********************************************************************************

********************
|_______________________________________________________________________________
____________________|
| MM MM SSSSS IIIIII TTTTTTT SSSSSS RRRRR VV VV
HH HH CCCCC |
| MMM MMM SS II TTT SS RR RR VV VV
HH HH CCC |
| MM MM MM MM SSSSS II TTT SSSSSS RRRRR VV VV
HHHHHH CC |
| MM MMM MM SS II TTT SS RR RR VV VV
HH HH CCC |
| MM M MM SSSSS IIIIII TTT SSSSSS RR R V
HH HH CCCCC |
|-------------------------------------------------------------------------------
--------------------|
|>----------------------------- MSIT Server Heatlh Check v2.1.2427.6 -----------
-------------------<|
|_______________________________________________________________________________
____________________|

Date executed: 8/21/2011 9:02:06 AM

Executed by: v-ad943
********************************************************************************
********************
Computer Name: TK5CCPWEB01
Computer Hardware:
Asset tag: 1541385
Serial Number: 4TPR1D1
Manufacture: Dell Inc.
Model: - Medium - PowerEdge 2950 is N-1
Virtual Machine Host: Key Not Available
Physical Memory: Low 8186mb
Address Width: Low 64 bit processor
CPU Type: Intel(R) Xeon(R) CPU
E5345 @ 2.33GHz
CPU Count: Low Multiple Processors:Sockets:
2; Logical Procs: 4
CPU Status: OK
SMBIOS Present: True
BIOS Released Date: 00:00:00 04/20/2009
BIOS Caption: Phoenix ROM BIOS PLUS Versio
n 1.10 2.6.1
BIOS Version: Phoenix ROM BIOS PLUS Versio
n 1.10 2.6.1
Last Bootup Time: 08:53:04 08/21/2011
********************************************************************************
********************
RMB: >> HIGH << No RMB resolved for: TK5CCPW
EB01
********************************************************************************
********************
Operating System Configuration
Operating System Version: Microsoft® Windows Server® 2008
Enterprise
Build:SP: - Medium - 6002:2 is N-1
Service Pack Source: \\itdsl\msnplat\gold\WIN2008
SP2\winbuilds\6002\SP2\1621\AMD64\bits
Windows Activation: Low properly licensed
Domain: redmond.corp.microsoft.com
Organization Unit: CN=TK5CCPWEB01,OU=ITServices
,DC=redmond,DC=corp,DC=microsoft,DC=com
Current IPAK version: >> HIGH << Older then N-2: WIN2008SP2:B
uild 6.2.33.0
Old Ipak format: N\A Key Not Available

Configuration
NTFS Driver version: Low As desired key found without
bad value detected
Ipak Driver Compliance:
lsi_sas.sys N\A Outdated Ipak driver detecte
d, but not loaded.
hpcisss.sys N\A Outdated Ipak driver detecte
d, but not loaded.
bnxcd64.sys N\A Outdated Ipak driver detecte
d, but not loaded.
bxnd60a.sys >> HIGH << Found: 5.0.15.0 built by: W
inDDK Lower then expected version: 6.2.9.0
bxvbda.sys >> HIGH << Found: 5.0.19.0 built by: W
inDDK Lower then expected version: 6.2.8.0
bnxcd64.sys N\A Outdated Ipak driver detecte
d, but not loaded.
bxnd60a.sys >> HIGH << Found: 5.0.15.0 built by: W
inDDK Lower then expected version: 6.2.9.0
Misc Driver Compliance:
MpFilter.sys Low Found: 3.0.8007.0 Matches e
xpected version: 3.0.8007.0

********************************************************************************
********************
Debug Configuration
AutoReboot: Low Set to auto-reboot
Crash Dump Enabled: Low Kernel dump enabled
Over write dumps: Low Set to overwrite
Dumpfile Path\Name: Low Dump is located in default l
ocation
Pagefile on C: Low Pagefile should be ok for Ke
rnel Dump
Space for memory.dmp: Low 24gb should suffice for memo
ry dump
Memory Dump Count: Low no memory dumps detected
Memory dumps discovered:
None
Debugging tools for Windows: None
********************************************************************************
********************
Pagefile Configuration
Available Memory: Low 5133mb
Automatic Pagefile: Low Static Pagefile
Pagefile configuration:
Name Status
Drive FileSize MaximumSize
C:\pagefile.sys OK
c: 4294967296 4096

********************************************************************************
********************
Storage Freespace Configuration
Physical Drive Info:
DeviceID SCSIBus SCSILogicalUnit SCSIPo
rt SCSITargetId Model Risk
Size
\\.\PHYSICALDRIVE0 1 0 2
0 DELL PERC 5/i SCSI Disk Device Low
67.75gb, acceptable capacity

Logical Drive Info:

DeviceID Risk
C: Low Size: 50.01gb; Free: 24.59gb
; Percent: 49.2%
D: Low Size: 17.74gb; Free: 16.39gb
; Percent: 92.4%

Mount Point Info:

Directory Volume
C:\\ \\\\?\\Volume{68bcfa4a-82a4-11de-9d82-806e6f6e696
3}\\
D:\\ \\\\?\\Volume{68bcfa4b-82a4-11de-9d82-806e6f6e696
3}\\
E:\\ \\\\?\\Volume{d16451cd-82b7-11de-adde-806e6f6e696
3}\\

CHKDSK at boot: None

Optical Drive Info: - Medium - CD/DVD Drive ID is set wrong
SAN Kit:
No San Detected
iSCSI Configuration:
iSCSI Target Information: None detected
iSCSI Initiator Information: None detected
iSCSI Send Target Information: None detected
iSCSI Target Mappings: None detected
iSCSI LUN Information: None detected
iSCSI HBA Information:
VendorID UniqueAdapterId
 DriverName SerialNumber Firm
wareVersion NumberOfPorts Status
Microsoft Corporation 18446738026549846040
msiscsi.sys MSFT-05-1991 1.5
1 0

iSCSI NIC Information: None detected

********************************************************************************
********************
IP Configuration:
NetConnectionID CORP
NetEnabled True
NetConnectionStatus 2
Speed 100000000
PhysicalAdapter True
PNPDeviceID B06BDRV\L2ND&PCI_164C14E4&SUBSYS_01B2102
8&REV_12\6&207B384D&0&20050500
TimeOfLastReset 20110821085304.610794-420
Caption [00000012] Broadcom BCM5708C NetXtreme I
I GigE (NDIS VBD Client)
DHCPEnabled True
IPAddress 157.54.89.141 fe80::210a:1416:5de0:a623
2001:4898:dc05:d:210a:1416:5de0:a623 2001:4898:c8:6032:210a:1416:5de0:a623
DNSServerSearchOrder 157.54.14.178 157.54.14.146 157.54.14.16
2
WINSPrimaryServer 157.54.14.185
WINSSecondaryServer 157.54.14.163
DefaultIPGateway 157.54.89.1 fe80::211:bcff:fe4d:5800
DNSDomainSuffixSearchOrder
MACAddress 00:19:B9:CD:E5:2B
TcpipNetbiosOptions 0

Terminal Service State:

Not Available
********************************************************************************
********************
SQL Report:
SQL Configuration:
SQL 2008 R2: SQL Server 2008 R2 Engine not detected
SQL 2008: SQL Server 2008 Engine not detected
SQL 2005: SQL Server 2005 Engine not detected
SQL Service Accounts:No SQL Service Accounts detected
SQL Instances: 0
SQL 2008R2 Instances:
No SQL 2008R2 Instances Detected
SQL 2008 Instances:
No SQL 2008 Instances Detected
SQL 2005 Instances:
No SQL 2005 Instances Detected

SQL Server and tools fileversions: None detected

********************************************************************************
********************
IIS Report:
IIS Configuration:
Did not find IIS service
********************************************************************************
********************
Perfomance Check
Handles: None
Working Sets above 350mb: java.exe,
Processor Performance:
Name InterruptsPersec
PercentIdleTime PercentProcessorTimePercentPrivilegedTime
0 189
99 0 0
1 451
47 52 17
2 339
99 0 0
3 169
99 0 0
4 169
88 11 11
5 169
99 0 0
6 162
99 0 0
7 169
99 0 0

NIC Performance:
Name CurrentBandwidth
BytesReceivedPersec BytesSentPersec OutputQueueLength
Broadcom BCM5708C NetXtreme II GigE [NDIS VBD Client] _3 100000000
96066 73859 0

********************************************************************************
********************
Services Configuration
Automatic Services not started: TPM Base Services,
Services set to restart system:
None
********************************************************************************
********************
PNP Device Configuration
Disabled Devices: None
********************************************************************************
********************
System Security:
E-Trust Filter version: File not present
E-Trust Flpy Version: File not present
Currently Running: N\A Only ForeFront active
Forefront Filter Version: 3.0.8007.0
Forefront Network Monitor: 3.0.8007.0
Configuration Reapply: -1
Forefront Application: Low Current (Version: 2.0.0657.0
)
Forefront Installed on: 20110605
********************************************************************************
********************
Security Groups
Local Users:
Guest,ITSVC0,
Security Groups:
Administrators
TK5CCPWEB01\itsvc0,redmond\domain admins,redmond\infosec secure environment,redm
ond\itg-admin,redmond\_backup,redmond\_gotools,redmond\itadmin-global,redmond\it
g-gdctools,redmond\itg-mcss,redmond\sitg-services,redmond\sms-cp2,redmond\netsec
se,redmond\bgit-infra,redmond\netsecia,redmond\esecapp,fareast\xitnetsecsg,redmo
nd\_xmonam,redmond\xchgmgmt,redmond\netsecam,redmond\nseops,redmond\nsscom,redmo
nd\rmb-remediation,
Backup Operators
redmond\itg-backup operators,
Certificate Service DCOM Access
None
Cryptographic Operators
None
Distributed COM Users
None
Event Log Readers
None
Guests
TK5CCPWEB01\guest,
IIS_IUSRS
TK5CCPWEB01\iusr,
Network Configuration Operators
None
Performance Log Users
None
Performance Monitor Users
None
Power Users
None
Print Operators
None
Remote Desktop Users
None
Replicator
None
Users
TK5CCPWEB01\interactive,TK5CCPWEB01\authenticated users,redmond\domain users,
ConfigMgr Remote Control Users
None

None

Account known issues: Low None found

********************************************************************************
********************
Server Shares
Shares:
Description Name
Status Path
Remote Admin ADMIN$
OK C:\Windows
Default share C$
OK C:\
Default share D$
OK D:\
Remote IPC IPC$
OK
subnets
OK C:\Program Files\Novell\Sentinel6\data
\tmp\subnets
Default share Z$
OK Z:\

********************************************************************************
********************
Memory Configuration
Dynamic Max cache Key Not Available
Dynamic Back off low mem Key Not Available
Dynamic sample interval Key Not Available
Low memory threshold Value not present
********************************************************************************
********************
Known Bugs:
TCP Chimney: Value not present
TCP Chimney Enabled: Value not present
TCP RSS Enabled: Value not present
Firewall Issue: PolicyVersion
522
IPSecExempt 15
IPsecThroughNAT 2
Windows Firewall Domain: AllowLocalPolicyMerge
1
AllowLocalIPsecPolicyMerge 0
EnableFirewall 1
DefaultInboundAction 0
Windows FW Domain/ICMP
Key Not Available
Navisphere agent: Low Acceptible: Key not availabl
e
8dot3 File name: Low As desired key found without
bad value detected
Bad version of KB979744: Low As desired: Key not availabl
e
********************************************************************************
********************
VM Configuration
Virtual Machine Components
VM Bus Driver: Low Windows 2008 SP2
VM Storfl Driver: N\A Not found
VM Bus Video Driver: N\A Not found
VM S3 Driver: N\A Not found
VM Bus HID Driver: N\A Not found
********************************************************************************
********************
NLB Configuration
Cluster status: Not a NLB Cluster

********************************************************************************
********************
MSCS Configuration
Cluster status: Not a MSCS Cluster
********************************************************************************
********************
Application Configuration
Office system components: None detected

Visual Studio: None detected

MOM/SCOM version:
DisplayName Version
System Center Operations Manager 2007 R2 Agent 6.1.7221.0

HP Array Controller Utility: None detected

SMS Agent / CCMExec: None detected

System Center DPM Agent: None detected

********************************************************************************
********************
FC Adapter Configuration
FC Adapter
No FC Adapter detected
********************************************************************************
********************
Health Service Details:
Service State: Running
HealthService.exe: 6.1.7221.0

Registry: Agent Management Groups

Value not present
SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\OPPR
OD
IsRootHealthService 0
IsServer 0
UseActiveDirectory 0
IsSCEAgent 0
AcceptIncomingConnections 0
RequireAuthentication 1
RequireEncryption 1
RequireValidation 1
RequestCompression 1

SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\OPPR

OD\Parent Health Services
Value not present
SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\OPPR
OD\Parent Health Services\0
AuthenticationName NSLAB-RA-17.redmond.corp.microsoft.com
NetworkName NSLAB-RA-17.redmond.corp.microsoft.com
MaxSendBytesPerSecond 1000000
CanEstablishConnectionTo 1
NetworkTimeoutMilliseconds -1
RetryAttempts 3
RetryDelayMs 1000
Port 5723
SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\OPPR
OD\Send Priorities
Value not present
SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\OPPR
OD\Send Priorities\HIGH
LatencyTriggerMs 1000
BatchSizeTriggerKb 50
SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\OPPR
OD\Send Priorities\IDLE
LatencyTriggerMs 300000
BatchSizeTriggerKb -1
SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\OPPR
OD\Send Priorities\LOW
LatencyTriggerMs 300000
BatchSizeTriggerKb 1024
SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\OPPR
OD\Send Priorities\MEDIUM
LatencyTriggerMs 30000
BatchSizeTriggerKb 256
SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\OPPR
OD\Send Priorities\REALTIME
LatencyTriggerMs 0
BatchSizeTriggerKb 5
SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\OpsM
gr07CORPMT02
Value not present
SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\OpsM
gr07CORPMT02\AD Cache
Value not present
SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\OpsM
gr07CORPMT02\AD Cache\Primary SCP Info
Service DNS Name TK5SCOMMG2MS2.redmond.corp.microsoft.com
Service DNS Name Type
Service Class OpsMgr07CORPMT02
Port 5723
SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\OpsM
gr07CORPMT02\AD Cache\Secondary SCP Info Root
Value not present
SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\OpsM
gr07CORPMT02\AD Cache\Secondary SCP Info Root\Secondary SCP Info 1
Service DNS Name TK5SCOMMG2MS1.redmond.corp.microsoft.com
Service DNS Name Type
Service Class OpsMgr07CORPMT02
Port 57
SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\OpsM
gr07CORPMT04
Value not present
SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\OpsM
gr07CORPMT04\AD Cache
Value not present
SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\OpsM
gr07CORPMT04\AD Cache\Primary SCP Info
Service DNS Name TK5SCOMMG4MS2.redmond.corp.microsoft.com
Service DNS Name Type
Service Class OpsMgr07CORPMT04
Port 5723
SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\OpsM
gr07CORPMT04\AD Cache\Secondary SCP Info Root
Value not present
SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\OpsM
gr07CORPMT04\AD Cache\Secondary SCP Info Root\Secondary SCP Info 1
Service DNS Name TK5SCOMMG4MS1.redmond.corp.microsoft.com
Service DNS Name Type
Service Class OpsMgr07CORPMT04
Port 57
SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\xitm
on
IsRootHealthService 0
IsServer 0
UseActiveDirectory 0
IsSCEAgent 0
AcceptIncomingConnections 0
RequireAuthentication 1
RequireEncryption 1
RequireValidation 1
RequestCompression 1

SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\xitm

on\Parent Health Services
Value not present
SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\xitm
on\Parent Health Services\0
AuthenticationName XITSQL08.redmond.corp.microsoft.com
NetworkName XITSQL08.redmond.corp.microsoft.com
MaxSendBytesPerSecond 1000000
CanEstablishConnectionTo 1
NetworkTimeoutMilliseconds -1
RetryAttempts 3
RetryDelayMs 1000
Port 5723
SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\xitm
on\Send Priorities
Value not present
SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\xitm
on\Send Priorities\HIGH
LatencyTriggerMs 1000
BatchSizeTriggerKb 50
SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\xitm
on\Send Priorities\IDLE
LatencyTriggerMs 300000
BatchSizeTriggerKb -1
SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\xitm
on\Send Priorities\LOW
LatencyTriggerMs 300000
BatchSizeTriggerKb 1024
SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\xitm
on\Send Priorities\MEDIUM
LatencyTriggerMs 30000
BatchSizeTriggerKb 256
SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\xitm
on\Send Priorities\REALTIME
LatencyTriggerMs 0
BatchSizeTriggerKb

Registry: Management Groups

Value not present
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\OPP
ROD
Connector CLSID {534E71F9-7970-42D6-921F-59CFB873855F}
MaximumQueueSizeKb 15360
MaximumForwardedVirtualQueuePercentage 0
SendDataSinglePriority 1
WindowsAccountLockDownSD 0100048030000000400000000000000014000000
02001C0001000000000014000100000001010000000000050B000000010200000000000520000000
2002000001020000000000052000000020020000
ID 673be551-3462-c54b-4c9b-ed1a1bd70f85

SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\OPP
ROD\AllowedSSIDs
RestrictSSIDs 0
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\OPP
ROD\PriorityConfiguration
Value not present
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\OPP
ROD\PriorityConfiguration\HIGH
Value not present
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\OPP
ROD\PriorityConfiguration\IDLE
Value not present
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\OPP
ROD\PriorityConfiguration\LOW
Value not present
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\OPP
ROD\PriorityConfiguration\NORMAL
Value not present
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\OPP
ROD\PriorityConfiguration\REALTIME
Value not presen
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\OPP
ROD\SSDB
Value not present
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\OPP
ROD\SSDB\References
Value not present
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\OPP
ROD\SSDB\References\63745834-3e54-936c-1b47-2d632054a177
01020202020202020202020202020202020202020200000000000000000000000000000000000000
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\OPP
ROD\SSDB\References\92f8f803-0763-f491-2480-274bfc4126f9
01020202020202020202020202020202020202020200000000000000000000000000000000000000
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\OPP
ROD\SSDB\SSIDs
Value not present
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\OPP
ROD\SSDB\SSIDs\0053CDF984A67917023C9865DB8DA7E6478000F1E200000000000000000000000
000000000000000
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002177E776CA1DE14193260D7AEA5C0E12
1000000002000000000003660000A800000010000000CA211FBF06F252A90845BF9FFCEA0ED10000
000004800000A000000010000000557DDD9B8EC4224FB93B8BCE10EB28A84800000025A705D802EA
2486252B8699BD7933CF44D9B84D4FCC64B37D69D3747FE40384F4ED180E405919DBB02A54F275B6
24CDC34B096F13E65D67E7463CCF1E96BED9C4F9F9E74439D9F414000000742BECE51FD0C88597DC
06DBE580C77AE059D70AFA9D6581ED116530EACE763829CD1A4FCEC044E1DA1CCC1A89D7943935C3
9D326561E961D1E577481521E47AAF39FC09B9EB0A3AD312BFE763A82D27C9194F1F3E07DF6B7E1B
29B16FAF44C282F02642533F83E908D83A5BB691E6280B1FDD71FA859A19BA2B753B73BC161F9AE2
16C9CE27D09DB53DC71946B3C40F33D0E7E494EDB1ABDC3F4B4DD23506DD297B6CF9A5A5A1F4F21E
1CC5A03E9D634330BDEAF956F90AF6E087948A0C440C6F35514DB698CBFE66643AC3808B6DC05E08
ED172114E10B714E31DEEDEFD052E96EE6E5AD8F5B948C3A2BFD4B75FF981A8F823DA70D810C57B1
4D6EC722A89960BCCD7FB4AA5F07FAEE6DC52F5F3A998F3055A57F5DD5107E45EA0FED0D74AC4C78
14E4DA1DADD92CB9316A430A51F4C881ED7504A0CF138D160F73199A79B73DB62E946907ADCFA781
6CF4EF505B54F585F5E4CFFBABF4168796BC25E2DC28CBD714F179F6FDF042D125B3B18CA7A1C968
B4AF81E3A20749DABE748D97031609FA38727AB6D99F88EFAD7A07AB95518B3F663D53FD56E7F73B
F2C71FB4D6A9EEAEF6D3A6A2D36480DEF02E9E6149165B115A9D72610768195E5A3371AA74164198
C1F2EC4DFD213EC0440DE3698DB87793AA732B431ED9EBADA5FE6B54BC77E664166A38D8214FB607
0CA8D5D2A5E93AC18EA77DE1E29C75DE899978A3149A1D0FC07903D95DA85F065202E3FC79ADAB0B
FC14DCD372D971367F5EBE20AAAC260BA609AFBFF059B60E6331E4BC85A1FD73DD901B2A3BBA4D4C
DAD0711783C5ADD84809E4E0827CB0EFB00E50D0A5D1A84925275B7BF1C955CAAF65176559B0CA19
F9559243EFAB64D1710779E335580F0B218D66C37325F0E2CEF72DFC86901A2FE1B96B67171EEF51
168AADA3BF913264D73128C0EF0843F2EFD905C52F410E7BA4813BCBD0D42F641C56906BC87FEFAA
41E5F511C04DEC7F7663F71F24DBEA263F7076CF198D4BBB00D1BF910A5B050D25D5F0271305CCCF
AF1DDDF8AA58AC558D142A357E9CFA7F4FD04A4F03366C6DFA3DB55AB76637C5E095360E30ED0CA4
6BA1E7C28101C9AAECD75993F8309EE914AA2B5BFC2C1A49CC5552B0FD7171D25AF69E162A4B6DC3
696C6C229E133EBC5551E7BEEA1C85E55AC27CB4D4C338944D28AD0EA0DECA61F2CA7685DA79F79F
E8D72064EAE8993E16459C65149A51088B80A394B385217778BABF164B70F182F3142BEDB425B4C0
7631A5E04EFC6A130563B9CDA4F4ABA5C95B7E87B2F13017C186E8F2D2298845E0FF4125F26A2755
DC38E4AE4A46ECA636D0987F0FF8829FADB06A41236A9B506F25B02D495752C194CA4E3D5E5386F6
3F0E3405682C8745821E02FA511BFACE107B0182DC1EBE3FE869B554775F5EF15737689EAF63B6B5
821055411336F052D9096033999F5A6B0B299343C2EA41F5DCDB406E7D2D005F0923
Type 2
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\OPP
ROD\SSDB\SSIDs\005E3FEA16D6A1CA565AA9D8C7AD103A09123B116300000000000000000000000
000000000000000
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002177E776CA1DE14193260D7AEA5C0E12
1000000002000000000003660000A800000010000000463D0A77BF48574DFB5B1F3DCD2588020000
000004800000A00000001000000034EAF147071CC6C4B4BE33953124F45B48000000884CB3F415A9
276C42BFB4317FC74DE5327AB7556780B5A5B4A9AF0397D608ED40DB8B987F07E000EA3E334F71BB
5D592A31856E4FA7D764C5F7B2165522C990D1247687EE3282B21400000014182E844DA2178B64BE
7E68BC2D264D46F4D36EB13AB3A2F35451FB230C00466CDE0526A5FA3B393E2AF774EA02378A07A8
ED300257CC089A49C6343D9E718FF2B55C7FB6695FA835EA23151821F42C14686987DB5D26594815
57973F19D1755BB7D50AF8592997071E13C60B3A34FE076926D287D4381EF57E663CB4278E66971E
C0458E6DB20A22EC3AA506C980E607F464BB6A6F722E67A77AB10DC9B06F5DD59B986FA0E64FB366
F7A5C9A52770D974906C725B72923212B1B22FAE95DDB98FB7631FFF95D4E410F4CF59577273F586
42CFCFF45A094CF97262204EDEDE756DCDE6BB0CC1CB13F5B0B0B67E0C835D7C7D2EA03AA5DC43E4
31FD59A98CCE39C1F89450DB1D528B89CA19E21B582FC397899CFC8A234B6AF57538AD964D69DBBA
721AB25D9AF73F105BA3FFD24575FB8B9DDF7DD0CD2352A92C35F55E994A78C572D57995E0B0EC32
6CE4638D67932DC5822D976CA4F3FF64984FB6F5FF67A9C4B669695281CBC3E50025B03F9CE9AA2F
661866F578038BF1A5F8C4CEE8D92AAB8479419DAA37D681FE8F156236836AF8548AD5C7DC89A99F
BEFAEDA05F3AF7136541744C25A52A02A5593E2B04FE06CDA75F0BEFA77B8DCD71ABEB5DC024FB16
0AA87948F8B40A008CBBCAA5D353A7A9E09193A645774867F820803F590DE7B5BF00232CEE5A4998
62BB1CC2B2148243B96E6198DF006BEDD094BA867FD44A923538FEE01EB644B5B61394F8E7997BC5
73233FEC8E1CB9050417C33548F7F25F9D2D2FB0066B7E7E298D6787CD9FFBC3BC9851ADC62C5AE0
602A2F5DE335021AFE437B4FE7FE398B7B206922A559B65D9879AE1BE5624338B624053277632B37
B19FD64072F8438ABE6A5FF84871C09DBBE3B80E1D3BD4780EA04B2A5A31B332D5F263482191F43A
CFCA10CE97E5BB289179774D231DF235FF1253F9F53B9F7D0F1D48F185B8298E2C9E9202994DEF84
26111532CD76BE6D0D49FFF84E02EFFF3F6F96D771161548614546EAC8A8EA500EB57D5F41453C17
CE219702CC3FAB1752484B1977484BB0AC442690563754B99F92C9020C7FC2B85B07396D2AFC620F
94999FB7B5B1F24C42FCCA2B0740DA4D5C2F751F841409C832A92D24022EED292A562DB7C27A6D89
AEF616D03ECC141BA56A314392A1DCFDBD4911FBA5E349F81A537DEE66B75429F39D697E4491EA8A
FCAF13642D99926634B91DFAA94C674382B07E56A4DC77F61ADD417CB9A7DE863B178F5AABD38B8F
713E3659C91DF63B14417A6183D2195CB52052A8C953059298CF27DE92DFBF01C3D93AB9E5D9A2BA
B028E66DC3B9DC8CCDDD60D90421C28757AC56585C3C59D33F1437569FEE6753A9E53B79070FE192
3440D7AD898877B1401F31A7CB116A6335FC5C4337CFEA7EB5595AC6B6E684F56E4D92623282AD5F
5B3BC937325BF702D2BD2329D14D07C95FB0E87C752051078E0F96C2451BA49F5FBB
Typ
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\Ops
Mgr07CORPMT04
IsSourcedFromAD 1
WindowsAccountLockDownSD 0100048030000000400000000000000014000000
02001C0001000000000014000100000001010000000000050B000000010200000000000520000000
2002000001020000000000052000000020020000
ID e8d1e1db-3126-51ad-3429-b310ca0d60ae
Connector CLSID {534E71F9-7970-42D6-921F-59CFB873855F}

SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\Ops
Mgr07CORPMT04\AllowedSSIDs
RestrictSSIDs 0
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\Ops
Mgr07CORPMT04\SSDB
Value not present
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\Ops
Mgr07CORPMT04\SSDB\References
Value not present
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\Ops
Mgr07CORPMT04\SSDB\References\63745834-3e54-936c-1b47-2d632054a177
01020202020202020202020202020202020202020200000000000000000000000000000000000000
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\Ops
Mgr07CORPMT04\SSDB\References\92f8f803-0763-f491-2480-274bfc4126f9
01020202020202020202020202020202020202020200000000000000000000000000000000000000
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\Ops
Mgr07CORPMT04\SSDB\SSIDs
Value not present
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\Ops
Mgr07CORPMT04\SSDB\SSIDs\0089FE8E6616F844E297B6EFFD35E88B3930CAC4BA0000000000000
0000000000000000000000000
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002177E776CA1DE14193260D7AEA5C0E12
1000000002000000000003660000A800000010000000C9B21C5B4C2BCF129F06C7FA7F97733A0000
000004800000A0000000100000001F58FF4C4DDA6EAA461FC622BF62623510000000A0CE01CA59DA
2DA765A1D5D953CB2B5014000000CD9863C229131550B98F622485F921FD8F09567565126DEC4A62
502007D4D5065A540A0DFAB4AADB452EF80295C239ECCD5BC7BC60221F8EF88454FD4B859EF68C1E
379C992F9E99649E2D3B96445AA39D1B9FECF8DA50F3B030E43885463DA10A29CED90C2014C8752C
C3F84C9E7567885444D9C7B508B12AD7BD16FF77416DCC6795A78E0ABFEF26C31B603C4CDC13E6DA
B5477E7A79AEFB73F479E1BFD5B3C890A72077F1314B4E65C5EB50816E94BF2CE3147B6E1957CC9A
58D511DBCCC98877DCFDF1A680EE3EF58E77C347D06117CF3EEF39CD0EF260320CCEC88B31204470
CD92A9A1921590F1DD604A28F5340B2B9BFA81C8313E1428CE0344F96A9FA7AFE82C725453EA3912
9D01A8B826233029CE17CF4BAE9D508D6E2B90B297F2C0D7ED927E5F0B8564406BF45FCC3968AB34
D4DBFCFFBB62762BBB4F1A4B83AB1616F9E67D7B1B8E5FA3AC25999FFA9AC860EB02A844E7DE40A4
3A934869EFD4F60A07961C0593148ED4B50173B0EBCCFB6D558E329E1E166A837A4538482669B805
1C0E4439E3B860F42DB29001B30EB25982B7557386DA6283862173902C5ECF9C27165A3376911BDF
F65A30C6ED72726F693C9C452E712B96D87F2E38624A07FDB3F635E20FF2BD7D82F536517EADD016
FF8CFCC579AFF1F535785BC79C16607ECDFEFB0DAA59B763F64C3D5D23ADA4B7250F20BFAAD8E823
850E1E7307DAA5B479F313656850CC064EF1877C45F320CC760E65949066845CCC54B03800100128
F1D1C23A61B730838D236775E8A2B1B4F852B35E4F2E4EDA5B6D0D166892C93E2336080554496CEE
AC367BAD99E118D9CE8EF4FC7E808FA6C61B1281459CCE27D7A82E3D4F749456D0F4E7CC5D63E734
EAFE187AC9CEEA62C27DD71F5C4376438615F6C0D776852F65EDA0245490F13398431AD355D73A0D
8931E7FF61D44F244036FE7C6DD526A18DA9B266A8484525784C7D59DC6B7881A67FA1CF5EDD7B4D
50F0294E746C699DC48BC4EF68A3D620B56150458044A8250B50D7F8AA46B848A944B5EE32DE8B14
098987397CC63E27522AA1A7BB470B6F36B7E60B0E0BD5B9A9BE3D55EB0E03B25D84D76092D81133
CDE61B9A767455F7CD9BE06976AA3E622B43285B7BF41E3854D58918A0FCF001286E81CCEE20E25F
FFA7DD068E87CAB6F56EF36D1530F5F24926F9DA5F58C46409085FF11EC6E76F6539FB045C1248A4
C15FAE82832F6B6DAFDE6DE6FFF731B6D0F18AA9F4A4442E6780CD701A63456C69FA5DFAD5ABB7DA
F2D000DB845EC33C0311FE03D6957D8EC11D5FD4B0BE4BA202857A1A3E32059C7FCD9EA75D78E228
9D81FABA459B211FD9F41BE56170BE77B7A56FD770BBB75D411ABE7849E5A7C44038B8DAEACD4B0E
CFE1A0A2CD650327156351248B340CE51DBD990002EDF565F12437AADD447FC90247764E01FF9AB8
85848636F9AC3106607EDC7338DD80204F03
Typ
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\xit
mon
Connector CLSID {534E71F9-7970-42D6-921F-59CFB873855F}
MaximumQueueSizeKb 15360
MaximumForwardedVirtualQueuePercentage 0
SendDataSinglePriority 1
WindowsAccountLockDownSD 0100048030000000400000000000000014000000
02001C0001000000000014000100000001010000000000050B000000010200000000000520000000
2002000001020000000000052000000020020000
ID 7f2e9417-5939-fec0-c1fc-529e9e041699

SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\xit
mon\AllowedSSIDs
RestrictSSIDs 0
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\xit
mon\PriorityConfiguration
Value not present
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\xit
mon\PriorityConfiguration\HIGH
Value not present
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\xit
mon\PriorityConfiguration\IDLE
Value not present
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\xit
mon\PriorityConfiguration\LOW
Value not present
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\xit
mon\PriorityConfiguration\NORMAL
Value not present
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\xit
mon\PriorityConfiguration\REALTIME
Value not presen
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\xit
mon\SSDB
Value not present
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\xit
mon\SSDB\References
Value not present
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\xit
mon\SSDB\References\63745834-3e54-936c-1b47-2d632054a177
01020202020202020202020202020202020202020200000000000000000000000000000000000000
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\xit
mon\SSDB\References\92f8f803-0763-f491-2480-274bfc4126f9
01020202020202020202020202020202020202020200000000000000000000000000000000000000
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\xit
mon\SSDB\SSIDs
Value not present
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\xit
mon\SSDB\SSIDs\002A59C7417EF95A9A854FBCF61CB1D5A2D839E84700000000000000000000000
000000000000000
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002177E776CA1DE14193260D7AEA5C0E12
1000000002000000000003660000A8000000100000004AF4D2E7E0786EDB4F8DDDD3752EFD1B0000
000004800000A0000000100000009C246F4DC5ED655B69132138A7F73C8048000000C0BBDDFAC559
B99443562891106D6A9391CCAB86A364DB1132208CC759BA4ED1D72382EA765DE78FCCC40EDE5EE1
6E5A3F2B86316E0745A7BF13AFDA303D7C5F1A1DDDFC0C529E7A140000006FEE7BED6F49A2BAEE62
78BA4F69EB3BA765E3B6019FD1D591E9766C092B33CBF4EF184D4D480AAC82829E51697286FFA3D7
DA393DFA794E3EE2ED6DF4508759C30D1FFC42A15E8FEC5257C8BAF5A941FA97557E5780765FC6FD
6B97E99A0F3F6737005B2CEC9AD33C6DE93983669FDE63A478D923F3F4A2C5B92A140D8AF6036844
358453F63C7648EA8B29DCDF1347C3A948D74C524B27B8A6EB36BDA7453F3600DE0D975C936F4506
5A90352A23BC76E1F64D6AF04BBC4F2738A3AC36CB432B89377698993AE4F070535CD06E91B7B161
F1AEC749F5AE8A3FD89DA51755A1CC128032EA57A50F5FEBFAA490FB1266E750306FF50E2E021B0F
456FAA378CFE448483CE3B3E15BD3D04943A1DEFD8015993B38F0206B1F988E325CBDBD480934A43
BC3687D629D8143036AE766A011758AEFB959605ACCF5E5515491BD3DB7F907BE7C10E2398EB42D6
50B103FD6EE1B77E5BF76DE365E1229E606692B3A8FD4C8418A1D91E0330DF082ED3E4C86A216952
42FB8A224AABF91F98B0C02182565739A1D04BD6736C7AB150CBB5FD20ED324966268AD006F34295
F2161D062B37885822619E6C1C8E8A597E763DF1970ECABAA8612FD0F46F45FE48409FAC524EE0DD
A6CB2C6A2A39DBE8A634F0B1EC5E9869A41075AB47E6CFCED065768A820BB5B47320F47111510C19
77279DBF642037319019F7EF8C1C88CE82952EB13C910F43FFFD0B68038780177530C995F00AE834
2B072FD82DD5F466D06CED6DE08791A94B289EBCB47DE2B82F38EA0CCB202499257F19CC98A77830
9736FB22D2FA0F62A987A8C0DA0A900FA88BEC92985C0FE5FDE642EB49491D494F33D0E6752A247A
915F4056F645B748AACC068D2FB34D53384705384D25E8408732838EE703CA34CA246916B0A2394E
22E98B2CBDEF68B6C23D87896D30943FF55799917A132634CC5739E80A0D4305B9FF9479FCE7F45D
DFD7A73DC7BFBF8E3809604E3B976913222B4BDC9B3770AC19D47402A58CC840C86F4DBAADAEC0FF
D61565AF19FE1712AC64C3CD87AC97CA2681B197378D5225D0F9B16B21DD55AB0CF2FEB8D4589CCB
C9ECCD3482890DDE5DFE1BBE05166E62FE0DB0208853FFCBB01DB13F2EFE49ED6DFC094365B84B0B
1FACAF0801AF1FD41924FCAAEFCF254F9095A626246E11B3C6D56F86EC786E5C3280294792A9AB45
2565F24918A7D6DA3ED217D3F01A3DB51D63B9C418A5496C4A7E4BD22BC4208FED7340911A4C3A52
08CEE67F51A6594AE41F8F4842B0BA8D1978E944A617B9C13791D2D94BCEFE4C1F05297E0BA087BB
7FCF102674927DBB50227B4EF83A375AC6D2CCA7A33AAD31681BD8403749CB1C8BFD76099DFCC7FB
8A74903A0074B696398C6AAA7D8EA491FD327FCA0FAA728614C2F8DFD71DDFF059CA73F261F5FCF6
2DEDA94BCBCD45EB647F90DAFCA8727B1373F95C33DE69A0ED7E45257D25490F4353
Type 2
SYSTEM\CurrentControlSet\services\HealthService\Parameters\Management Groups\xit
mon\SSDB\SSIDs\0068B8A900C28005D7D70F49355FFB2C81BE84834800000000000000000000000
000000000000000
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002177E776CA1DE14193260D7AEA5C0E12
1000000002000000000003660000A8000000100000007FBE7FA02348191F0D46DBC79821C30E0000
000004800000A000000010000000106523C09F7623E89D06B32598925BCE480000006C7E31EB4DE4
697008CCC013E5E1D72F58A2786F004DE00C9C843F236C8EBBF78EA16595BE1531A7820D10480FD2
C3205EBFE8BE80B418DDA7F52B9127BDEBECC508DD70A7F7BF1E140000004BA523F227C8873419EA
5FE94353092780E955AE5F7DC4A805E429025D8DA10E3DA742C8CE50CFF0A6794EB4F638F8C34827
8F8AE6491555E87972E8E967D12D27A604A2A9D3F62262EB784EAF4756E6DAAC372E57B2A7BCE8E9
05D1ECA78DDB304A17CA50DD7DB230F48B1B83DBEC0C86A3B3E8D27FDC36AFBEDE82F6ACE6BFA1A5
E0D35B62FA409FF6755F83A2B5BC8661E834D786B33ACF5007031C4928EC93AB61AF28EBA871B25F
F63DB9F5CE72592FFFBCF36764A83ABC1EB20718791BDD0F1BE3C6EE4EB2DA7A5257491B8C4795FE
96F1FBAA54C556D3468AEEF4973823A9EA60A212F1C7BA70BF47DDA2E5AF5C1F32CA0A82E5A626BB
50029B72120F903ED3A93AF58BECDEB7F7CAAEE7A32A09BC232D560BFF3D639C8AB41ADDF0986F52
D6FAE5CE5AFD363378C11C6A9434965FEEEF09DB419797F911F1955DA2ACD9AF30495E76ABAA0950
8F6D4BA33DADB1B0C411E56C1184FAB61D6CD6ED20C6A12191EEAFEB1E1E06C21134D313F49F0EA6
986AC031B98FBEDF0DCAE6AF4CF9DF9899393A6CFE16C4095DEDFC36157EC4F7CA761694C4438D5D
EF28DB6EA30FE68F040CCCE57CF7C658E315BDE70513D5D23D4C7DD81DAE46C0FD43D5D6CF0FB0FD
67FAC0CE0483B849B9501E0D79C83DC1C2AB50B2E5D9AFFB2885A975820BCE25F61A01A5AD27092F
379EE242D644E6F6CC2FC480BA30C0686060070554A2DDDB0BE9EE2B3C8C79ACFF38EA33BA81E6D0
1F7E5408E85E2EA42F2B400328B02C057EC047DD88F24AA71F92EE696C7E870159577C23DADCDEE4
72A7A74F6E552D0F6B2C4DF8F818C750E730C5CBBEF53B0AE916FC70245133B0455FDF95C5AE683D
2A597758A75C3ED5B1FF1F3D189985DC207A3571B583354CA756A48E8113E0793F99E8EFE2788AA3
AC2D3163C2C31EC4E7396EEAF7B8CF01F1565965FC3CCD8D868D62204273B04BEE8B9A5B25EB8E36
194719CABDE6A06166D9A41954052D4E7AF480E7918783B6B73D741FCB1D282F62AED8ECE0095F75
442CC8E410D7CA4CD8BEF5F55F4BB6D0E2D890181D95FD4D43D5C60D34502FDD61397A55197341C5
81CC9B3E091BE3507CD6EB5F1CDEFC651CC34D50543505DAAA3DD295343C98EB93F91B57A31F9AF8
ED9C5430FAAC24C32925E109F26A8BEE21BA8AB5043C5EE7A6D4E120495AC0BF1F4856F57BD6E137
BBAE9E556A966E261EBF723EDD122E24B3AD05A4C77EC7ACEDA745C6B032224ADD9B136F92464CC5
0F578DA6BE8B716F22D5E046B0E3395D8449393D3F867014F7550DF1717D0B37977328204A5B89C6
3F04F2CF02770431DF51904448BD80750328861D0E3DF7B49CA521B645C4E980302FD9C683481BAC
AD5F5345CFEACE5A503CBE11BEC58BA273CF0B96A021D72E7DD56EF8FA9D9D8ACC1D41FF40FB9722
26BD6A9657074704F1F6DA61DDDE83B9BF42A9A27E0AEAD262AC339E7D3C874DB247
Ty

OpsMgrOM12AgentInstall.log
Last written to: N/A: File di
d not exist.
File copied to: N/A: File di
d not exist.

********************************************************************************
********************
Event Log Summary:
Event log:Application
36639 Error .NET Runtime
1023 14:27:55 08/21/2011
.NET Runtime version 2.0.50727.3053 - Fatal Execution Engine Error (734A7706) (8
0131506)
00112 Warning Microsoft-Windows-CertificateServicesClient-AutoEnrollme
nt 64 15:56:34 08/21/2011
Certificate for local system with Thumbprint 06 7c 1a 1b ef 9d 1d 1c 77 96 ab cf
7d d9 b4 15 d7 ac 5d f5 is about to expire or already expired.
00046 Information SceCli
1704 10:21:13 08/21/2011
Security policy in the Group policy objects has been applied successfully.
00038 Error Microsoft-Windows-CAPI2
11 15:54:31 08/21/2011
Failed extract of third-party root list from auto update cab at: <http://www.dow
nload.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verif
ying against the current system clock or the timestamp in the signed file.;;.
00025 Error .NET Runtime Optimization Service
1107 14:37:09 08/21/2011
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to e
xecute command from the offline queue: uninstall "System.Design; Version=2.0.0.0
; Culture=Neutral; PublicKeyToken=b03f5f7f11d50a3a; processorArchitecture=msil"
/NoDependencies . The error returned was Error: The specified assembly is not i
nstalled.;.
00023 Information Microsoft-Windows-Security-Licensing-SLC
1004 14:36:43 08/21/2011
The Software Licensing service has successfully installed the license.;;License
Title=Windows(TM) - Component PPD License (Microsoft-Windows-OfflineFiles-Core);
;License Id=fde9a948-da42-4dda-8551-5bc37d07ed22
00021 Information Microsoft-Windows-CertificateServicesClient
1 15:58:55 08/21/2011
Certificate Services Client has been started successfully.
00020 Information Microsoft-Windows-Security-Licensing-SLC
1033 15:54:43 08/21/2011
These policies are being excluded since they are only defined with override-only
attribute.;;Policy Names=(DFSN-ServerService-StandaloneRootLimit) (IIS-W3SVC-Ma
xConcurrentRequests) (MediaServer-EnableAdvancedFeatures) (Microsoft-Windows-Aux
iliaryDisplay-EnableAPI) (Microsoft-Windows-AuxiliaryDisplay-EnableCPL) (Microso
ft-Windows-AuxiliaryDisplay-EnableCPL_w) (Microsoft-Windows-AuxiliaryDisplay-Ena
bleDriver) (Microsoft-Windows-AuxiliaryDisplay-EnableDriver_w) (Microsoft-Window
s-AuxiliaryDisplay-EnableSDP) (Microsoft-Windows-AuxiliaryDisplay-EnableSDP_w) (
Microsoft-Windows-CertificateServices-CA-AdvancedTemplateSupport) (Microsoft-Win
dows-CertificateServices-CA-AdvancedTemplateSupport_w) (Microsoft-Windows-Certif
icateServices-CA-CertificateManagerRestrictionSupport) (Microsoft-Windows-Certif
icateServices-CA-CertificateManagerRestrictionSupport_w) (Microsoft-Windows-Cert
ificateServices-CA-ExitModuleSMTPSupport) (Microsoft-Windows-CertificateServices
-CA-ExitModuleSMTPSupport_w) (Microsoft-Windows-CertificateServices-CA-RoleSepar
ationSupport) (Microsoft-Windows-CertificateServices-CA-RoleSeparationSupport_w)
(Microsoft-Windows-Fax-Common-DeviceLimit) (Microsoft-Windows-Fax-Common-Enable
ServerPolicy) (PeerToPeerBase-IdManager-EnabledPolicy) (PeerToPeerBase-IdManager
-EnabledPolicy_w) (PeerToPeerBase-Pnrp-EnabledPolicy) (PeerToPeerBase-Pnrp-Enabl
edPolicy_w) (Printing-Spooler-Pmc-Licensing-Enabled) (Printing-Spooler-Pmc-Licen
sing-Enabled_w) (SecureStartupFeature-Enabled) (SecureStartupFeature-Enabled-Dri
ver) (SecureStartupFeature-Enabled_w) (SecureStartupFeature-PerfWarning) (TSProx
y-EdgeAdapter-MaxConnections) (Telnet-Client-EnableTelnetClient) (Telnet-Client-
EnableTelnetClient_w) (Telnet-Server-EnableTelnetServer) (Telnet-Server-EnableTe
lnetServer_w) (nfs-admincmdtools-enabled) (nfs-adminmmc-enabled) (nfs-clientcmdt
ools-enabled) (nfs-clientcore-enabled) (nfs-servercmdtools-enabled) (nfs-serverc
ore-enabled) (psync-Enabled) (snis-Enabled) (snis-Enabled_w) (sua-EnableSUA) ;;A
pp Id=55c92734-d682-4d71-983e-d6ec3f16059f;;Sku Id=c1af4d90-d1bc-44ca-85d4-003ba
33db3b9
00020 Information Microsoft-Windows-Security-Licensing-SLC
1005 15:54:43 08/21/2011
The result of Windows Right consumption is: hr=0x0;;
00020 Information Microsoft-Windows-Security-Licensing-SLC
1003 15:54:43 08/21/2011
The Software Licensing service has completed licensing status check.;;Applicatio
n Id=55c92734-d682-4d71-983e-d6ec3f16059f;;Licensing Status=;{1;[32b40e5e-0c6d-4
c6f-ab12-a031933fd2c6; 8; 0xC004F014;0x0]};;{1;[56df4151-1f9f-41bf-acaa-2941c071
872b; 8; 0xC004F014;0x0]};;{1;[94dd1d84-9d70-45ff-ae30-6c1643e583ac; 8; 0xC004F0
14;0x0]};;{1;[a6ad72e3-67a6-4d46-af1c-5f542c22ef7c; 8; 0xC004F014;0x0]};;{1;[bb1
d27c4-959d-4f82-b0fd-c02a7be54732; 8; 0xC004F014;0x0]};;{1;[c1af4d90-d1bc-44ca-8
5d4-003ba33db3b9; 0; 0x0;0x0];[0x0;0x0;0x0;0;0;0x0];[0x0;0xFFFFFFFF;0x0;0;0;0x0]
;[0x0;0xFFFFFFFF;0x0;0;0;0x0];[0;0;0x0]};;{1;[c90d1b4e-8aa8-439e-8b9e-b6d6b6a6d9
75; 8; 0xC004F014;0x0]};
00014 Information Microsoft-Windows-Winlogon
4101 15:58:55 08/21/2011
Windows license validated.
00014 Information Desktop Window Manager
9003 15:58:56 08/21/2011
The Desktop Window Manager was unable to start because a composited theme is not
in use
00013 Information Microsoft-Windows-Winlogon
6000 15:49:39 08/21/2011
The winlogon notification subscriber <Dot3svc> was unavailable to handle a notif
ication event.
00013 Information ITGSecLogOnGPExec
0 15:59:23 08/21/2011

