Event Viewer Problem - Security section

G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.general (More info?)

Hi all,
I cannot read properly my security section of the event viewer anymore.

The description of an item is now like the following:

"The description for Event ID ( 538 ) in Source ( Security ) cannot be
found. The local computer may not have the necessary registry
information or message DLL files to display messages from a remote
computer. You may be able to use the /AUXSOURCE= flag to retrieve this
description; see Help and Support for details. The following information
is part of the event: IUSR_<myUser>, KIP, (0x0,0x5229A9), 3."

Moreover, the category are now filled with numbers.


I found on the web that the reason is probably due to some loss of
permissions...
i checked the .evt files and my user has full control over them.
Is there something else to check?
Do you have any suggestions for this problem?

Thanks in advance,
Stefan
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.general (More info?)

http://www.mcse.ms/archive48-2004-7-855064.html

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:eXzBl0WrFHA.1172@TK2MSFTNGP11.phx.gbl,
MSDN <StefanManf@newsgroups.nospam> hunted and pecked:
> Hi all,
> I cannot read properly my security section of the event viewer anymore.
>
> The description of an item is now like the following:
>
> "The description for Event ID ( 538 ) in Source ( Security ) cannot be
> found. The local computer may not have the necessary registry
> information or message DLL files to display messages from a remote
> computer. You may be able to use the /AUXSOURCE= flag to retrieve this
> description; see Help and Support for details. The following
> information is part of the event: IUSR_<myUser>, KIP, (0x0,0x5229A9),
> 3."
>
> Moreover, the category are now filled with numbers.
>
>
> I found on the web that the reason is probably due to some loss of
> permissions...
> i checked the .evt files and my user has full control over them.
> Is there something else to check?
> Do you have any suggestions for this problem?
>
> Thanks in advance,
> Stefan
 

stefan

Distinguished
Apr 14, 2004
334
0
18,780
Archived from groups: microsoft.public.windowsxp.general (More info?)

My machine is not in a domain
and my account is a local administrator.
In the local security settings,
the 'manage auditing and security log' is set with 'Administrators'.

Recently i've installed some log analyzers and made a windows update.
Could it be one of them the reason of my problem?

Thanks
Stefan

"Wesley Vogel" wrote:

> http://www.mcse.ms/archive48-2004-7-855064.html
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In news:eXzBl0WrFHA.1172@TK2MSFTNGP11.phx.gbl,
> MSDN <StefanManf@newsgroups.nospam> hunted and pecked:
> > Hi all,
> > I cannot read properly my security section of the event viewer anymore.
> >
> > The description of an item is now like the following:
> >
> > "The description for Event ID ( 538 ) in Source ( Security ) cannot be
> > found. The local computer may not have the necessary registry
> > information or message DLL files to display messages from a remote
> > computer. You may be able to use the /AUXSOURCE= flag to retrieve this
> > description; see Help and Support for details. The following
> > information is part of the event: IUSR_<myUser>, KIP, (0x0,0x5229A9),
> > 3."
> >
> > Moreover, the category are now filled with numbers.
> >
> >
> > I found on the web that the reason is probably due to some loss of
> > permissions...
> > i checked the .evt files and my user has full control over them.
> > Is there something else to check?
> > Do you have any suggestions for this problem?
> >
> > Thanks in advance,
> > Stefan
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.general (More info?)

Stefan,

From your first post...
[[You may be able to use the /AUXSOURCE= flag to retrieve this
description; see Help and Support for details.]]

This is what /AUXSOURCE brought up from Help and Support...

