:53.710701300Z" />
        <EventRecordID>106063</EventRecordID>
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data>
        </Data>
        <Data>\Device\HarddiskVolumeShadowCopy365</Data>
        <Binary>1C0004000200300002000000890004C000000000850100C000000000000000000000000000000000850100C0</Binary>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Microsoft-Windows-DistributedCOM
    Date:          7/18/2013 10:24:55 AM
    Event ID:      10010
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
        <EventID Qualifiers="49152">10010</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:24:55.000000000Z" />
        <EventRecordID>106060</EventRecordID>
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="param1">{752073A1-23F2-4396-85F0-8FDB879ED0ED}</Data>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Microsoft-Windows-WinRM
    Date:          7/18/2013 10:23:05 AM
    Event ID:      10154
    Task Category: None
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    The WinRM service failed to create the following SPNs: WSMAN/big-rig.wtbhome.net; WSMAN/big-rig.

     Additional Data
     The error received was 8344: %%8344.

     User Action
     The SPNs can be created by an administrator using setspn.exe utility.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-WinRM" Guid="{A7975C8F-AC13-49F1-87DA-5A984A4AB417}" EventSourceName="WinRM" />
        <EventID Qualifiers="7">10154</EventID>
        <Version>0</Version>
        <Level>3</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:23:05.000000000Z" />
        <EventRecordID>106055</EventRecordID>
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="spn1">WSMAN/big-rig.wtbhome.net</Data>
        <Data Name="spn2">WSMAN/big-rig</Data>
        <Data Name="error">8344</Data>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Microsoft-Windows-DistributedCOM
    Date:          7/18/2013 10:22:52 AM
    Event ID:      10010
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
        <EventID Qualifiers="49152">10010</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:22:52.000000000Z" />
        <EventRecordID>106054</EventRecordID>
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="param1">{752073A1-23F2-4396-85F0-8FDB879ED0ED}</Data>
      </EventData>
    </Event>

    Log Name:      System
    Source:        USER32
    Date:          7/18/2013 10:12:28 AM
    Event ID:      1076
    Task Category: None
    Level:         Warning
    Keywords:      Classic
    User:          WTBHOME\tborland
    Computer:      big-rig.wtbhome.net
    Description:
    The reason supplied by user WTBHOME\tborland for the last unexpected shutdown of this computer is: Other (Unplanned)
     Reason Code: 0xa000000
     Problem ID:
     Bugcheck String:
     Comment:

    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="USER32" />
        <EventID Qualifiers="32768">1076</EventID>
        <Level>3</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:12:28.000000000Z" />
        <EventRecordID>106033</EventRecordID>
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security UserID="S-1-5-21-1292836780-384383534-905887957-1105" />
      </System>
      <EventData>
        <Data>Other (Unplanned)</Data>
        <Data>0xa000000</Data>
        <Data>
        </Data>
        <Data>
        </Data>
        <Data>
        </Data>
        <Data>WTBHOME\tborland</Data>
        <Binary>0000000A000000000000000000000000000000000000000000000000000000000000000000000000</Binary>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Service Control Manager
    Date:          7/18/2013 10:08:46 AM
    Event ID:      7022
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    The SQL Server Analysis Services (MSSQLSERVER) service hung on starting.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
        <EventID Qualifiers="49152">7022</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:08:46.270920300Z" />
        <EventRecordID>106020</EventRecordID>
        <Correlation />
        <Execution ProcessID="576" ThreadID="580" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="param1">SQL Server Analysis Services (MSSQLSERVER)</Data>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Service Control Manager
    Date:          7/18/2013 10:06:56 AM
    Event ID:      7001
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    The Net.Pipe Listener Adapter service depends on the Windows Process Activation Service service which failed to start because of the following error:
    Transaction support within the specified resource manager is not started or was shut down due to an error.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
        <EventID Qualifiers="49152">7001</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:06:56.150422100Z" />
        <EventRecordID>106019</EventRecordID>
        <Correlation />
        <Execution ProcessID="576" ThreadID="580" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="param1">Net.Pipe Listener Adapter</Data>
        <Data Name="param2">Windows Process Activation Service</Data>
        <Data Name="param3">%%6801</Data>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Service Control Manager
    Date:          7/18/2013 10:06:56 AM
    Event ID:      7001
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    The World Wide Web Publishing Service service depends on the Windows Process Activation Service service which failed to start because of the following error:
    Transaction support within the specified resource manager is not started or was shut down due to an error.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
        <EventID Qualifiers="49152">7001</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:06:56.150422100Z" />
        <EventRecordID>106018</EventRecordID>
        <Correlation />
        <Execution ProcessID="576" ThreadID="580" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="param1">World Wide Web Publishing Service</Data>
        <Data Name="param2">Windows Process Activation Service</Data>
        <Data Name="param3">%%6801</Data>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Service Control Manager
    Date:          7/18/2013 10:06:56 AM
    Event ID:      7000
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    The VMware Authorization Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
        <EventID Qualifiers="49152">7000</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:06:56.150422100Z" />
        <EventRecordID>106017</EventRecordID>
        <Correlation />
        <Execution ProcessID="576" ThreadID="580" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="param1">VMware Authorization Service</Data>
        <Data Name="param2">%%1053</Data>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Service Control Manager
    Date:          7/18/2013 10:06:56 AM
    Event ID:      7009
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    A timeout was reached (30000 milliseconds) while waiting for the VMware Authorization Service service to connect.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
        <EventID Qualifiers="49152">7009</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:06:56.150422100Z" />
        <EventRecordID>106016</EventRecordID>
        <Correlation />
        <Execution ProcessID="576" ThreadID="580" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="param1">30000</Data>
        <Data Name="param2">VMware Authorization Service</Data>
      </EventData>
    </Event>

    Log Name:      System
    Source:        srv
    Date:          7/18/2013 10:05:55 AM
    Event ID:      2013
    Task Category: None
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    The E: disk is at or near capacity.  You may need to delete some files.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="srv" />
        <EventID Qualifiers="32768">2013</EventID>
        <Level>3</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:05:55.049077600Z" />
        <EventRecordID>106012</EventRecordID>
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data>\Device\LanmanServer</Data>
        <Data>E:</Data>
        <Binary>000000000200280000000000DD070080000000000000000000000000000000000000000000000000</Binary>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Service Control Manager
    Date:          7/18/2013 10:05:42 AM
    Event ID:      7023
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    The Windows Process Activation Service service terminated with the following error:
    Transaction support within the specified resource manager is not started or was shut down due to an error.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
        <EventID Qualifiers="49152">7023</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:05:42.272655200Z" />
        <EventRecordID>106006</EventRecordID>
        <Correlation />
        <Execution ProcessID="576" ThreadID="2468" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="param1">Windows Process Activation Service</Data>
        <Data Name="param2">%%6801</Data>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Microsoft-Windows-WAS
    Date:          7/18/2013 10:05:40 AM
    Event ID:      5005
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    The description for Event ID 5005 from source Microsoft-Windows-WAS cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event originated on another computer, the display information had to be saved with the event.

    The following information was included with the event:


    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-WAS" Guid="{524B5D04-133C-4A62-8362-64E8EDB9CE40}" EventSourceName="WAS" />
        <EventID Qualifiers="49152">5005</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:05:40.000000000Z" />
        <EventRecordID>106001</EventRecordID>
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Binary>911A0780</Binary>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Microsoft-Windows-WAS
    Date:          7/18/2013 10:05:40 AM
    Event ID:      5036
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    The description for Event ID 5036 from source Microsoft-Windows-WAS cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event originated on another computer, the display information had to be saved with the event.