00013 Information Desktop Window Manager

9009 15:49:32 08/21/2011
The Desktop Window Manager has exited with code (0x40010004)
00010 Warning Microsoft-Windows-WMI
63 14:36:03 08/21/2011
A provider; WmiPerfClass; has been registered in the Windows Management Instrume
ntation namespace root\cimv2 to use the LocalSystem account. This account is pri
vileged and the provider may cause a security violation if it does not correctly
impersonate user requests.
00010 Warning Microsoft-Windows-User Profiles Service
1530 15:49:39 08/21/2011
Windows detected your registry file is still in use by other applications or ser
vices. The file will be unloaded now. The applications or services that hold you
r registry file may not function properly afterwards. ;;;; DETAIL - ;; 1 user r
egistry handles leaked from \Registry\User\S-1-5-21-2127521184-1604012920-188792
7527-5910550:;Process 1036 (\Device\HarddiskVolume1\Windows\System32\svchost.exe
) has opened key \REGISTRY\USER\S-1-5-21-2127521184-1604012920-1887927527-591055
0\Printers\DevModePerUser;
00010 Information WSH
4 15:58:56 08/21/2011
SelfhostReliabilityStudy: VBS script started.
00010 Error Microsoft-Windows-Perflib
1023 11:54:26 08/21/2011
Windows cannot load the extensible counter DLL Windows Workflow Foundation 3.0.0
.0. The first four bytes (DWORD) of the Data section contains the Windows error
code.
00009 Information MsiInstaller
1035 15:56:34 08/21/2011
Windows Installer reconfigured the product. Product Name: Configuration Manager
Client. Product Version: 4.00.6487.2000. Product Language: 1033. Reconfiguration
success or error status: 0.
00008 Error Microsoft-Windows-WMI
5605 12:09:36 08/21/2011
Access to the root\cimv2\security\MicrosoftTpm namespace was denied because the
namespace is marked with RequiresEncryption but the script or application attemp
ted to connect to this namespace with an authentication level below Pkt_Privacy.
Change the authentication level to Pkt_Privacy and run the script or applicatio
n again.
00007 Warning EvntAgnt
3006 15:56:52 08/21/2011
Error reading log event record. Handle specified is 31588456. Return code from R
eadEventLog is 122.
00007 Information Microsoft-Windows-WMI
5617 15:54:28 08/21/2011
Windows Management Instrumentation Service subsystems initialized successfully
00007 Information Microsoft-Windows-WMI
5615 15:54:21 08/21/2011
Windows Management Instrumentation Service started sucessfully
00007 Information Microsoft-Windows-User Profiles Service
1531 15:53:52 08/21/2011
The User Profile Service has started successfully. ;;;;
00007 Information Microsoft-Windows-Security-Licensing-SLC
902 15:54:44 08/21/2011
The Software Licensing service has started.;;
00007 Information Microsoft-Windows-Security-Licensing-SLC
900 15:53:52 08/21/2011
The Software Licensing service is starting.;;
00007 Information Microsoft-Windows-RestartManager
10001 15:41:14 08/21/2011
Ending session 1 started 2011-08-21T15:40:43.163Z.
00007 Information Microsoft-Windows-RestartManager
10000 15:40:43 08/21/2011
Starting session 1 - 2011-08-21T15:40:43.163Z.
00007 Information Microsoft-Windows-MSDTC 2
4202 15:58:38 08/21/2011
MSDTC started with the following settings:;; Security Configuration (OFF = 0 and
 ON = 1):; Allow Remote Administrator = 0;; Network Clients = 0;; Trasaction Man
ager Communication: ; Allow Inbound Transactions = 0;; Allow Outbound Transactio
ns = 0;; Transaction Internet Protocol (TIP) = 0;; Enable XA Transactions = 0;;
MSDTC Communications Security = Mutual Authentication Required;; Account = NT
AUTHORITY\NetworkService;; Firewall Exclusion Detected = 0;; Transaction Bridge
Installed = 0; Filtering Duplicate Events = 1;
00007 Information Microsoft-Windows-EventSystem
4625 15:53:54 08/21/2011
The EventSystem sub system is suppressing duplicate event log entries for a dura
tion of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD
value named SuppressDuplicateDuration under the following registry key: HKLM\So
ftware\Microsoft\EventSystem\EventLog.
00006 Information Microsoft-Windows-Security-Licensing-SLC
12289 14:35:31 08/21/2011
The client has processed an activation response from the key management service
machine.;;Info:;;0x0;0x0;1;0;50;120;10080;2011/8/21 14:35
00006 Information Microsoft-Windows-Security-Licensing-SLC
12288 14:35:26 08/21/2011
The client has sent an activation request to the key management service machine.
;;Info:;;0x0;0x0;co1red-vl-vm03.redmond.corp.microsoft.com:1688;d24b3257-9108-44
a3-8a85-2a955496673e;2011/8/21 14:35;0;1;255060;c1af4d90-d1bc-44ca-85d4-003ba33d
b3b9;5
00006 Information Microsoft-Windows-LoadPerf
1001 15:37:36 08/21/2011
Performance counters for the WmiApRpl (WmiApRpl) service were removed successful
ly. The Record Data contains the new values of the system Last Counter and Last
Help registry entries.
00006 Information Microsoft-Windows-LoadPerf
1000 15:37:36 08/21/2011
Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfull
y. The Record Data in the data section contains the new index values assigned to
this service.
00005 Information MsiInstaller
1042 15:41:22 08/21/2011
Ending a Windows Installer transaction: C:\Windows\Installer\22dbc2.msi. Client
Process Id: 6096.
00005 Information MsiInstaller
1040 15:40:42 08/21/2011
Beginning a Windows Installer transaction: C:\Windows\Installer\22dbc2.msi. Clie
nt Process Id: 6096.
00005 Information Microsoft-Windows-MSDTC
4111 15:50:22 08/21/2011
The MS DTC service is stopping.
00005 Information Microsoft-Windows-CertificateServicesClient
2 13:02:20 08/21/2011
Certificate Services Client has been stopped.
00004 Warning Microsoft-Windows-Winlogon
6006 15:56:35 08/21/2011
The winlogon notification subscriber <GPClient> took 163 second(s) to handle the
notification event (CreateSession).
00004 Warning Microsoft-Windows-Winlogon
6005 15:54:52 08/21/2011
The winlogon notification subscriber <GPClient> is taking long time to handle th
e notification event (CreateSession).
00004 Warning Microsoft-Windows-Security-Licensing-SLC
12321 14:37:11 08/21/2011
Token-based Activation failed.
00004 Information SmsClient
11855 00:25:11 08/20/2011
Baseline content ScopeId_A9F65DF5-0B17-4903-BA4E-19D981A86D36/DataupBaseline-306
4E34E-1AB0-4f61-B7C2-C8B04EA53FAA_1E2B6A7D-5138-4441-A9E1-642773C57B5C:1 (FEP Mo
nitoring - Malware Detections); version 1.00 which was previously compliant; had
no prior discovery information; or a different non-compliance severity is now n
on-compliant with 'Informational' severity.
00004 Information MsiInstaller
11707 11:27:45 08/21/2011
Product: Microsoft .NET Framework 3.5 SP1 -- Installation completed successfully
.
00004 Information MsiInstaller
1033 11:27:45 08/21/2011
Windows Installer installed the product. Product Name: Microsoft .NET Framework
3.5 SP1. Product Version: 3.5.30729. Product Language: 0. Installation success o
r error status: 0.
00004 Information Microsoft-Windows-User Profiles Service
1532 15:50:22 08/21/2011
The User Profile Service has stopped. ;;;;
00004 Information Microsoft-Windows-CertificateServicesClient-CertEnroll
20 17:16:24 08/18/2011
Certificate enrollment for FAREAST\v-alupad successfully renewed a AutoenrolledE
FS_R2 certificate from certification authority CORPCAENT04.redmond.corp.microsof
t.com\MSIT Enterprise CA 4.
00004 Information Microsoft-Windows-CertificateServicesClient-CertEnroll
19 10:34:04 08/21/2011
Certificate enrollment for REDMOND\v-ad943 successfully received a MSITDirectAcc
ess-UserAuth-NoTPM certificate from certification authority corpcatpm04.redmond.
corp.microsoft.com\MSIT TPM 4.
00004 Information Microsoft Security Client
1000 15:37:33 08/21/2011
Microsoft Security Client successfully applied security policy: "MSIT_Std_DC_Srv
_Policy".
00003 Information Microsoft-Windows-Security-Licensing-SLC
901 15:50:22 08/21/2011
The Software Licensing service is stopping.;;
00002 Warning Microsoft-Windows-RestartManager
10010 11:10:06 08/21/2011
Application 'C:\Program Files\Broadcom\BACS\BacsTray.exe' (pid 6592) cannot be r
estarted - Application SID does not match Conductor SID..
00002 Information MsiInstaller
 11728 15:41:14 08/21/2011
Product: Microsoft .NET Framework 3.5 SP1 -- Configuration completed successfull
y.
00002 Information MsiInstaller
1036 15:41:14 08/21/2011
Windows Installer installed an update. Product Name: Microsoft .NET Framework 3.
5 SP1. Product Version: 3.5.30729. Product Language: 0. Update Name: KB2416473.
Installation success or error status: 0.
00002 Information MsiInstaller
1022 15:41:14 08/21/2011
Product: Microsoft .NET Framework 3.5 SP1 - Update 'KB2416473' installed success
fully.
00002 Information Microsoft-Windows-RestartManager
10002 11:07:54 08/21/2011
Shutting down application or service 'BacsTray Application'.
00002 Information EvntAgnt
2020 11:07:54 08/21/2011
SNMP Event Log Extension Agent has terminated.
00002 Error Microsoft-Windows-Security-Licensing-SLC
1044 14:35:35 08/21/2011
The following errors occurred during license evaluation:;;0xC004F012;;
00001 Warning Microsoft-Windows-WMI
5612 20:50:04 08/08/2011
Windows Management Instrumentation has stopped WMIPRVSE.EXE because a quota reac
hed a warning value. Quota: HandleCount Value: 4219 Maximum value: 4096 WMIPRVS
E PID: 1104
00001 Warning Microsoft-Windows-EventSystem
4356 15:31:27 08/21/2011
The COM+ Event System failed to create an instance of the subscriber {1CCB96F4-B
8AD-4B43-9688-B273F58E0910}. StandardCreateInstance returned HRESULT 80070005.
00001 Information Microsoft-Windows-RestartManager
10005 11:07:47 08/21/2011
Machine restart is required.
00001 Information Microsoft-Windows-RestartManager
10003 11:10:07 08/21/2011
Restarting application or service 'SNMP Service'.
00001 Information Microsoft-Windows-LoadPerf
1002 14:36:31 08/21/2011
Performance counters for the Psched (QoS Packet Scheduler) service are already i
n the registry; no need to reinstall. This only happens when you install the sam
e counter twice. The second time install will generate this event.
00001 Information DSM_DUP_BIOSVerifySrv
0 11:10:53 08/21/2011

00001 Information BIOSIE

1001 11:58:54 08/21/2011
Post-reboot BIOS verification: BIOS Update successful! ;;Current Version: 2.6.1.
;;Expected Version: 2.6.1.
00001 Error Microsoft-Windows-Perflib
1010 14:37:06 08/21/2011
The Collect Procedure for the "PolicyAgent" service in DLL "C:\Windows\System32\
ipsecsvc.dll" generated an exception or returned an invalid status. The performa
nce data returned by the counter DLL will not be returned in the Perf Data Block
. The first four bytes (DWORD) of the Data section contains the exception code o
r status code.
00001 Error Microsoft-Windows-Perflib
1008 10:18:42 08/21/2011
The Open Procedure for service "BITS" in DLL "C:\Windows\system32\bitsperf.dll"
failed. Performance data for this service will not be available. The first four
bytes (DWORD) of the Data section contains the error code.
00001 Error Microsoft-Windows-CertificateServicesClient-CertEnroll
13 09:16:00 08/18/2011
Certificate enrollment for FAREAST\v-alupad failed to enroll for a AutoenrolledE
FS_R2 certificate from CORPCAENT04.redmond.corp.microsoft.com\MSIT Enterprise CA
4 (An attempt was made to open a Certification Authority database session; but
there are already too many active sessions. The server may need to be configured
to allow additional sessions. 0x8009400f (-2146877425)).