Detailed Usage of the Event Viewer /AUXSOURCE Switch Option
http://support.microsoft.com/default.aspx?scid=kb;en-us;312216

Read the article.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:BB3185C0-AAE6-46C2-8D08-76DD2A2671AD@microsoft.com,
Stefan <Stefan@discussions.microsoft.com> hunted and pecked:
> My machine is not in a domain
> and my account is a local administrator.
> In the local security settings,
> the 'manage auditing and security log' is set with 'Administrators'.
>
> Recently i've installed some log analyzers and made a windows update.
> Could it be one of them the reason of my problem?
>
> Thanks
> Stefan
>
> "Wesley Vogel" wrote:
>
>> http://www.mcse.ms/archive48-2004-7-855064.html
>>
>> --
>> Hope this helps. Let us know.
>>
>> Wes
>> MS-MVP Windows Shell/User
>>
>> In news:eXzBl0WrFHA.1172@TK2MSFTNGP11.phx.gbl,
>> MSDN <StefanManf@newsgroups.nospam> hunted and pecked:
>>> Hi all,
>>> I cannot read properly my security section of the event viewer anymore.
>>>
>>> The description of an item is now like the following:
>>>
>>> "The description for Event ID ( 538 ) in Source ( Security ) cannot
>>> be found. The local computer may not have the necessary registry
>>> information or message DLL files to display messages from a remote
>>> computer. You may be able to use the /AUXSOURCE= flag to retrieve this
>>> description; see Help and Support for details. The following
>>> information is part of the event: IUSR_<myUser>, KIP,
>>> (0x0,0x5229A9),
>>> 3."
>>>
>>> Moreover, the category are now filled with numbers.
>>>
>>>
>>> I found on the web that the reason is probably due to some loss of
>>> permissions...
>>> i checked the .evt files and my user has full control over them.
>>> Is there something else to check?
>>> Do you have any suggestions for this problem?
>>>
>>> Thanks in advance,
>>> Stefan
 

stefan

Distinguished
Apr 14, 2004
334
0
18,780
Archived from groups: microsoft.public.windowsxp.general (More info?)

I've already tried to use this solution BUT it doesn't work in my scenario.


"Wesley Vogel" wrote:

> Stefan,
>
> From your first post...
> [[You may be able to use the /AUXSOURCE= flag to retrieve this
> description; see Help and Support for details.]]
>
> This is what /AUXSOURCE brought up from Help and Support...
>
> Detailed Usage of the Event Viewer /AUXSOURCE Switch Option
> http://support.microsoft.com/default.aspx?scid=kb;en-us;312216
>
> Read the article.
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In news:BB3185C0-AAE6-46C2-8D08-76DD2A2671AD@microsoft.com,
> Stefan <Stefan@discussions.microsoft.com> hunted and pecked:
> > My machine is not in a domain
> > and my account is a local administrator.
> > In the local security settings,
> > the 'manage auditing and security log' is set with 'Administrators'.
> >
> > Recently i've installed some log analyzers and made a windows update.
> > Could it be one of them the reason of my problem?
> >
> > Thanks
> > Stefan
> >
> > "Wesley Vogel" wrote:
> >
> >> http://www.mcse.ms/archive48-2004-7-855064.html
> >>
> >> --
> >> Hope this helps. Let us know.
> >>
> >> Wes
> >> MS-MVP Windows Shell/User
> >>
> >> In news:eXzBl0WrFHA.1172@TK2MSFTNGP11.phx.gbl,
> >> MSDN <StefanManf@newsgroups.nospam> hunted and pecked:
> >>> Hi all,
> >>> I cannot read properly my security section of the event viewer anymore.
> >>>
> >>> The description of an item is now like the following:
> >>>
> >>> "The description for Event ID ( 538 ) in Source ( Security ) cannot
> >>> be found. The local computer may not have the necessary registry
> >>> information or message DLL files to display messages from a remote
> >>> computer. You may be able to use the /AUXSOURCE= flag to retrieve this
> >>> description; see Help and Support for details. The following
> >>> information is part of the event: IUSR_<myUser>, KIP,
> >>> (0x0,0x5229A9),
> >>> 3."
> >>>
> >>> Moreover, the category are now filled with numbers.
> >>>
> >>>
> >>> I found on the web that the reason is probably due to some loss of
> >>> permissions...
> >>> i checked the .evt files and my user has full control over them.
> >>> Is there something else to check?
> >>> Do you have any suggestions for this problem?
> >>>
> >>> Thanks in advance,
> >>> Stefan
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.general (More info?)