    The following information was included with the event:


    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-WAS" Guid="{524B5D04-133C-4A62-8362-64E8EDB9CE40}" EventSourceName="WAS" />
        <EventID Qualifiers="49152">5036</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:05:40.000000000Z" />
        <EventRecordID>106000</EventRecordID>
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Binary>911A0780</Binary>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Microsoft-Windows-WAS
    Date:          7/18/2013 10:05:40 AM
    Event ID:      5189
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    The description for Event ID 5189 from source Microsoft-Windows-WAS cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event originated on another computer, the display information had to be saved with the event.

    The following information was included with the event:

    *
    0

    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-WAS" Guid="{524B5D04-133C-4A62-8362-64E8EDB9CE40}" EventSourceName="WAS" />
        <EventID Qualifiers="49152">5189</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:05:40.000000000Z" />
        <EventRecordID>105999</EventRecordID>
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="AppPoolID">*</Data>
        <Data Name="ErrorType">0</Data>
        <Binary>911A0780</Binary>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Service Control Manager
    Date:          7/18/2013 10:05:40 AM
    Event ID:      7001
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
    The service did not respond to the start or control request in a timely fashion.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
        <EventID Qualifiers="49152">7001</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:05:40.151051500Z" />
        <EventRecordID>105997</EventRecordID>
        <Correlation />
        <Execution ProcessID="576" ThreadID="580" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="param1">Net.Tcp Listener Adapter</Data>
        <Data Name="param2">Net.Tcp Port Sharing Service</Data>
        <Data Name="param3">%%1053</Data>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Service Control Manager
    Date:          7/18/2013 10:05:09 AM
    Event ID:      7000
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    The SQL Server Reporting Services (MSSQLSERVER) service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
        <EventID Qualifiers="49152">7000</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:05:09.247397200Z" />
        <EventRecordID>105988</EventRecordID>
        <Correlation />
        <Execution ProcessID="576" ThreadID="580" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="param1">SQL Server Reporting Services (MSSQLSERVER)</Data>
        <Data Name="param2">%%1053</Data>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Service Control Manager
    Date:          7/18/2013 10:05:09 AM
    Event ID:      7009
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    A timeout was reached (30000 milliseconds) while waiting for the SQL Server Reporting Services (MSSQLSERVER) service to connect.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
        <EventID Qualifiers="49152">7009</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:05:09.247397200Z" />
        <EventRecordID>105987</EventRecordID>
        <Correlation />
        <Execution ProcessID="576" ThreadID="580" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="param1">30000</Data>
        <Data Name="param2">SQL Server Reporting Services (MSSQLSERVER)</Data>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Service Control Manager
    Date:          7/18/2013 10:04:36 AM
    Event ID:      7000
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    The Net.Tcp Port Sharing Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
        <EventID Qualifiers="49152">7000</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:04:36.892940400Z" />
        <EventRecordID>105983</EventRecordID>
        <Correlation />
        <Execution ProcessID="576" ThreadID="580" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="param1">Net.Tcp Port Sharing Service</Data>
        <Data Name="param2">%%1053</Data>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Service Control Manager
    Date:          7/18/2013 10:04:36 AM
    Event ID:      7009
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
        <EventID Qualifiers="49152">7009</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:04:36.892940400Z" />
        <EventRecordID>105982</EventRecordID>
        <Correlation />
        <Execution ProcessID="576" ThreadID="580" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="param1">30000</Data>
        <Data Name="param2">Net.Tcp Port Sharing Service</Data>
      </EventData>
    </Event>

     

    Thursday, July 18, 2013 3:16 PM
  • System part 2

    Log Name:      System
    Source:        Microsoft-Windows-DHCP-Server
    Date:          7/18/2013 10:04:37 AM
    Event ID:      10020
    Task Category: None
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    The description for Event ID 10020 from source Microsoft-Windows-DHCP-Server cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event originated on another computer, the display information had to be saved with the event.