********************************************************************************
********************
Event log:System
04484 Information Service Control Manager
7036 15:59:52 08/21/2011
The Application Information service entered the running state.
03444 Information Microsoft-Windows-Servicing
4386 15:48:21 08/21/2011
Windows Servicing required reboot to complete the process of changing update 256
7680-5_neutral_GDR from package KB2567680(Security Update) into Install Requeste
d(Install Requested) state
02414 Information Microsoft-Windows-Servicing
4372 15:48:09 08/21/2011
Windows Servicing is setting package KB2567680(Security Update) state to Install
Requested(Install Requested)
02082 Information Microsoft-Windows-Servicing
4383 15:38:45 08/21/2011
Windows Servicing completed the process of changing update 968389-50_neutral_GDR
from package KB968389 (Update) into Staging(Staging) state
01768 Information Microsoft-Windows-Servicing
4371 15:47:57 08/21/2011
Windows Servicing started a process of changing package KB2567680(Security Updat
e) state from Absent(Absent) to Installed(Installed)
01737 Warning Microsoft-Windows-Servicing
4376 15:48:21 08/21/2011
Servicing has required reboot to complete the operation of setting package KB256
7680(Security Update) into Install Requested(Install Requested) state
01034 Information Microsoft-Windows-Servicing
4373 15:56:42 08/21/2011
Windows Servicing successfully set package Package_for_KB980842~31bf3856ad364e35
~amd64~~6.0.1.0() state to Installed(Installed)
00322 Warning Microsoft-Windows-Servicing
4374 15:47:59 08/21/2011
Windows Servicing identified that package KB2567680(Security Update) is not appl
icable for this system
00220 Information Microsoft Antimalware
5007 11:18:40 08/21/2011
Microsoft Antimalware Configuration has changed. If this is an unexpected event
you should review the settings as this may be the result of malware.;; Old valu
e: HKLM\SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Threats\ThreatSeverity
DefaultAction\1 = 0x6;; New value: HKLM\SOFTWARE\Policies\Microsoft\Micr
osoft Antimalware\Threats\ThreatSeverityDefaultAction\1 = 0x2
00135 Information Microsoft-Windows-User-PnP
20001 14:22:30 08/21/2011
Driver Management concluded the process to install driver FileRepository\machine
.inf_eee87d92\machine.inf for Device Instance ID ROOT\VOLMGR\0000 with the follo
wing status: 0.
00130 Information Microsoft Antimalware
2000 07:29:05 08/20/2011
Microsoft Antimalware signature version has been updated.;; Current Signatur
e Version: 1.111.257.0;; Previous Signature Version: 1.111.216.0;;
Signature Type: AntiSpyware;; Update Type: Delta;; User: NT AUTHORITY\SYSTE
M;; Current Engine Version: 1.1.7604.0;; Previous Engine Version: 1.1.760
4.0
00121 Information DnsApi
11157 15:54:01 08/21/2011
The system failed to register pointer (PTR) resource records (RRs) for network a
dapter;;with settings:;;;; Adapter Name : {EC0AA3FC-E11B-49E9-A14C-48C41DA7D30
5};; Host Name : TK5CCPWEB01;; Adapter-specific Domain Suffix : redmond.corp
.microsoft.com;; DNS server list :;; 157.54.14.178; 157.54.14.146; 15
7.54.14.162;; Sent update to server : <?>;; IP Address : 2001:4898:dc05:d:21
0a:1416:5de0:a623;;;; The cause was DNS server failure. This may because the rev
erse lookup zone is busy or missing on the DNS server that your computer needs t
o update. In most cases; this is a minor problem because it does not affect norm
al (forward) name resolution.;;;; If reverse (address-to-name) resolution is req
uired for your computer; you can manually retry DNS registration of the network
adapter and its settings by typing "ipconfig /registerdns" at the command promp
t. If problems still persist; contact your DNS server or network systems admini
strator. For specific error code information; see the record data below.
00114 Information Microsoft-Windows-User-PnP
20003 14:35:22 08/21/2011
Driver Management has concluded the process to add Service tunnel for Device Ins
tance ID ROOT\*ISATAP\0000 with the following status: 0.
00087 Information Server Administrator
2334 15:56:41 08/21/2011
Controller event log: Battery charge complete: Controller 0 (PERC 5/i Integrate
d)
00080 Information Microsoft-Windows-DistributedCOM
10029 15:59:14 08/21/2011
DCOM started the service wuauserv with arguments "" in order to run the server:
;;{E60687F7-01A1-40AA-86AC-DB1CBF673334}
00056 Information Microsoft-Windows-Kernel-Processor-Power
4 15:53:11 08/21/2011
Processor 5 exposes the following:;;;;1 idle state(s);;2 performance state(s);;0
throttle state(s)
00039 Warning Microsoft-Windows-PrintSpooler
8 15:49:39 08/21/2011
The jobs in the print queue for printer Microsoft XPS Document Writer (redirecte
d 2) were deleted. No user action is required.;;To stop logging warning events f
or the print spooler; in Control Panel; open Printers; right-click a blank area
of the window; click Run as Administrator; click Server Properties; click the Ad
vanced tab; and then clear the Log spooler warning events check box.
00039 Warning Microsoft-Windows-PrintSpooler
4 15:49:39 08/21/2011
Printer Microsoft XPS Document Writer (redirected 2) will be deleted. No user ac
tion is required.;;To stop logging warning events for the print spooler; in Cont
rol Panel; open Printers; right-click a blank area of the window; click Run as A
dministrator; click Server Properties; click the Advanced tab; and then clear th
e Log spooler warning events check box.
00039 Warning Microsoft-Windows-PrintSpooler
3 15:49:39 08/21/2011
Printer Microsoft XPS Document Writer (redirected 2) was deleted; and users will
no longer be able to print to this printer. No user action is required.;;To sto
p logging information events for the print spooler; in Control Panel; open Print
ers; right-click a blank area of the window; click Run as Administrator; click S
erver Properties; click the Advanced tab; and then clear the Log spooler informa
tion events check box.
00038 Information EventLog
6013 15:53:51 08/21/2011
The system uptime is 47 seconds.
00032 Information Tcpip
4201 15:53:13 08/21/2011
The system detected that network adapter CORP was connected to the network; and
has initiated normal operation.
00031 Information Service Control Manager
7040 15:56:42 08/21/2011
The start type of the Windows Modules Installer service was changed from auto st
art to demand start.
00031 Error Microsoft-Windows-TerminalServices-Printers
1111 15:59:11 08/21/2011
Driver Send To Microsoft OneNote 2010 Driver required for printer Send To OneNot
e 2010 is unknown. Contact the administrator to install the driver before you lo
g in again.
00023 Information Microsoft-Windows-Dhcp-Client
1103 15:53:57 08/21/2011
Your computer was successfully assigned an address from the network; and it can
now connect to other computers.
00017 Information b06bdrv
12 15:53:08 08/21/2011
\Device\NTPNP_PCI0031: Driver initialized successfully.
00014 Information Microsoft-Windows-FilterManager
6 15:53:34 08/21/2011
File System Filter 'luafv' (6.0; 2008-01-18T22:59:06.000Z) has successfully load
ed and registered with Filter Manager.
00013 Information Microsoft-Windows-Time-Service
37 15:54:23 08/21/2011
The time provider NtpClient is currently receiving valid time data from CO2-RED-
DC-09.redmond.corp.microsoft.com (ntp.d|[::]:123->[2001:4898:a8:6006:6ab5:99ff:f
eb0:5d14]:123).
00011 Information Microsoft-Windows-GroupPolicy
1502 15:39:56 08/21/2011
The Group Policy settings for the computer were processed successfully. New sett
ings from 36 Group Policy objects were detected and applied.
00010 Information l2nd
16 15:53:11 08/21/2011
Broadcom BCM5708C: Driver initialized successfully.
00010 Information b06bdrv
18 15:53:11 08/21/2011
\Device\NTPNP_PCI0031: Ndis device bound successfully.
00009 Information SNMP
1001 15:56:52 08/21/2011
The SNMP Service has started successfully.
00009 Information Server Administrator
1001 15:56:33 08/21/2011
Server Administrator startup complete
00009 Information Server Administrator
1000 15:56:33 08/21/2011
Server Administrator starting
00009 Information Microsoft-Windows-Time-Service
35 15:54:37 08/21/2011
The time service is now synchronizing the system time with the time source CO2-R
ED-DC-09.redmond.corp.microsoft.com (ntp.d|[::]:123->[2001:4898:a8:6006:6ab5:99f
f:feb0:5d14]:123).
00009 Information Microsoft-Windows-GroupPolicy
1503 13:49:20 08/21/2011
The Group Policy settings for the user were processed successfully. New settings
from 28 Group Policy objects were detected and applied.
00009 Information l2nd
9 15:53:13 08/21/2011
Broadcom BCM5708C: Network controller configured for 100Mb full-duplex link.
00008 Information USER32
1074 15:49:31 08/21/2011
The process C:\Windows\system32\shutdown.exe (TK5CCPWEB01) has initiated the res
tart of computer TK5CCPWEB01 on behalf of user REDMOND\v-ad943 for the following
reason: No title for this reason could be found;; Reason Code: 0x800000ff;; Shu
tdown Type: restart;; Comment:
00008 Information Tcpip
4202 13:42:28 08/21/2011
The system detected that network adapter Local Area Connection* 8 was disconnect
ed from the network and its network configuration has been released. If the netw
ork adapter was not disconnected; this may indicate that it has malfunctioned. T
ry updating the driver for the network adapter.
00008 Information Server Administrator
1012 15:56:33 08/21/2011
IPMI status;;Interface: OS
00008 Information Server Administrator
1008 15:56:34 08/21/2011
Systems Management Data Manager Started
00008 Information MSN_IPAK
9999 16:01:21 08/21/2011
IPAK Installation Completed. See MSNIPAK Eventlog for details
00008 Information MSN_IPAK
1000 16:00:43 08/21/2011
IPAK Installation Starting. See MSNIPAK Eventlog for details
00008 Information Microsoft-Windows-HttpEvent
15008 14:36:38 08/21/2011
Reservation for namespace identified by URL prefix http://+:80/wsman/ was succes
sfully deleted.
00008 Information Microsoft-Windows-HttpEvent
15007 14:36:42 08/21/2011
Reservation for namespace identified by URL prefix https://+:443/sra_{BA195980-C
D49-458b-9E23-C84EE0ADCD75}/ was successfully added.
00008 Information Application Management Group Policy
308 13:49:20 08/21/2011
Changes to software installation settings were applied successfully.
00007 Information Microsoft-Windows-TBS
537 15:58:38 08/21/2011
A compatible Trusted Platform Module (TPM) Security Device cannot be found on th
is computer. TBS could not be started.
00007 Information Microsoft-Windows-NAPIPSecEnf
1 15:56:32 08/21/2011
NAP IPSec Relying Party initialized successfully
00007 Information EventLog
6009 15:53:51 08/21/2011
Microsoft (R) Windows (R) 6.00. 6002 Service Pack 2 Multiprocessor Free.
00007 Information EventLog
6006 15:50:23 08/21/2011
The Event log service was stopped.
00007 Information EventLog
6005 15:53:51 08/21/2011
The Event log service was started.
00006 Warning Microsoft-Windows-Time-Service
131 11:09:19 08/21/2011
NtpClient was unable to set a domain peer to use as a time source because of DNS
resolution error on 'CO2-RED-DC-05.redmond.corp.microsoft.com'. NtpClient will
try again in 15 minutes and double the reattempt interval thereafter. The error
was: No such host is known. (0x80072AF9).
00006 Information Microsoft-Windows-WindowsUpdateClient
27 15:49:40 08/21/2011
Automatic Updates is now paused.
00005 Warning Tcpip
4227 20:11:03 08/11/2011
TCP/IP failed to establish an outgoing connection because the selected local end
point was recently used to connect to the same remote endpoint. This error typic
ally occurs when outgoing connections are opened and closed at a high rate; caus
ing all available local ports to be used and forcing TCP/IP to reuse a local por
t for an outgoing connection. To minimize the risk of data corruption; the TCP/I
P standard requires a minimum time period to elapse between successive connectio
ns from a given local endpoint to a given remote endpoint.
00005 Error Service Control Manager
7000 15:55:05 08/21/2011
The BASFND service failed to start due to the following error: ;;The system cann
ot find the file specified.
00004 Information Server Administrator
2358 13:43:03 08/21/2011
The battery charge cycle is complete.: Battery 0 Controller 0
00004 Information Server Administrator
2243 16:33:55 08/16/2011
The Patrol Read has stopped.: Controller 0 (PERC 5/i Integrated)
00004 Information Server Administrator
2242 12:09:06 08/16/2011
The Patrol Read has started.: Controller 0 (PERC 5/i Integrated)
00004 Information Microsoft-Windows-GroupPolicy
1500 13:00:28 08/21/2011
The Group Policy settings for the computer were processed successfully. There we
re no changes detected since the last successful processing of Group Policy.
00004 Information Microsoft Antimalware
5004 11:18:40 08/21/2011
Microsoft Antimalware Real-time Protection feature configuration has changed.;;
Feature: IE Downloads and Outlook Express Attachments;; Configuration: 0
00003 Warning Microsoft-Windows-Dhcp-Client
1003 11:09:20 08/21/2011
Your computer was not able to renew its address from the network (from the DHCP
Server) for the Network Card with network address 0019B9CDE52B. The following e
rror occurred: ;;The wait operation timed out.. Your computer will continue to t
ry and obtain an address on its own from the network address (DHCP) server.
00003 Warning l2nd
4 11:09:02 08/21/2011
Broadcom BCM5708C: The network link is down. Check to make sure the network cab
le is properly connected.
00003 Information Microsoft-Windows-WindowsUpdateClient
19 12:05:50 08/21/2011
Installation Successful: Windows successfully installed the following update: Up
date for Windows (KB948609)
00003 Information Microsoft-Windows-Service Pack Installer
1 13:51:15 08/21/2011
Service Pack 2 installation started.
00003 Information Microsoft Antimalware
2002 18:16:52 08/17/2011
Microsoft Antimalware engine version has been updated.;; Current Engine V
ersion: 1.1.7604.0;; Previous Engine Version: 1.1.7603.0;; Engine Type: Ant
imalware;; User: NT AUTHORITY\NETWORK SERVICE
00003 Information LsaSrv
45058 10:32:17 08/21/2011
A logon cache entry for user v-kp703@REDMOND.CORP.MICROSOFT.COM was the oldest e
ntry and was removed. The timestamp of this entry was 8/20/2011 3:56:27.
00003 Information Dell - System Update
6048 11:10:59 08/21/2011
Update successful;;Package: RAID_DRVR_WIN_R210510.EXE;;Description: Dell PERC
5/E Adapter; PERC 5/i Integrated; PERC 5/i Adapter; PERC 6/E Adapter; PERC 6/i I
ntegrated; CERC 6/i Integrated; PERC 6/i Adapter; PERC 6/i Integrated Blade; v.2
.24.0.64; A03;;Previous version: 2.23.0.64; New version: 2.24.0.64;;Log file:
C:\Dell\UpdatePackage\log\RAID_DRVR_WIN_R210510.txt;;Exit code = 2 (Reboot requ
ired)
00003 Information b06bdrv
26 11:09:17 08/21/2011
\Device\NTPNP_PCI0033: Ndis device unbound successfully.
00003 Error Service Control Manager
7026 15:56:32 08/21/2011
The following boot-start or system-start driver(s) failed to load: ;;storflt
00002 Information SNMP
1003 11:07:54 08/21/2011
The SNMP Service has stopped successfully.
00002 Information DnsApi
11160 10:50:39 08/21/2011
The system failed to register pointer (PTR) resource records (RRs) for network a
dapter;;with settings:;;;; Adapter Name : {A0FC965D-87E0-497A-9AA8-D38FDB5EBCE
5};; Host Name : TK5CCPWEB01;; Adapter-specific Domain Suffix : redmond.corp
.microsoft.com;; DNS server list :;; 157.54.14.178; 157.54.14.146; 15
7.54.14.162;; Sent update to server : [2001:dc0:1:0:4777::131]:53;; IP Addre
ss : 2002:9d36:598d::9d36:598d;;;; The reason that the system could not register
these RRs was because of a security related problem. The cause of this could be
(a) your computer does not have permissions to register and update the specific
DNS domain name set for this adapter; or (b) there might have been a problem ne
gotiating valid credentials with the DNS server during the processing of the upd
ate request.;;;; You can manually retry DNS registration of the network adapter
and its settings by typing "ipconfig /registerdns" at the command prompt. If pro
blems still persist; contact your DNS server or network systems administrator.
00002 Error Microsoft-Windows-Service Pack Installer
8 13:00:01 08/21/2011
Service Pack installation failed with error code 0x80070040.
00002 Error Microsoft-Windows-Service Pack Installer
7 13:00:01 08/21/2011
Changes to an update() failed during Service Pack installation.;; Identity:
 VistaSP2-KB948465~31bf3856ad364e35~amd64~~6.0.0.18005;; Error Code: 0x0;
; Target State: 4294967280
00001 Warning NETLOGON
5703 10:46:53 08/21/2011
The Netlogon service could not read a mailslot message from The system cannot fi
nd the path specified. due to the following error: ;;03000000
00001 Warning DnsApi
11164 07:10:01 07/23/2011
The system failed to register host (A or AAAA) resource records for network ada
pter;;with settings:;;;; Adapter Name : {EC0AA3FC-E11B-49E9-A14C-48C41DA7D305}
;; Host Name : TK5CCPWEB01;; Primary Domain Suffix : redmond.corp.microsoft.
com;; DNS server list :;; 157.54.14.178; 157.54.14.146; 157.54.14.
162;; Sent update to server : <?>;; IP Address(es) :;; 2001:4898:c8:6032
:210a:1416:5de0:a623; 2001:4898:dc05:d:210a:1416:5de0:a623; 157.54.89.141;;;; Ei
ther the DNS server does not support the DNS dynamic update protocol or the aut
horitative zone for the specified DNS domain name does not accept dynamic updat
es.;;;; To register the DNS host (A or AAAA) resource records using the specific
DNS domain name and IP addresses for this adapter; contact your DNS server or
network systems administrator.
00001 Information Server Administrator
1009 10:59:58 08/21/2011
Systems Management Data Manager Stopped
00001 Information Microsoft-Windows-Service Pack Installer
9 14:15:21 08/21/2011
Service Pack 2 installation succeeded.
00001 Information Dell - System Update
6078 11:10:53 08/21/2011
Update ready to be applied at reboot;;Package: PE2950_BIOS_WIN_2.6.1.EXE - REDM
OND\v-ad943;;Description: Dell Server BIOS; 2.6.1;;Previous version: 2.5.0;;Ne
w version: 2.6.1;;Log file: C:\Dell\UpdatePackage\log\PE2950_BIOS_WIN_2.6.1.tx
t;;Exit code = 2 (Reboot required)
00001 Error TermDD
56 11:10:48 08/21/2011
The Terminal Server security layer detected an error in the protocol stream and
has disconnected the client.
00001 Error Service Control Manager
7034 11:00:06 08/21/2011
The DSM SA Data Manager service terminated unexpectedly. It has done this 1 tim
e(s).
00001 Error Service Control Manager
7032 12:22:54 08/21/2011
The Service Control Manager tried to take a corrective action (Restart the servi
ce) after the unexpected termination of the System Center Management service; bu
t this action failed with the following error: ;;An instance of the service is a
lready running.
00001 Error Service Control Manager
7031 12:21:54 08/21/2011
The System Center Management service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
00001 Error Microsoft-Windows-GroupPolicy
1129 11:09:04 08/21/2011
The processing of Group Policy failed because of lack of network connectivity to
a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for sever
al hours; then contact your administrator.
00001 Error Microsoft-Windows-DistributedCOM
10016 15:31:27 08/21/2011
The application-specific permission settings do not grant Local Launch permissio
n for the COM Server application with CLSID ;;{1CCB96F4-B8AD-4B43-9688-B273F58E0
910};; to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Us
ing LRPC). This security permission can be modified using the Component Services
administrative tool.
00001 Error Microsoft-Windows-DistributedCOM
10010 11:55:05 08/21/2011
The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM wit
hin the required timeout.