Stefan,

I don't know. Clear the Security log.

Open the Event Viewer...
Start | Run | Type: eventvwr | Click OK |
Right click Security and select Clear all Events |
Click No to: Do you want to save "Security" before clearing it? |

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:6F95388B-C19F-4F87-8968-88E9874941E9@microsoft.com,
Stefan <Stefan@discussions.microsoft.com> hunted and pecked:
> I've already tried to use this solution BUT it doesn't work in my
> scenario.
>
>
> "Wesley Vogel" wrote:
>
>> Stefan,
>>
>> From your first post...
>> [[You may be able to use the /AUXSOURCE= flag to retrieve this
>> description; see Help and Support for details.]]
>>
>> This is what /AUXSOURCE brought up from Help and Support...
>>
>> Detailed Usage of the Event Viewer /AUXSOURCE Switch Option
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;312216
>>
>> Read the article.
>>
>> --
>> Hope this helps. Let us know.
>>
>> Wes
>> MS-MVP Windows Shell/User
>>
>> In news:BB3185C0-AAE6-46C2-8D08-76DD2A2671AD@microsoft.com,
>> Stefan <Stefan@discussions.microsoft.com> hunted and pecked:
>>> My machine is not in a domain
>>> and my account is a local administrator.
>>> In the local security settings,
>>> the 'manage auditing and security log' is set with 'Administrators'.
>>>
>>> Recently i've installed some log analyzers and made a windows update.
>>> Could it be one of them the reason of my problem?
>>>
>>> Thanks
>>> Stefan
>>>
>>> "Wesley Vogel" wrote:
>>>
>>>> http://www.mcse.ms/archive48-2004-7-855064.html
>>>>
>>>> --
>>>> Hope this helps. Let us know.
>>>>
>>>> Wes
>>>> MS-MVP Windows Shell/User
>>>>
>>>> In news:eXzBl0WrFHA.1172@TK2MSFTNGP11.phx.gbl,
>>>> MSDN <StefanManf@newsgroups.nospam> hunted and pecked:
>>>>> Hi all,
>>>>> I cannot read properly my security section of the event viewer
>>>>> anymore.
>>>>>
>>>>> The description of an item is now like the following:
>>>>>
>>>>> "The description for Event ID ( 538 ) in Source ( Security )
>>>>> cannot be found. The local computer may not have the necessary
>>>>> registry information or message DLL files to display messages from a
>>>>> remote computer. You may be able to use the /AUXSOURCE= flag to
>>>>> retrieve this description; see Help and Support for details. The
>>>>> following information is part of the event: IUSR_<myUser>, KIP,
>>>>> (0x0,0x5229A9),
>>>>> 3."
>>>>>
>>>>> Moreover, the category are now filled with numbers.
>>>>>
>>>>>
>>>>> I found on the web that the reason is probably due to some loss of
>>>>> permissions...
>>>>> i checked the .evt files and my user has full control over them.
>>>>> Is there something else to check?
>>>>> Do you have any suggestions for this problem?
>>>>>
>>>>> Thanks in advance,
>>>>> Stefan
 

stefan

Distinguished
Apr 14, 2004
334
0
18,780
Archived from groups: microsoft.public.windowsxp.general (More info?)

I've also tried to clear the security log (with a backup of the .evt file),
BUT it doesn't work.

:-(


"Wesley Vogel" wrote:

> Stefan,
>
> I don't know. Clear the Security log.
>
> Open the Event Viewer...
> Start | Run | Type: eventvwr | Click OK |
> Right click Security and select Clear all Events |
> Click No to: Do you want to save "Security" before clearing it? |
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In news:6F95388B-C19F-4F87-8968-88E9874941E9@microsoft.com,
> Stefan <Stefan@discussions.microsoft.com> hunted and pecked:
> > I've already tried to use this solution BUT it doesn't work in my
> > scenario.
> >
> >
> > "Wesley Vogel" wrote:
> >
> >> Stefan,
> >>
> >> From your first post...
> >> [[You may be able to use the /AUXSOURCE= flag to retrieve this
> >> description; see Help and Support for details.]]
> >>
> >> This is what /AUXSOURCE brought up from Help and Support...
> >>
> >> Detailed Usage of the Event Viewer /AUXSOURCE Switch Option
> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;312216
> >>
> >> Read the article.
> >>
> >> --
> >> Hope this helps. Let us know.
> >>
> >> Wes
> >> MS-MVP Windows Shell/User
> >>
> >> In news:BB3185C0-AAE6-46C2-8D08-76DD2A2671AD@microsoft.com,
> >> Stefan <Stefan@discussions.microsoft.com> hunted and pecked:
> >>> My machine is not in a domain
> >>> and my account is a local administrator.
> >>> In the local security settings,
> >>> the 'manage auditing and security log' is set with 'Administrators'.
> >>>
> >>> Recently i've installed some log analyzers and made a windows update.
> >>> Could it be one of them the reason of my problem?
> >>>
> >>> Thanks
> >>> Stefan
> >>>
> >>> "Wesley Vogel" wrote:
> >>>
> >>>> http://www.mcse.ms/archive48-2004-7-855064.html
> >>>>
> >>>> --
> >>>> Hope this helps. Let us know.
> >>>>
> >>>> Wes
> >>>> MS-MVP Windows Shell/User
> >>>>
> >>>> In news:eXzBl0WrFHA.1172@TK2MSFTNGP11.phx.gbl,
> >>>> MSDN <StefanManf@newsgroups.nospam> hunted and pecked:
> >>>>> Hi all,
> >>>>> I cannot read properly my security section of the event viewer
> >>>>> anymore.
> >>>>>
> >>>>> The description of an item is now like the following:
> >>>>>
> >>>>> "The description for Event ID ( 538 ) in Source ( Security )
> >>>>> cannot be found. The local computer may not have the necessary
> >>>>> registry information or message DLL files to display messages from a
> >>>>> remote computer. You may be able to use the /AUXSOURCE= flag to
> >>>>> retrieve this description; see Help and Support for details. The
> >>>>> following information is part of the event: IUSR_<myUser>, KIP,
> >>>>> (0x0,0x5229A9),
> >>>>> 3."
> >>>>>
> >>>>> Moreover, the category are now filled with numbers.
> >>>>>
> >>>>>
> >>>>> I found on the web that the reason is probably due to some loss of
> >>>>> permissions...
> >>>>> i checked the .evt files and my user has full control over them.
> >>>>> Is there something else to check?
> >>>>> Do you have any suggestions for this problem?
> >>>>>
> >>>>> Thanks in advance,
> >>>>> Stefan
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.general (More info?)

The Security log doesn't clear?

[[You cannot clear archived logs; instead, delete the archived log file. ]]

SecEvent.Evt is the Security log.

C:\WINDOWS\System32\config\SecEvent.Evt
or
%windir%\System32\config\SecEvent.Evt

How to Delete Corrupt Event Viewer Log Files
http://support.microsoft.com/default.aspx?scid=kb;en-us;172156