    The following information was included with the event:


    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-DHCP-Server" Guid="{6D64F02C-A125-4DAC-9A01-F0555B41CA84}" EventSourceName="DhcpServer" />
        <EventID Qualifiers="0">10020</EventID>
        <Version>0</Version>
        <Level>3</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:04:37.000000000Z" />
        <EventRecordID>105980</EventRecordID>
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Microsoft-Windows-DHCP-Server
    Date:          7/18/2013 10:04:07 AM
    Event ID:      1056
    Task Category: None
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    The description for Event ID 1056 from source Microsoft-Windows-DHCP-Server cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event originated on another computer, the display information had to be saved with the event.

    The following information was included with the event:

    The operation completed successfully.


    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-DHCP-Server" Guid="{6D64F02C-A125-4DAC-9A01-F0555B41CA84}" EventSourceName="DhcpServer" />
        <EventID Qualifiers="0">1056</EventID>
        <Version>0</Version>
        <Level>3</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:04:07.000000000Z" />
        <EventRecordID>105978</EventRecordID>
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data>The operation completed successfully.
    </Data>
        <Binary>00000000</Binary>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Service Control Manager
    Date:          7/18/2013 10:03:34 AM
    Event ID:      7000
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    The SQL Server (MSSQLSERVER) service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
        <EventID Qualifiers="49152">7000</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:03:34.539630800Z" />
        <EventRecordID>105977</EventRecordID>
        <Correlation />
        <Execution ProcessID="576" ThreadID="580" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="param1">SQL Server (MSSQLSERVER)</Data>
        <Data Name="param2">%%1053</Data>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Service Control Manager
    Date:          7/18/2013 10:03:34 AM
    Event ID:      7009
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    A timeout was reached (30000 milliseconds) while waiting for the SQL Server (MSSQLSERVER) service to connect.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
        <EventID Qualifiers="49152">7009</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:03:34.539630800Z" />
        <EventRecordID>105976</EventRecordID>
        <Correlation />
        <Execution ProcessID="576" ThreadID="580" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="param1">30000</Data>
        <Data Name="param2">SQL Server (MSSQLSERVER)</Data>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Service Control Manager
    Date:          7/18/2013 10:03:02 AM
    Event ID:      7000
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    The SQL Server Integration Services 10.0 service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
        <EventID Qualifiers="49152">7000</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:03:02.231974100Z" />
        <EventRecordID>105975</EventRecordID>
        <Correlation />
        <Execution ProcessID="576" ThreadID="580" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="param1">SQL Server Integration Services 10.0</Data>
        <Data Name="param2">%%1053</Data>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Service Control Manager
    Date:          7/18/2013 10:03:02 AM
    Event ID:      7009
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    A timeout was reached (30000 milliseconds) while waiting for the SQL Server Integration Services 10.0 service to connect.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
        <EventID Qualifiers="49152">7009</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:03:02.231974100Z" />
        <EventRecordID>105974</EventRecordID>
        <Correlation />
        <Execution ProcessID="576" ThreadID="580" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="param1">30000</Data>
        <Data Name="param2">SQL Server Integration Services 10.0</Data>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Microsoft-Windows-DNS-Client
    Date:          7/18/2013 10:03:01 AM
    Event ID:      1014
    Task Category: None
    Level:         Warning
    Keywords:     
    User:          SYSTEM
    Computer:      big-rig.wtbhome.net
    Description:
    Name resolution for the name wtbhome.net timed out after none of the configured DNS servers responded.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
        <EventID>1014</EventID>
        <Version>0</Version>
        <Level>3</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x4000000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:03:01.576772900Z" />
        <EventRecordID>105973</EventRecordID>
        <Correlation />
        <Execution ProcessID="584" ThreadID="1448" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security UserID="S-1-5-18" />
      </System>
      <EventData>
        <Data Name="QueryName">wtbhome.net</Data>
        <Data Name="AddressLength">16</Data>
        <Data Name="Address">02000035C0A800020000000000000000</Data>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Microsoft-Windows-DHCP-Server
    Date:          7/18/2013 10:02:32 AM
    Event ID:      1036
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    The description for Event ID 1036 from source Microsoft-Windows-DHCP-Server cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event originated on another computer, the display information had to be saved with the event.