********************************************************************************
********************
Event log:Operations Manager
01276 Information Health Service Script
6022 16:00:00 08/21/2011
LogEndToEndEvent.js : This event is logged to the Windows Event Log periodically
to test a event collection.
00684 Information Health Service Script
3002 15:58:05 08/21/2011
SystemCenterCentral.Utilities.Certificates.LocalScriptProbe.vbs : Discovery: The
certificate verification script found 3 certificates and CRLs stored locally on
this computer in the certificate store 'My'.
00335 Information Health Service Script
14011 15:55:07 08/21/2011
Management Group: OPPROD;;Application Name: ErrorLog;;Script Source: Discovery :
;;End Discovery!
00335 Information Health Service Script
14003 15:55:07 08/21/2011
Management Group: OPPROD;;Application Name: ErrorLog;;Script Source: Discovery :
;;Error Log Constraint: [ { Application : 'Banshee';ErrorTables : [ { Criteria
: '';DB : 'ProxyBlockTool';DateTime : { ColumnName : 'ErrorDateTime';DayOrHourOr
Minute : 'Hour';From : '-1'};ErrorTable : 'ErrorLog';Servers : [ { Name : 'TK5TW
CBANSQL01' } ]} ]};{ Application : 'Cortana';ErrorTables : [ { Criteria : '';DB
: 'CortanaCaptureDB';DateTime : { ColumnName : 'ErrorDate';DayOrHourOrMinute : '
Hour';From : '-1'};ErrorTable : 'ErrorLog';Servers : [ { Name : 'Tk5NimonCaptuDB
' } ]};{ Criteria : '';DB : 'CortanaControlDB';DateTime : { ColumnName : 'Create
dDate';DayOrHourOrMinute : 'Hour';From : '-1'};ErrorTable : 'ErrorLog';Servers :
[ { Name : 'TK5NIMONCONFSQL' } ]}]};{ Application : 'Priya';ErrorTables : [ { C
riteria : '';DB : 'IDB';DateTime : { ColumnName : 'CreatedDate';DayOrHourOrMinut
e : 'Hour';From : '-1'};ErrorTable : 'ErrorLog';Servers : [ { Name : 'TWCPRIYASQ
L02' } ]} ]};{ Application : 'ICE';ErrorTables : [ { Criteria : 'EventCode=\'NM1
005\' AND IsSuccess=0';DB : 'ICE4';DateTime : { ColumnName : 'EventDateTime';Day
OrHourOrMinute : 'Hour';From : '-1'};ErrorTable : 'ErrorLog';Servers : [ { Name
: 'CO1ICESQL03' } ]} ]}; { Application : 'Colossus';ErrorTables : [ { Criteria :
 '';DB : 'FileHash';DateTime : { ColumnName : 'ErrorDateTime';DayOrHourOrMinute
: 'Hour';From : '-1'};ErrorTable : 'ErrorLog';Servers : [ { Name : 'TK5TWCORKOSQ
L01' } ]};{ Criteria : '';DB : 'FEP_DataCenter';DateTime : { ColumnName : 'Error
DateTime';DayOrHourOrMinute : 'Hour';From : '-1'};ErrorTable : 'ErrorLog';Server
s : [ { Name : 'TK5TWCORKOSQL01' } ]} ]}]
00335 Information Health Service Script
14000 15:55:07 08/21/2011
Management Group: Unknown;;Application Name: ErrorLog;;Script Source: Discovery
: ;;Discovery- Arguments: ;;{165A309B-4BFD-6A12-A132-118583926606};;{9FB919F0-15
CB-EE18-D81A-7E44116D85A2};;TK5CCPWEB01.redmond.corp.microsoft.com;;OPPROD;;[ {
Application : 'Banshee';ErrorTables : [ { Criteria : '';DB : 'ProxyBlockTool';Da
teTime : { ColumnName : 'ErrorDateTime';DayOrHourOrMinute : 'Hour';From : '-1'};
ErrorTable : 'ErrorLog';Servers : [ { Name : 'TK5TWCBANSQL01' } ]} ]};{ Applicat
ion : 'Cortana';ErrorTables : [ { Criteria : '';DB : 'CortanaCaptureDB';DateTime
: { ColumnName : 'ErrorDate';DayOrHourOrMinute : 'Hour';From : '-1'};ErrorTable
: 'ErrorLog';Servers : [ { Name : 'Tk5NimonCaptuDB' } ]};{ Criteria : '';DB : '
CortanaControlDB';DateTime : { ColumnName : 'CreatedDate';DayOrHourOrMinute : 'H
our';From : '-1'};ErrorTable : 'ErrorLog';Servers : [ { Name : 'TK5NIMONCONFSQL'
} ]}]};{ Application : 'Priya';ErrorTables : [ { Criteria : '';DB : 'IDB';DateT
ime : { ColumnName : 'CreatedDate';DayOrHourOrMinute : 'Hour';From : '-1'};Error
Table : 'ErrorLog';Servers : [ { Name : 'TWCPRIYASQL02' } ]} ]};{ Application :
'ICE';ErrorTables : [ { Criteria : 'EventCode=\'NM1005\' AND IsSuccess=0';DB : '
ICE4';DateTime : { ColumnName : 'EventDateTime';DayOrHourOrMinute : 'Hour';From
: '-1'};ErrorTable : 'ErrorLog';Servers : [ { Name : 'CO1ICESQL03' } ]} ]}; { Ap
plication : 'Colossus';ErrorTables : [ { Criteria : '';DB : 'FileHash';DateTime
: { ColumnName : 'ErrorDateTime';DayOrHourOrMinute : 'Hour';From : '-1'};ErrorTa
ble : 'ErrorLog';Servers : [ { Name : 'TK5TWCORKOSQL01' } ]};{ Criteria : '';DB
: 'FEP_DataCenter';DateTime : { ColumnName : 'ErrorDateTime';DayOrHourOrMinute :
'Hour';From : '-1'};ErrorTable : 'ErrorLog';Servers : [ { Name : 'TK5TWCORKOSQL
01' } ]} ]}]
00335 Information Health Service Script
12812 15:55:07 08/21/2011
Dicovery Data Returned : Successful
00335 Information Health Service Script
12810 15:55:07 08/21/2011
Dicovery agent job instance number: : 0
00335 Information Health Service Script
12804 15:55:07 08/21/2011
Management Group:OPPROD;;Script Source: NetSec agent job Discovery : ;;Parse age
nt job constraint successfully
00335 Information Health Service Script
12802 15:55:07 08/21/2011
Parameters : Parameter Number:5;;{99F5A18C-5EC2-E289-EE75-A5D78F8C0ECD};;{9FB919
F0-15CB-EE18-D81A-7E44116D85A2};;TK5CCPWEB01.redmond.corp.microsoft.com;;OPPROD;
;[{Application:'AltCreds';ServerName:'TK5TWCALTSQL01';Jobs:[{JobName:'Import_Nig
htCrawlerData';Threshold:720};{JobName:'Import_MangooseCases';Threshold:720};{Jo
bName:'AddYearlyPartitionTable';Threshold:720};{JobName:'AddPartitionToNCView';T
hreshold:720}]};{Application:'Banshee';ServerName:'TK5TWCBANSQL01';Jobs:[{JobNam
e:'DeleteTMGLogfiles';Threshold:720};{JobName:'JobBlockURLIPFromBotnet';Threshol
d:720}]};{Application:'BIPS';ServerName:'TWCBIPSSQL01';Jobs:[{JobName:'BIPS_Pull
AdminHandlingCasesFromCRMDB';Threshold:720};{JobName:'BIPS_DetectServerConnectio
n';Threshold:720};{JobName:'BIPS_SyncRegionWithPriyaIDB';Threshold:720};{JobName
:'BIPS_GetUpdateFromCRM';Threshold:720};{JobName:'BIPS_CaseProcessingAgentJob';T
hreshold:720};{JobName:'BIPS_ErrorLogEmailToSENotificationOP';Threshold:720};{Jo
bName:'BIPS_SyncExternalDatasources';Threshold:720}]};{Application:'Browser Usag
e Reporting';ServerName:'NSLAB-RH-IBU';Jobs:[{JobName:'DailyWebProxyCollector';T
hreshold:2880};{JobName:'ReportExportNotifier';Threshold:2880};{JobName:'WeeklyC
ollector';Threshold:2880};{JobName:'WeeklyConsolidateBU';Threshold:4320};{JobNam
e:'WeeklyPurge';Threshold:2880}]};{Application:'DB Exporter';ServerName:'NetSecS
emRpt01';DBInstanceName:'MSSQLSERVER2008';PortNumber:52000; Jobs:[{JobName:'Deco
mpressionLogs_APAC_21';Threshold:720};{JobName:'DeleteCompressedFiles_InstanceID
_1';Threshold:720};{JobName:'DeleteCompressedFiles_InstanceID_2';Threshold:720};
{JobName:'DecompressionLogs_NA_16';Threshold:720};{JobName:'DecompressionLogs_EM
EA_33';Threshold:720};{JobName:'DecompressionLogs_NA2_52';Threshold:720};{JobNam
e:'DeleteCompressedFiles_InstanceID_9';Threshold:720};{JobName:'FindProxyState';
Threshold:720};{JobName:'DBExporterMonitoringJob';Threshold:720};{JobName:'Decom
pressionLogs_APAC_25';Threshold:720};{JobName:'DecompressionLogs_NA3_TMG_62';Thr
eshold:720};{JobName:'ReprocessJob';Threshold:720};{JobName:'DecompressionLogs_N
A2_54';Threshold:720};{JobName:'DeleteCompressedFiles_InstanceID_10';Threshold:7
20};{JobName:'DecompressionLogs_APAC_24';Threshold:720};{JobName:'DecompressionL
ogs_Japan_41';Threshold:720};{JobName:'DeleteCompressedFiles_InstanceID_11';Thre
shold:720};{JobName:'GetFileListFromDBExporter';Threshold:720};{JobName:'Decompr
essionLogs_NA_15';Threshold:720};{JobName:'DecompressionLogs_NA_13';Threshold:72
0};{JobName:'DecompressionLogs_EMEA_34';Threshold:720};{JobName:'FindDiskSpace';
Threshold:720};{JobName:'DecompressionLogs_APAC_22';Threshold:720};{JobName:'Dec
ompressionLogs_NA2_55';Threshold:720};{JobName:'DecompressionLogs_NA3_TMG_61';Th
reshold:720};{JobName:'DecompressionLogs_NA_11';Threshold:720};{JobName:'Decompr
essionLogs_EMEA_32';Threshold:720};{JobName:'UpdateFilelist_Compression_FailureF
iles';Threshold:720};{JobName:'DecompressionLogs_NA_14';Threshold:720};{JobName:
'DecompressionLogs_EMEA_31';Threshold:720};{JobName:'DecompressionLogs_Japan_43'
;Threshold:720};{JobName:'DecompressionLogs_NA2_53';Threshold:720};{JobName:'Dec
ompressionLogs_EMEA_35';Threshold:720};{JobName:'AssignCompressedFilesToJobs';Th
reshold:720};{JobName:'DeleteCompressedFiles_InstanceID_8';Threshold:720};{JobNa
me:'DecompressionLogs_NA3_TMG_65';Threshold:720};{JobName:'DecompressionLogs_NA_
12';Threshold:720};{JobName:'DecompressionLogs_Japan_42';Threshold:720};{JobName
:'DecompressionLogs_NA3_TMG_64';Threshold:720};{JobName:'DecompressionLogs_NA3_T
MG_63';Threshold:720};{JobName:'DecompressionLogs_APAC_23';Threshold:720};{JobNa
me:'DecompressionLogs_NA2_51';Threshold:720}]};{Application:'Mongoose';ServerNam
e:'TKCRMSQL011SG6';Jobs:[{JobName:'ImportBusinessGroupsDataIntoMongoose';Thresho
ld:720}]};{Application:'Colossus';ServerName:'TK5TWCORKOSQL01';Jobs:[{JobName:'D
elete_Logs';Threshold:720};{JobName:'OWA_ETL_Delay';Threshold:720};{JobName:'Man
age DHCP Partition';Threshold:720};{JobName:'FEP_PurgeObsoleteData';Threshold:72
0};{JobName:'SMS_ETL';Threshold:720};{JobName:'Manage WGIA Partition';Threshold:
720};{JobName:'WGIA_ETL';Threshold:720};{JobName:'ImportWebProxy_DataCenterMachi
nes';Threshold:720};{JobName:'GetLogAttributes-OWA';Threshold:720};{JobName:'Man
age FEP Partition';Threshold:720};{JobName:'SER_ETL';Threshold:720};{JobName:'FE
P_DataCollector';Threshold:720};{JobName:'ARP_ETL';Threshold:720};{JobName:'DHCP
_ETL';Threshold:720};{JobName:'Radius_ETL';Threshold:720};{JobName:'syspolicy_pu
rge_history';Threshold:720};{JobName:'OWA_ETL_Daily';Threshold:720};{JobName:'Ge
tLogAttributes-DHCP';Threshold:720};{JobName:'GetLogAttributes-ExchangeAV';Thres
hold:720};{JobName:'ExchangeAV_ETL';Threshold:720};{JobName:'Manage ExchangeAV P
artition';Threshold:720};{JobName:'ExchangeAV_DeleteProcessedLogs';Threshold:720
}]};{Application:'Colossus';ServerName:'TK5TWCORKOAPP01';Jobs:[{JobName:'dhcp_Co
pyLogs_MainProcess_new';Threshold:720};{JobName:'DeleteOWALogFiles';Threshold:72
0};{JobName:'syspolicy_purge_history';Threshold:720};{JobName:'Sync DHCPServers'
;Threshold:720};{JobName:'GetExchangeAVLogs';Threshold:720}]};{Application:'Colo
ssus';ServerName:'NETSECSEMSQL03';Jobs:[{JobName:'RunSSISPkg';Threshold:720};{Jo
bName:'update_ISAIDS_ProxyServers';Threshold:720};{JobName:'Add_Partition_ISAIDS
';Threshold:720};{JobName:'create_Partitions_ISA_IDS';Threshold:720};{JobName:'I
SAIDS_Pull_Proxy_Events';Threshold:720};{JobName:'syspolicy_purge_history';Thres
hold:720}]};{Application:'Network Tools DB';ServerName:'ITSECSEMSQL01';Jobs:[{Jo
bName:'[NetworkTools] Feedstore Pull';Threshold:720};{JobName:'[Setninel6.1]Prox
yServerList';Threshold:720}]};{Application:'Night Crawler';ServerName:'TK5TWCACS
DW01';Jobs:[{JobName:'Drop_AND_AddDailyPartition';Threshold:720};{JobName:'DropF
actStagingDW_Table';Threshold:720};{JobName:'DropWorkstationStagingDW_Table';Thr
eshold:720};{JobName:'Extract stage';Threshold:720};{JobName:'NightCrawlerCollec
torFilterDeployFailureNotification';Threshold:720};{JobName:'NightCrawlerCollect
orFilterDeploySuccessNotification';Threshold:720};{JobName:'NightCrawlerCollecto
rFilterMonitoring';Threshold:720};{JobName:'NightCrawlerDWBolusTest4ACSDB';Thres
hold:720};{JobName:'NightCrawlerDWRowCountStatistics';Threshold:720};{JobName:'N
ightCrawlerForwarderMonitoring4HourReport';Threshold:720};{JobName:'NightCrawler
ForwarderMonitoringWeeklyrReport';Threshold:720};{JobName:'Space_for_Autogrowth'
;Threshold:720};{JobName:'SwitchPartition';Threshold:720};{JobName:'WS_ExtractET
L';Threshold:720};{JobName:'WS_ExtractStage';Threshold:720};{JobName:'Manage DA
Partition';Threshold:720};{JobName:'DAFeedImport';Threshold:720};{JobName:'Impor
tIP2CountryRange';Threshold:720}]};{Application:'Night Crawler';ServerName:'TK5T
WCACSETL01';Jobs:[{JobName:'NC_ExtractETL';Threshold:720}]};{Application:'Night