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:040B0569-6711-4787-BDDC-1BAC7D297FEF@microsoft.com,
Stefan <Stefan@discussions.microsoft.com> hunted and pecked:
> I've also tried to clear the security log (with a backup of the .evt
> file), BUT it doesn't work.
>
> :-(
>
>
> "Wesley Vogel" wrote:
>
>> Stefan,
>>
>> I don't know. Clear the Security log.
>>
>> Open the Event Viewer...
>> Start | Run | Type: eventvwr | Click OK |
>> Right click Security and select Clear all Events |
>> Click No to: Do you want to save "Security" before clearing it? |
>>
>> --
>> Hope this helps. Let us know.
>>
>> Wes
>> MS-MVP Windows Shell/User
>>
>> In news:6F95388B-C19F-4F87-8968-88E9874941E9@microsoft.com,
>> Stefan <Stefan@discussions.microsoft.com> hunted and pecked:
>>> I've already tried to use this solution BUT it doesn't work in my
>>> scenario.
>>>
>>>
>>> "Wesley Vogel" wrote:
>>>
>>>> Stefan,
>>>>
>>>> From your first post...
>>>> [[You may be able to use the /AUXSOURCE= flag to retrieve this
>>>> description; see Help and Support for details.]]
>>>>
>>>> This is what /AUXSOURCE brought up from Help and Support...
>>>>
>>>> Detailed Usage of the Event Viewer /AUXSOURCE Switch Option
>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;312216
>>>>
>>>> Read the article.
>>>>
>>>> --
>>>> Hope this helps. Let us know.
>>>>
>>>> Wes
>>>> MS-MVP Windows Shell/User
>>>>
>>>> In news:BB3185C0-AAE6-46C2-8D08-76DD2A2671AD@microsoft.com,
>>>> Stefan <Stefan@discussions.microsoft.com> hunted and pecked:
>>>>> My machine is not in a domain
>>>>> and my account is a local administrator.
>>>>> In the local security settings,
>>>>> the 'manage auditing and security log' is set with 'Administrators'.
>>>>>
>>>>> Recently i've installed some log analyzers and made a windows update.
>>>>> Could it be one of them the reason of my problem?
>>>>>
>>>>> Thanks
>>>>> Stefan
>>>>>
>>>>> "Wesley Vogel" wrote:
>>>>>
>>>>>> http://www.mcse.ms/archive48-2004-7-855064.html
>>>>>>
>>>>>> --
>>>>>> Hope this helps. Let us know.
>>>>>>
>>>>>> Wes
>>>>>> MS-MVP Windows Shell/User
>>>>>>
>>>>>> In news:eXzBl0WrFHA.1172@TK2MSFTNGP11.phx.gbl,
>>>>>> MSDN <StefanManf@newsgroups.nospam> hunted and pecked:
>>>>>>> Hi all,
>>>>>>> I cannot read properly my security section of the event viewer
>>>>>>> anymore.
>>>>>>>
>>>>>>> The description of an item is now like the following:
>>>>>>>
>>>>>>> "The description for Event ID ( 538 ) in Source ( Security )
>>>>>>> cannot be found. The local computer may not have the necessary
>>>>>>> registry information or message DLL files to display messages from a
>>>>>>> remote computer. You may be able to use the /AUXSOURCE= flag to
>>>>>>> retrieve this description; see Help and Support for details. The
>>>>>>> following information is part of the event: IUSR_<myUser>, KIP,
>>>>>>> (0x0,0x5229A9),
>>>>>>> 3."
>>>>>>>
>>>>>>> Moreover, the category are now filled with numbers.
>>>>>>>
>>>>>>>
>>>>>>> I found on the web that the reason is probably due to some loss of
>>>>>>> permissions...
>>>>>>> i checked the .evt files and my user has full control over them.
>>>>>>> Is there something else to check?
>>>>>>> Do you have any suggestions for this problem?
>>>>>>>
>>>>>>> Thanks in advance,
>>>>>>> Stefan
 

stefan

Distinguished
Apr 14, 2004
334
0
18,780
Archived from groups: microsoft.public.windowsxp.general (More info?)

I've cleared the event log but the problem remains. (!)



"Wesley Vogel" wrote:

> The Security log doesn't clear?
>
> [[You cannot clear archived logs; instead, delete the archived log file. ]]
>
> SecEvent.Evt is the Security log.
>
> C:\WINDOWS\System32\config\SecEvent.Evt
> or
> %windir%\System32\config\SecEvent.Evt
>
> How to Delete Corrupt Event Viewer Log Files
> http://support.microsoft.com/default.aspx?scid=kb;en-us;172156
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In news:040B0569-6711-4787-BDDC-1BAC7D297FEF@microsoft.com,
> Stefan <Stefan@discussions.microsoft.com> hunted and pecked:
> > I've also tried to clear the security log (with a backup of the .evt
> > file), BUT it doesn't work.
> >
> > :-(
> >
> >
> > "Wesley Vogel" wrote:
> >
> >> Stefan,
> >>
> >> I don't know. Clear the Security log.
> >>
> >> Open the Event Viewer...
> >> Start | Run | Type: eventvwr | Click OK |
> >> Right click Security and select Clear all Events |
> >> Click No to: Do you want to save "Security" before clearing it? |
> >>
> >> --
> >> Hope this helps. Let us know.
> >>
> >> Wes
> >> MS-MVP Windows Shell/User
> >>
> >> In news:6F95388B-C19F-4F87-8968-88E9874941E9@microsoft.com,
> >> Stefan <Stefan@discussions.microsoft.com> hunted and pecked:
> >>> I've already tried to use this solution BUT it doesn't work in my
> >>> scenario.
> >>>
> >>>
> >>> "Wesley Vogel" wrote:
> >>>
> >>>> Stefan,
> >>>>
> >>>> From your first post...
> >>>> [[You may be able to use the /AUXSOURCE= flag to retrieve this
> >>>> description; see Help and Support for details.]]
> >>>>
> >>>> This is what /AUXSOURCE brought up from Help and Support...
> >>>>
> >>>> Detailed Usage of the Event Viewer /AUXSOURCE Switch Option
> >>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;312216
> >>>>
> >>>> Read the article.
> >>>>
> >>>> --
> >>>> Hope this helps. Let us know.
> >>>>
> >>>> Wes
> >>>> MS-MVP Windows Shell/User
> >>>>
> >>>> In news:BB3185C0-AAE6-46C2-8D08-76DD2A2671AD@microsoft.com,
> >>>> Stefan <Stefan@discussions.microsoft.com> hunted and pecked:
> >>>>> My machine is not in a domain
> >>>>> and my account is a local administrator.
> >>>>> In the local security settings,
> >>>>> the 'manage auditing and security log' is set with 'Administrators'.
> >>>>>
> >>>>> Recently i've installed some log analyzers and made a windows update.
> >>>>> Could it be one of them the reason of my problem?
> >>>>>
> >>>>> Thanks
> >>>>> Stefan
> >>>>>
> >>>>> "Wesley Vogel" wrote:
> >>>>>
> >>>>>> http://www.mcse.ms/archive48-2004-7-855064.html
> >>>>>>
> >>>>>> --
> >>>>>> Hope this helps. Let us know.
> >>>>>>
> >>>>>> Wes
> >>>>>> MS-MVP Windows Shell/User
> >>>>>>
> >>>>>> In news:eXzBl0WrFHA.1172@TK2MSFTNGP11.phx.gbl,
> >>>>>> MSDN <StefanManf@newsgroups.nospam> hunted and pecked:
> >>>>>>> Hi all,
> >>>>>>> I cannot read properly my security section of the event viewer
> >>>>>>> anymore.
> >>>>>>>
> >>>>>>> The description of an item is now like the following:
> >>>>>>>
> >>>>>>> "The description for Event ID ( 538 ) in Source ( Security )
> >>>>>>> cannot be found. The local computer may not have the necessary
> >>>>>>> registry information or message DLL files to display messages from a
> >>>>>>> remote computer. You may be able to use the /AUXSOURCE= flag to
> >>>>>>> retrieve this description; see Help and Support for details. The
> >>>>>>> following information is part of the event: IUSR_<myUser>, KIP,
> >>>>>>> (0x0,0x5229A9),
> >>>>>>> 3."
> >>>>>>>
> >>>>>>> Moreover, the category are now filled with numbers.
> >>>>>>>
> >>>>>>>
> >>>>>>> I found on the web that the reason is probably due to some loss of
> >>>>>>> permissions...
> >>>>>>> i checked the .evt files and my user has full control over them.
> >>>>>>> Is there something else to check?
> >>>>>>> Do you have any suggestions for this problem?
> >>>>>>>
> >>>>>>> Thanks in advance,
> >>>>>>> Stefan
>
>