    The following information was included with the event:


    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-DHCP-Server" Guid="{6D64F02C-A125-4DAC-9A01-F0555B41CA84}" EventSourceName="DhcpServer" />
        <EventID Qualifiers="0">1036</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:02:32.000000000Z" />
        <EventRecordID>105970</EventRecordID>
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Binary>34050000</Binary>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Microsoft-Windows-DHCP-Server
    Date:          7/18/2013 10:02:32 AM
    Event ID:      1035
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    The description for Event ID 1035 from source Microsoft-Windows-DHCP-Server cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event originated on another computer, the display information had to be saved with the event.

    The following information was included with the event:


    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-DHCP-Server" Guid="{6D64F02C-A125-4DAC-9A01-F0555B41CA84}" EventSourceName="DhcpServer" />
        <EventID Qualifiers="0">1035</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:02:32.000000000Z" />
        <EventRecordID>105969</EventRecordID>
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Binary>34050000</Binary>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Service Control Manager
    Date:          7/18/2013 10:02:29 AM
    Event ID:      7000
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    The Active Directory Web Services service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
        <EventID Qualifiers="49152">7000</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:02:29.939917400Z" />
        <EventRecordID>105964</EventRecordID>
        <Correlation />
        <Execution ProcessID="576" ThreadID="580" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="param1">Active Directory Web Services</Data>
        <Data Name="param2">%%1053</Data>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Service Control Manager
    Date:          7/18/2013 10:02:29 AM
    Event ID:      7009
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    A timeout was reached (30000 milliseconds) while waiting for the Active Directory Web Services service to connect.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
        <EventID Qualifiers="49152">7009</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:02:29.939917400Z" />
        <EventRecordID>105963</EventRecordID>
        <Correlation />
        <Execution ProcessID="576" ThreadID="580" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="param1">30000</Data>
        <Data Name="param2">Active Directory Web Services</Data>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Microsoft-Windows-GroupPolicy
    Date:          7/18/2013 10:02:00 AM
    Event ID:      1058
    Task Category: None
    Level:         Error
    Keywords:     
    User:          SYSTEM
    Computer:      big-rig.wtbhome.net
    Description:
    The processing of Group Policy failed. Windows attempted to read the file \\wtbhome.net\sysvol\wtbhome.net\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
    a) Name Resolution/Network Connectivity to the current domain controller.
    b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
    c) The Distributed File System (DFS) client has been disabled.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
        <EventID>1058</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>1</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:02:00.861466300Z" />
        <EventRecordID>105962</EventRecordID>
        <Correlation ActivityID="{7AE97F46-A18B-4DCA-90D0-28E68A7114F2}" />
        <Execution ProcessID="1000" ThreadID="1176" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security UserID="S-1-5-18" />
      </System>
      <EventData>
        <Data Name="SupportInfo1">4</Data>
        <Data Name="SupportInfo2">816</Data>
        <Data Name="ProcessingMode">1</Data>
        <Data Name="ProcessingTimeInMilliseconds">12184</Data>
        <Data Name="ErrorCode">53</Data>
        <Data Name="ErrorDescription">The network path was not found. </Data>
        <Data Name="DCName">\\big-rig.wtbhome.net</Data>
        <Data Name="GPOCNName">CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=wtbhome,DC=net</Data>
        <Data Name="FilePath">\\wtbhome.net\sysvol\wtbhome.net\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini</Data>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Service Control Manager
    Date:          7/18/2013 10:01:59 AM
    Event ID:      7009
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    A timeout was reached (30000 milliseconds) while waiting for the Active@ Disk Monitor service to connect.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
        <EventID Qualifiers="49152">7009</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:01:59.722664300Z" />