Crawler';ServerName:'TK5TWCDADB01';Jobs:[{JobName:'ImportIP2CountryRange';Thresh
old:720}]};{Application:'Search stat reporting';ServerName:'NSLab-RB-30';Jobs:[{
JobName:'SearchStats_Import_BusinessGroups';Threshold:720};{JobName:'SearchStats
_Import_Countries';Threshold:720};{JobName:'SearchStats_Import_CrmFeedstoreListL
astUpdated';Threshold:720};{JobName:'SearchStats_Import_Netlogon';Threshold:720}
;{JobName:'SearchStats_Import_WebProxyData';Threshold:720};{JobName:'SearchStats
_Process_SearchStatsMonthly';Threshold:720};{JobName:'SearchStats_Import_SearchS
tatsMonthlyDetail_Netsec';Threshold:720};{JobName:'SearchStats_Import_PullWebPro
xyData';Threshold:720}]};{Application:'ICE4';ServerName:'CO1ICESQL04';Jobs:[{Job
Name:'Filter E-Mail Import';Threshold:720};{JobName:'DeleteEmailLogs';Threshold:
720};{JobName:'DeleteE14E-MailLogFiles';Threshold:720}]};{Application:'ICE4';Ser
verName:'CO1ICESQL03';Jobs:[{JobName:'Daily Report Mail';Threshold:720};{JobName
:'FeedStore Refresh';Threshold:720};{JobName:'ImportITConfigServers';Threshold:7
20};{JobName:'UpdateStatisticsForWebProxy';Threshold:720};{JobName:'LOG_USER_QUE
RIES';Threshold:720};{JobName:'Middle Layer Tables Refresh Job';Threshold:720};{
JobName:'ReCreate_ice_vw_GetConsolidatedFacts';Threshold:720};{JobName:'SlidingW
indowForFirewall';Threshold:720};{JobName:'SlidingWindowForWeb';Threshold:720};{
JobName:'UpdateStatisticsForFirewall';Threshold:720}]}];;
00335 Information Health Service Script
12210 15:55:07 08/21/2011
Dicovery Data Returned : Successful
00334 Information Health Service Script
12601 15:55:07 08/21/2011
Management Group:OPPROD;;Application Name : Microsoft.NetSec.OPM.Application.Url
Class;;Script Source: discovery;;version:.27 : ;;arguments:;;{EE242D4B-48EF-F8C0
-52CE-BF07ED9C5FAB};;{9FB919F0-15CB-EE18-D81A-7E44116D85A2};;TK5CCPWEB01.redmond
.corp.microsoft.com;;OPPROD;;[{Application: 'AltCreds' ;Urls:[{Name:'AltCreds Pr
od';Url:'https://nsacctrpt';server:'nslab-ra-17'}]};{Application: 'Banshee' ;Url
s:[{Name:'Banshee Prod';Url:'https://proxyblock';server:'nslab-ra-17'};{Name:'Ba
nshee extranet Website';Url:'http://CO1TWCBANAPP01.partners.extranet.microsoft.c
om/httpMonitor.asmx';server:'nslab-ra-17'}]};{Application: 'BIPS' ;Urls:[{Name:'
BIPS Prod';Url:'https://bipscm';server:'nslab-ra-17'}]};{Application: 'Cortana'
;Urls:[{Name:'Cortana Prod';Url:'https://nscortana';server:'nslab-ra-17'}]};{App
lication: 'Mongoose' ;Urls:[{Name:'Mongoose Prod';Url:'https://nscrm';server:'ns
lab-ra-17'}]};{Application: 'Portshut' ;Urls:[{Name:'Portshut';Url:'https://nspo
rtshut/';server:'nslab-ra-17'}]};{Application: 'Priya' ;Urls:[{Name:'Priya Prod'
;Url:'https://nscrm';server:'nslab-ra-17'}]};{Application: 'Report it now' ;Urls
:[{Name:'ReportItNow Prod';Url:'http://vm_corpseciis/';server:'nslab-ra-17'}]};{
Application: 'MEERA' ;Urls:[{Name:'MERA Prod';Url:'https://meeracm';server:'nsla
b-ra-17'}]};{Application: 'Nsinv-Request' ;Urls:[{Name:'NSINV Prod';Url:'http://
nsinv-request';server:'nslab-ra-17'}]};{Application: 'SearchStat' ;Urls:[{Name:'
SearchStat Prod';Url:'http://searchstats';server:'nslab-ra-17'}]};{Application:
'CaseLookup' ;Urls:[{Name:'CaseLookup Prod';Url:'https://nsi-litweb';server:'ns
lab-ra-17'}]}]
00334 Information Health Service Script
 12208 15:55:07 08/21/2011
Dicovery service instance number: : 0
00334 Information Health Service Script
12206 15:55:07 08/21/2011
Management Group:OPPROD;;Script Source: NetSec Services Discovery : ;;Parse serv
ice constraint successfully
00334 Information Health Service Script
12202 15:55:07 08/21/2011
Parameters : Parameter Number:5;;{A458E1EB-BE8E-F504-EFA0-6C986FA54B99};;{9FB919
F0-15CB-EE18-D81A-7E44116D85A2};;TK5CCPWEB01.redmond.corp.microsoft.com;;OPPROD;
;[{Application: 'Banshee';Services:[{service:'ProxyBlockService'; servers:'TK5TW
CBANSQL01'}]};{Application: 'BIPS';Services:[{service:'BipsUpdateToMongoose'; se
rvers:'TWCBIPSSQL01'}]};{Application: 'Browser Usage Reporting';Services:[{servi
ce:'MSSQLSERVER'; servers:'NSLAB-RH-IBU'};{service:'SQLSERVERAGENT'; servers:'NS
LAB-RH-IBU'}]};{Application: 'Cortana';Services:[{service:'Cortana Configuration
Service'; servers:'TK5NimonconfSQL'};{service:'Cortana Data Collection Service'
; servers:['NSNIMLODAPAC';'NSNIMLODEMEA';'Tk5NimonLoader1';'Tk5NimonLoader2']};{
service:'CortanaDataLoadingService'; servers:['Tk5NimonCaptuDB';'NSNIMLODAPAC';'
Tk5NimonLoader1';'Tk5NimonLoader2']};{service:'Cortana Data Analysis Service'; s
ervers:'Tk5NimonCaptuDB'}]};{Application: 'DB Exporter';Services:[{service:'DbEx
porter'; servers:['NetSecSemRpt01';'NETSECNAIDB1';'NETSECDBEXP03';'NETSECAPACIDB
';'NETSECDBEXPAPAC';'NETSECEMEAIDB1']};{service:'CompressionService'; servers:['
CO1ACSCORPDB03';'NETSECAPACIDB';'NETSECDBEXPAPAC';'NETSECEMEAIDB1';'NETSECDBEXPN
A4']}]};{Application: 'Mongoose';Services:[{service:'MSCRMEmail'; servers:'TKCRM
WEB01SG6'};{service:'MSCRMAsyncService'; servers:'TKCRMWEB01SG6'};{service:'MSSQ
LSERVER'; servers:'TKCRMSQL011SG6'}]};{Application: 'Colossus';Services:[{servic
e:'OWALogExporter'; servers:'TK5TWCORKOAPP01'}]};{Application: 'Orko';Services:[
{service:'MSSQLSERVER'; servers:'CO1TWCRPTSQL01'};{service:'SQLSERVERAGENT'; ser
vers:'CO1TWCRPTSQL01'}]};{Application: 'Sentinel';Services:[{service:'SCSsvc'; s
ervers:'NETSECMSDUTL03'}; {service:'Sentinel'; servers:'NETSECSEMCOR03'}; {servi
ce:'BotNetService'; servers:'NETSECMSDUTL03'}]};{Application: 'NightCrawler';Ser
vices:[{service:'AdtServer'; servers:['TK5TWCACSC02';'TK5TWCACSC04';'TK5TWCACSC0
5';'TK5TWCACSC06';'TK5TWCACSC10']}]}];;
00238 Information OpsMgr Connector
21024 16:04:59 08/21/2011
OpsMgr's configuration may be out-of-date for management group xitmon; and has r
equested updated configuration from the Configuration Service. The current(out-o
f-date) state cookie is "A6 89 DF E7 13 56 05 E5 94 FC 89 CC E9 4E 9B 48 80 70 F
5 2F "
00190 Information HealthService
7026 16:05:06 08/21/2011
The Health Service successfully logged on the RunAs account REDMOND\_xmonam for
management group xitmon
00188 Warning HealthService
7001 15:54:40 08/21/2011
The password for RunAs account REDMOND\_xmonam for management group xitmon is ex
piring on Friday; December 03; 2010. If the password is not updated by then; th
e health service will not be able to monitor or perform actions using this RunAs
account. There are -261 days left before expiration.
00170 Information Health Service Modules
10113 15:55:02 08/21/2011
Taking a New Global Snapshot.
00166 Information HealthService
 1210 15:56:14 08/21/2011
New configuration became active. Management group "xitmon"; configuration id:"A6
89 DF E7 13 56 05 E5 94 FC 89 CC E9 4E 9B 48 80 70 F5 2F ".
00166 Information Health Service Modules
10111 16:04:42 08/21/2011
Deleting Global Snapshot.
00140 Information OpsMgr Connector
21026 15:55:10 08/21/2011
OpsMgr has received confirmation for management group xitmon from the Configurat
ion Service that our existing configuration is up-to-date. The current state
cookie is "25 AB 26 79 3A C8 B4 80 C3 14 B3 9B 90 C7 B4 44 7D D9 0A 9F "
00140 Information HealthService
7019 15:54:40 08/21/2011
The Health Service has validated all RunAs accounts for management group OpsMgr0
7CORPMT04.
00126 Information Health Service Script
8501 15:55:07 08/21/2011
Management Group:OPPROD;;Data feed Name : ICE.SingleFirewallProxy;;Script Source
: discovery;;version:.26 : ;;arguments:;;{C25F07CB-6375-9EDE-DB10-F2A3D60D232E};
;{9FB919F0-15CB-EE18-D81A-7E44116D85A2};;TK5CCPWEB01.redmond.corp.microsoft.com;
;OPPROD;;CO1ICESQL03;;specialSQLServerInstanceName;;0;;-10;;0;;day
00126 Information Health Service Script
8401 15:55:07 08/21/2011
Management Group:OPPROD;;Data feed Name : ICE.FirewallProxy;;Script Source: disc
overy;;version:.26 : ;;arguments:;;{1C40E1F5-9476-E286-5C86-C975CA04F403};;{9FB9
19F0-15CB-EE18-D81A-7E44116D85A2};;TK5CCPWEB01.redmond.corp.microsoft.com;;OPPRO
D;;CO1ICESQL03;;specialSQLServerInstanceName;;0;;-10;;0;;day
00126 Information Health Service Script
8301 15:55:07 08/21/2011
Management Group:OPPROD;;Data feed Name : ICE.SingleWebProxy;;Script Source: dis
covery;;version:.26 : ;;arguments:;;{B2A3D236-A885-6848-838C-D17D0D361D42};;{9FB
919F0-15CB-EE18-D81A-7E44116D85A2};;TK5CCPWEB01.redmond.corp.microsoft.com;;OPPR
OD;;CO1ICESQL03;;specialSQLServerInstanceName;;0;;-10;;0;;day
00126 Information Health Service Script
8201 15:55:07 08/21/2011
Management Group:OPPROD;;Data feed Name : ICE.WebProxy;;Script Source: discovery
;;version:.26 : ;;arguments:;;{6D48AED3-1198-6F16-D488-40A7CC7FE8BC};;{9FB919F0-
15CB-EE18-D81A-7E44116D85A2};;TK5CCPWEB01.redmond.corp.microsoft.com;;OPPROD;;CO
1ICESQL03;;specialSQLServerInstanceName;;0;;-10;;0;;day
00097 Information Health Service Script
8639 15:55:07 08/21/2011
Management Group: OPPROD;;Data Feed Name: NetLogon;;Script Source: Discovery : ;
;End Discovery!
00097 Information Health Service Script
8631 15:55:07 08/21/2011
Management Group: ;;Data Feed Name: NetLogon;;Script Source: Discovery : ;;Disco
very- Arguments: {{D8CEE60D-1DF4-F9AC-B87F-7FCC8F6FCADB}} {{9FB919F0-15CB-EE18-
D81A-7E44116D85A2}} {TK5CCPWEB01.redmond.corp.microsoft.com} {CO1ICESQL03} {OPPR
OD} {specialSQLServerInstanceName} {0} {-1} {0} {Hour}
00097 Information Health Service Script
 8609 15:55:07 08/21/2011
Management Group: OPPROD;;Data Feed Name: NetLogon;;Script Source: Discovery : ;
;End Discovery!
00097 Information Health Service Script
8601 15:55:07 08/21/2011
Management Group: ;;Data Feed Name: NetLogon;;Script Source: Discovery : ;;Disco
very- Arguments: {{9C0229A7-A675-B779-C737-C1003ED5C79C}} {{9FB919F0-15CB-EE18-
D81A-7E44116D85A2}} {TK5CCPWEB01.redmond.corp.microsoft.com} {CO1ICESQL03} {OPPR
OD} {specialSQLServerInstanceName} {0} {-1} {0} {Hour}
00090 Information HealthService
7006 15:54:38 08/21/2011
The Health Service has published the public key [79 86 D7 5E AA 9A 16 87 48 CF E
D 7F 14 E9 03 5C ] used to send it secure messages to management group OpsMgr07C
ORPMT04. This message only indicates that the key is scheduled for delivery; n
ot that delivery has been confirmed.
00090 Information HealthService
2002 15:54:36 08/21/2011
Management Group "xitmon" was started.
00084 Information OpsMgr Connector
21025 16:05:05 08/21/2011
OpsMgr has received new configuration for management group xitmon from the Confi
guration Service. The new state cookie is "A6 9B AF 75 CA 4F 6A 10 35 11 76 DC
BF 83 A6 35 C5 B4 A3 9B "
00084 Information HealthService
7028 16:05:06 08/21/2011
All RunAs accounts for management group xitmon have the correct logon type.
00084 Information HealthService
7025 16:05:06 08/21/2011
The Health Service has authorized all configured RunAs accounts to execute for m
anagement group xitmon.
00084 Information HealthService
7023 16:05:06 08/21/2011
The Health Service has downloaded secure configuration for management group xitm
on successfully.
00082 Information HealthService
7024 16:05:06 08/21/2011
The Health Service successfully logged on all accounts for management group xitm
on
00060 Information OpsMgr Connector
20063 15:54:36 08/21/2011
Active Directory Integration has been disabled for management group xitmon.
00057 Error Health Service Modules
11903 15:55:00 08/21/2011
The Microsoft Operations Manager Expression Filter Module could not convert the
received value to the requested type. ;;;;Property Expression: Params/Param[4] ;
;;;Property Value: -261 ;;;;Conversion Type: DataItemElementTypeUnsignedInteger(
6) ;;;;Original Error: 0x80FF005A ;;;;One or more workflows were affected by thi
s. ;;;;Workflow name: Microsoft.SystemCenter.HealthServiceRunAsAccounts.Expirat
ionCheck.Unit ;;Instance name: TK5CCPWEB01.redmond.corp.microsoft.com ;;Instance