        <EventRecordID>105961</EventRecordID>
        <Correlation />
        <Execution ProcessID="576" ThreadID="580" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="param1">30000</Data>
        <Data Name="param2">Active@ Disk Monitor</Data>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Server
    Date:          7/18/2013 10:01:04 AM
    Event ID:      2506
    Task Category: None
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:      BIG-RIG
    Description:
    The value named BIG-RIG in the server's registry key OptionalNames was not valid, and was ignored. If you want to change the value, change it to one that is the correct type and is within the acceptable range, or delete the value to use the default. This value might have been set up by an older program that did not use the correct boundaries.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Server" />
        <EventID Qualifiers="32768">2506</EventID>
        <Level>3</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:01:04.000000000Z" />
        <EventRecordID>105927</EventRecordID>
        <Channel>System</Channel>
        <Computer>BIG-RIG</Computer>
        <Security />
      </System>
      <EventData>
        <Data>BIG-RIG</Data>
        <Data>OptionalNames</Data>
        <Binary>34000000</Binary>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Server
    Date:          7/18/2013 10:01:01 AM
    Event ID:      2506
    Task Category: None
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:      BIG-RIG
    Description:
    The value named BIG-RIG in the server's registry key OptionalNames was not valid, and was ignored. If you want to change the value, change it to one that is the correct type and is within the acceptable range, or delete the value to use the default. This value might have been set up by an older program that did not use the correct boundaries.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Server" />
        <EventID Qualifiers="32768">2506</EventID>
        <Level>3</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:01:01.000000000Z" />
        <EventRecordID>105926</EventRecordID>
        <Channel>System</Channel>
        <Computer>BIG-RIG</Computer>
        <Security />
      </System>
      <EventData>
        <Data>BIG-RIG</Data>
        <Data>OptionalNames</Data>
        <Binary>34000000</Binary>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Server
    Date:          7/18/2013 10:00:57 AM
    Event ID:      2506
    Task Category: None
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:      BIG-RIG
    Description:
    The value named BIG-RIG in the server's registry key OptionalNames was not valid, and was ignored. If you want to change the value, change it to one that is the correct type and is within the acceptable range, or delete the value to use the default. This value might have been set up by an older program that did not use the correct boundaries.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Server" />
        <EventID Qualifiers="32768">2506</EventID>
        <Level>3</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:00:57.000000000Z" />
        <EventRecordID>105925</EventRecordID>
        <Channel>System</Channel>
        <Computer>BIG-RIG</Computer>
        <Security />
      </System>
      <EventData>
        <Data>BIG-RIG</Data>
        <Data>OptionalNames</Data>
        <Binary>34000000</Binary>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Server
    Date:          7/18/2013 10:00:54 AM
    Event ID:      2506
    Task Category: None
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:      BIG-RIG
    Description:
    The value named BIG-RIG in the server's registry key OptionalNames was not valid, and was ignored. If you want to change the value, change it to one that is the correct type and is within the acceptable range, or delete the value to use the default. This value might have been set up by an older program that did not use the correct boundaries.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Server" />
        <EventID Qualifiers="32768">2506</EventID>
        <Level>3</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:00:54.000000000Z" />
        <EventRecordID>105924</EventRecordID>
        <Channel>System</Channel>
        <Computer>BIG-RIG</Computer>
        <Security />
      </System>
      <EventData>
        <Data>BIG-RIG</Data>
        <Data>OptionalNames</Data>
        <Binary>34000000</Binary>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Microsoft-Windows-Kerberos-Key-Distribution-Center
    Date:          7/18/2013 10:00:25 AM
    Event ID:      29
    Task Category: None
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:      BIG-RIG
    Description:
    The description for Event ID 29 from source Microsoft-Windows-Kerberos-Key-Distribution-Center cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event originated on another computer, the display information had to be saved with the event.

    The following information was included with the event:


    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Kerberos-Key-Distribution-Center" Guid="{3FD9DA1A-5A54-46C5-9A26-9BD7C0685056}" EventSourceName="KDC" />
        <EventID Qualifiers="32768">29</EventID>
        <Version>0</Version>
        <Level>3</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T14:00:25.000000000Z" />
        <EventRecordID>105923</EventRecordID>
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Channel>System</Channel>
        <Computer>BIG-RIG</Computer>
        <Security />
      </System>
      <EventData>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Microsoft-Windows-Kernel-Power
    Date:          7/18/2013 9:56:16 AM
    Event ID:      41
    Task Category: (63)
    Level:         Critical
    Keywords:      (2)
    User:          SYSTEM
    Computer:      big-rig.wtbhome.net
    Description:
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
        <EventID>41</EventID>
        <Version>2</Version>
        <Level>1</Level>
        <Task>63</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000002</Keywords>
        <TimeCreated SystemTime="2013-07-18T13:56:16.974462300Z" />
        <EventRecordID>105913</EventRecordID>
        <Correlation />
        <Execution ProcessID="4" ThreadID="8" />
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security UserID="S-1-5-18" />
      </System>
      <EventData>
        <Data Name="BugcheckCode">0</Data>
        <Data Name="BugcheckParameter1">0x0</Data>
        <Data Name="BugcheckParameter2">0x0</Data>
        <Data Name="BugcheckParameter3">0x0</Data>
        <Data Name="BugcheckParameter4">0x0</Data>
        <Data Name="SleepInProgress">false</Data>
        <Data Name="PowerButtonTimestamp">0</Data>
      </EventData>
    </Event>

    Log Name:      System
    Source:        EventLog
    Date:          7/18/2013 9:59:24 AM
    Event ID:      6008
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    The previous system shutdown at 2:30:32 AM on ‎7/‎9/‎2013 was unexpected.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="EventLog" />
        <EventID Qualifiers="32768">6008</EventID>
        <Level>2</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T13:59:24.000000000Z" />
        <EventRecordID>105909</EventRecordID>
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data>2:30:32 AM</Data>
        <Data>‎7/‎9/‎2013</Data>
        <Data>
        </Data>
        <Data>
        </Data>
        <Data>61205</Data>
        <Data>
        </Data>
        <Data>
        </Data>
        <Binary>DD0707000200090002001E002000F300DD0707000200090006001E002000F3003C0000003C000000000000000000000000000000000000000100000006000000</Binary>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Ntfs
    Date:          7/18/2013 9:56:15 AM
    Event ID:      137
    Task Category: (2)
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      big-rig.wtbhome.net
    Description:
    The default transaction resource manager on volume C: encountered a non-retryable error and could not start.  The data contains the error code.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Ntfs" />
        <EventID Qualifiers="49156">137</EventID>
        <Level>2</Level>
        <Task>2</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-18T13:56:15.788860200Z" />
        <EventRecordID>105907</EventRecordID>
        <Channel>System</Channel>
        <Computer>big-rig.wtbhome.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data>
        </Data>
        <Data>C:</Data>
        <Binary>1C0004000200300002000000890004C000000000850100C000000000000000000000000000000000850100C0</Binary>
      </EventData>
    </Event>

    Thursday, July 18, 2013 3:19 PM
  • Hi,

    the logs actually looks ok, except the problems with starting all the services on your machine. Did you check this?

    Best Regards,
    Jens


    jensit.wordpress.com

    Thursday, July 18, 2013 5:45 PM
  • I have looked through and have not found anything that I have any idea how to even begin to fix. Everything seems to be failing because of timeouts and that correlates to the server being really sluggish.

    I do know that the DHCP errors are because I tried to uninstall the role but it did not uninstall cleanly. (This was AFTER the server began misbehaving.)

    I'm starting to think that there may be some sort of hardware reason for the slowness of the server but I'm not sure where to go from here. I suspected a HD problem but the SMART reporting from the OS disk shows no problems. I think that the CPU was overheating a while back but I can't think of how any damage from overheating could cause general slowness. I would expect it to not even boot if the CPU was partially fried.

    Any suggestions are welcome!

    Thanks again Jens!

    Thursday, July 18, 2013 6:38 PM