ID: {5AFCAD07-FA4F-703E-2CCF-A298AB108B86} ;;Management group: xitmon
00054 Information OpsMgr Connector
20013 15:54:36 08/21/2011
The OpsMgr Connector successfully retrieved policy from Active Directory for man
agement group OpsMgr07CORPMT04.
00050 Information Health Service Modules
10112 16:04:42 08/21/2011
Received registry notification for performance counter creation or deletion.
00048 Information Health Service Script
11600 15:55:07 08/21/2011
Management Group: ;;Data Feed Name: ALTCreds;;Script Source: Discovery : ;;Disco
very - Arguments: {{8466A92A-D271-682F-33A4-89C3B6A11CF2}} {{9FB919F0-15CB-EE18
-D81A-7E44116D85A2}} {TK5CCPWEB01.redmond.corp.microsoft.com} {TK5TWCALTSQL01} {
specialSQLServerInstanceName} {0} {-2} {0} {day} {OPPROD}
00048 Information Health Service Script
10800 15:55:07 08/21/2011
Management Group: ;;Data Feed Name: ACS;;Script Source: Discovery : ;;Discovery
- Arguments: {{32657398-DF8A-1901-3AEE-C0469DA2BE40}} {{9FB919F0-15CB-EE18-D81A
-7E44116D85A2}} {TK5CCPWEB01.redmond.corp.microsoft.com} {TK5TWCACSDB02;TK5TWCAC
SDB04;TK5TWCACSDB05;TK5TWCACSDB06;NSLAB-RA-17;TK5TWCACSDB10} {-2} {0} {Hour} {OP
PROD}
00046 Information HealthService
5500 15:54:59 08/21/2011
Frequent state change requests caused the incoming state change request to be dr
opped due to it being older than the currently recorded state change for this mo
nitor. This could also be due to an invalid configuration for this monitor. ;;;
;Affected monitor: Microsoft.Windows.Server.2008.OperatingSystem.WorkstationServ
iceHealth ;;Instance: Microsoftr Windows Serverr 2008 Enterprise ;;Instance ID:
A1D6CD72-ACBF-C3BC-7C5A-FB7C81779435 ;;Management Group: xitmon ;;;;Request gen
erated time: 2011-08-21T08:54:59.4644787-07:00 ;;Requested state: Success ;;;;Re
corded time: 2011-08-21T08:54:59.6829374-07:00 ;;Recorded state Success
00037 Warning Health Service Modules
10102 15:54:59 08/21/2011
In PerfDataSource; could not resolve counter ASM Networking Diagnostics; ICMP.Ro
undTripTime; All Instances. Module will not be unloaded. ;;;;One or more workflo
ws were affected by this. ;;;;Workflow name: MomUIGeneratedRulec41a307ae59d49b2
978fb4f773cafecf ;;Instance name: TK5CCPWEB01.redmond.corp.microsoft.com ;;Insta
nce ID: {9FB919F0-15CB-EE18-D81A-7E44116D85A2} ;;Management group: xitmon
00036 Information Health Service Script
9809 15:55:07 08/21/2011
Management Group: OPPROD;;Data Feed Name: AVBSubmit;;Script Source: Discovery :
;;End Discovery!
00036 Information Health Service Script
9801 15:55:07 08/21/2011
Management Group: ;;Data Feed Name: AVBSubmit;;Script Source: Discovery : ;;Disc
overy- Arguments: {{57A0A4B0-B01C-86CD-524D-20E826CF80EF}} {{9FB919F0-15CB-EE18
-D81A-7E44116D85A2}} {TK5CCPWEB01.redmond.corp.microsoft.com} {TK5TWCORKOSQL01}
{OPPROD} {specialSQLServerInstanceName} {0} {-3} {0} {Day}
00036 Information Health Service Script
9400 15:55:07 08/21/2011
Management Group: ;;Data Feed Name: Feedstore;;Script Source: Discovery : ;;Disc
overy - Arguments: {{25C432CE-2116-20C6-E7FE-A9C02AB5587B}} {{9FB919F0-15CB-EE1
8-D81A-7E44116D85A2}} {TK5CCPWEB01.redmond.corp.microsoft.com} {ITSECSEMSQL01} {
specialSQLServerInstanceName} {0} {-7} {0} {day} {OPPROD}
00036 Information Health Service Script
8800 15:55:07 08/21/2011
Management Group: ;;Data Feed Name: ICEEmail;;Script Source: Discovery : ;;Disco
very - Arguments: {{F478DF1E-FE4C-B58E-85F3-0CCCB0B61F5B}} {{9FB919F0-15CB-EE18
-D81A-7E44116D85A2}} {TK5CCPWEB01.redmond.corp.microsoft.com} {CO1ICESQL03} {spe
cialSQLServerInstanceName} {0} {-3} {0} {day} {OPPROD}
00036 Information Health Service Script
7809 15:55:07 08/21/2011
Management Group: OPPROD;;Data Feed Name: FEP;;Script Source: Discovery : ;;End
Discovery!
00036 Information Health Service Script
7801 15:55:07 08/21/2011
Management Group: ;;Data Feed Name: FEP;;Script Source: Discovery : ;;Discovery-
Arguments: {{424A0913-8571-8694-BE69-F17D20A1619F}} {{9FB919F0-15CB-EE18-D81A-
7E44116D85A2}} {TK5CCPWEB01.redmond.corp.microsoft.com} {TK5TWCORKOSQL01} {OPPRO
D} {specialSQLServerInstanceName} {0} {-6} {0} {Hour}
00036 Information Health Service Script
7601 15:55:07 08/21/2011
Management Group:OPPROD;;Data feed Name : Colossus.WebProxy;;Script Source: disc
overy;;version:.26 : ;;arguments:;;{6A091D49-6CEF-C834-23D4-EFEB6AEA4D92};;{9FB9
19F0-15CB-EE18-D81A-7E44116D85A2};;TK5CCPWEB01.redmond.corp.microsoft.com;;OPPRO
D;;TK5TWCORKOSQL01;;specialSQLServerInstanceName;;0;;-3;;-2;;day
00036 Information Health Service Script
7409 15:55:07 08/21/2011
Management Group: OPPROD;;Data Feed Name: SMS;;Script Source: Discovery : ;;End
Discovery!
00036 Information Health Service Script
7401 15:55:07 08/21/2011
Management Group: ;;Data Feed Name: SMS;;Script Source: Discovery : ;;Discovery-
Arguments: {{DC6CBA11-03EE-6D22-DE47-FF9387DD0991}} {{9FB919F0-15CB-EE18-D81A-
7E44116D85A2}} {TK5CCPWEB01.redmond.corp.microsoft.com} {TK5TWCORKOSQL01} {OPPRO
D} {specialSQLServerInstanceName} {0} {-1} {0} {Day}
00036 Information Health Service Script
7209 15:55:07 08/21/2011
Management Group: OPPROD;;Data Feed Name: SER;;Script Source: Discovery : ;;End
Discovery!
00036 Information Health Service Script
7201 15:55:07 08/21/2011
Management Group: ;;Data Feed Name: SER;;Script Source: Discovery : ;;Discovery-
Arguments: {{402EFCD7-FBB9-74FC-7CB4-A67D31DED657}} {{9FB919F0-15CB-EE18-D81A-
7E44116D85A2}} {TK5CCPWEB01.redmond.corp.microsoft.com} {TK5TWCORKOSQL01} {OPPRO
D} {specialSQLServerInstanceName} {0} {-1} {0} {Day}
00036 Information Health Service Script
7000 15:55:07 08/21/2011
Management Group: ;;Data Feed Name: WGIA;;Script Source: Discovery : ;;Discovery
- Arguments: {{41759CB1-AEEF-83DB-F71D-C96DFF3C74F4}} {{9FB919F0-15CB-EE18-D81
A-7E44116D85A2}} {TK5CCPWEB01.redmond.corp.microsoft.com} {TK5TWCORKOSQL01} {spe
cialSQLServerInstanceName} {0} {-1} {0} {day} {OPPROD}
00036 Information Health Service Script
6800 15:55:07 08/21/2011
Management Group: ;;Data Feed Name: RadiusWireless;;Script Source: Discovery : ;
;Discovery - Arguments: {{44683769-493F-02F9-1B30-91A7C45ACF04}} {{9FB919F0-15C
B-EE18-D81A-7E44116D85A2}} {TK5CCPWEB01.redmond.corp.microsoft.com} {TK5TWCORKOS
QL01} {specialSQLServerInstanceName} {0} {-1} {0} {day} {OPPROD}
00036 Information Health Service Script
6600 15:55:07 08/21/2011
Management Group: ;;Data Feed Name: RadiusVPN;;Script Source: Discovery : ;;Disc
overy - Arguments: {{934BA53C-E0B3-23C6-2D34-36992B392609}} {{9FB919F0-15CB-EE1
8-D81A-7E44116D85A2}} {TK5CCPWEB01.redmond.corp.microsoft.com} {TK5TWCORKOSQL01}
{specialSQLServerInstanceName} {0} {-1} {0} {day} {OPPROD}
00036 Information Health Service Script
6410 15:55:07 08/21/2011
Management Group: OPPROD;;Data Feed Name: DHCP;;Script Source: Discovery : ;;End
Discovery!
00036 Information Health Service Script
6401 15:55:07 08/21/2011
Management Group: ;;Data Feed Name: DHCP;;Script Source: Discovery : ;;Discovery
- Arguments: {{F088E781-2B8C-E94F-762F-396A8C529382}} {{9FB919F0-15CB-EE18-D81A
-7E44116D85A2}} {TK5CCPWEB01.redmond.corp.microsoft.com} {TK5TWCORKOSQL01} {spec
ialSQLServerInstanceName} {OPPROD} {0} {-2} {-1} {Day} {TK5TWCORKOAPP01} {specia
lSQLServerInstanceName} {0}
00036 Information Health Service Script
6200 15:55:07 08/21/2011
Management Group: ;;Data Feed Name: OWA;;Script Source: Discovery : ;;Discovery
- Arguments: {{26B1CF08-8F3A-E514-37D5-0D69DA3A47B7}} {{9FB919F0-15CB-EE18-D81A
-7E44116D85A2}} {TK5CCPWEB01.redmond.corp.microsoft.com} {TK5TWCORKOSQL01} {spec
ialSQLServerInstanceName} {0} {-1} {0} {day} {OPPROD}
00036 Information Health Service Script
15409 15:55:07 08/21/2011
Management Group: OPPROD;;Data Feed Name: ExchangeAV;;Script Source: Discovery :
;;End Discovery!
00036 Information Health Service Script
15401 15:55:07 08/21/2011
Management Group: ;;Data Feed Name: ExchangeAV;;Script Source: Discovery : ;;Dis
covery- Arguments: {{E4EC4D10-0733-EE4D-5091-12BF4F242F92}} {{9FB919F0-15CB-EE1
8-D81A-7E44116D85A2}} {TK5CCPWEB01.redmond.corp.microsoft.com} {TK5TWCORKOSQL01}
{OPPROD} {specialSQLServerInstanceName} {0} {-1} {0} {Day}
00036 Information Health Service Script
15309 15:55:07 08/21/2011
Management Group: OPPROD;;Data Feed Name: DA;;Script Source: Discovery : ;;End D
iscovery!
00036 Information Health Service Script
15301 15:55:07 08/21/2011
Management Group: ;;Data Feed Name: DA;;Script Source: Discovery : ;;Discovery-
Arguments: {{36FFD874-DA6E-5A40-5294-39A39C6579C7}} {{9FB919F0-15CB-EE18-D81A-7
E44116D85A2}} {TK5CCPWEB01.redmond.corp.microsoft.com} {TK5TWCACSDW01} {OPPROD}
{specialSQLServerInstanceName} {0} {-1} {0} {Day}
00036 Information Health Service Script
15100 15:55:07 08/21/2011
Management Group: ;;Data Feed Name: FEP_DataCenter - EventLog;;Script Source: Di
scovery : ;;Discovery - Arguments: {{FDBE5C90-A592-101E-53C0-E3BA0D66C533}} {{9
FB919F0-15CB-EE18-D81A-7E44116D85A2}} {TK5CCPWEB01.redmond.corp.microsoft.com} {
TK5TWCORKOSQL01} {specialSQLServerInstanceName} {0} {-1} {0} {day} {OPPROD}
00036 Information Health Service Script
15000 15:55:07 08/21/2011
Management Group: ;;Data Feed Name: StagingURLIP;;Script Source: Discovery : ;;D
iscovery - Arguments: {{B1586AE8-3291-F048-5137-DE8DC7F13195}} {{9FB919F0-15CB-
EE18-D81A-7E44116D85A2}} {TK5CCPWEB01.redmond.corp.microsoft.com} {TK5TWCSEMSQL0
1} {specialSQLServerInstanceName} {0} {-2} {0} {day} {OPPROD}
00036 Information Health Service Script
13000 15:55:07 08/21/2011
Management Group: ;;Data Feed Name: ARPCAM;;Script Source: Discovery : ;;Discove
ry - Arguments: {{85CE65B1-87A9-79B1-923F-1338095FC7F9}} {{9FB919F0-15CB-EE18-D
81A-7E44116D85A2}} {TK5CCPWEB01.redmond.corp.microsoft.com} {TK5TWCORKOSQL01} {s
pecialSQLServerInstanceName} {0} {-1} {0} {day} {OPPROD}
00036 Information Health Service Script
12701 15:55:07 08/21/2011
Management Group:OPPROD;;Application Name : Microsoft.NetSec.OPM.Applications.Ac
countClass;;Script Source: discovery;;version:.26 : ;;arguments:;;{C89FF2B8-4445
-503C-7C52-1A53D2578B29};;{9FB919F0-15CB-EE18-D81A-7E44116D85A2};;TK5CCPWEB01.re
dmond.corp.microsoft.com;;OPPROD;;[{application: 'AltCreds';usrs: [{ name: 'nsal
tcre'; domain: 'redmond.corp.microsoft.com'; server:'nslab-ra-17';pwdExpAge:365}
]};{application: 'Banshee';usrs: [{ name: 'nsbansvc'; domain: 'redmond.corp.micr
osoft.com'; server:'nslab-ra-17';pwdExpAge:365}]};{application: 'BIPS';usrs: [{
name: 'nsn'; domain: 'redmond.corp.microsoft.com'; server:'nslab-ra-17';pwdExpAg
e:363}]};{application: 'Colossus';usrs: [{ name: 'nsnsfeed'; domain: 'redmond.co
rp.microsoft.com'; server:'nslab-ra-17';pwdExpAge:365}]};{application: 'Cortana'
;usrs: [{ name: 'nscorsvc'; domain: 'redmond.corp.microsoft.com'; server:'nslab-
ra-17;pwdExpAge:365'}]};{application: 'DB Exporter';usrs: [{ name: 'iceldrsv'; d
omain: 'redmond.corp.microsoft.com'; server:'nslab-ra-17';pwdExpAge:365}]};{appl
ication: 'Mongoose';usrs: [{ name: 'twcws'; domain: 'redmond.corp.microsoft.com'
; server:'nslab-ra-17';pwdExpAge:365};{ name: 'twcrmdev'; domain: 'redmond.corp.
microsoft.com'; server:'nslab-ra-17';pwdExpAge:365}]};{application: 'Night Crawl
er';usrs: [{ name: 'nsncsql'; domain: 'redmond.corp.microsoft.com'; server:'nsla
b-ra-17';pwdExpAge:365}]};{application: 'Portshut';usrs: [{ name: 'nspssvc'; dom
ain: 'redmond.corp.microsoft.com'; server:'nslab-ra-17';pwdExpAge:365}]};{applic
ation: 'Priya';usrs: [{ name: 'twcws'; domain: 'redmond.corp.microsoft.com'; ser
ver:'nslab-ra-17';pwdExpAge:365}]};{application: 'Report it now';usrs: [{ name:
'nsrptit'; domain: 'redmond.corp.microsoft.com'; server:'nslab-ra-17';pwdExpAge:
365}]}]
00036 Information Health Service Script
12000 15:55:07 08/21/2011
Management Group: ;;Data Feed Name: SearchSTAT;;Script Source: Discovery : ;;Dis
covery - Arguments: {{56EAC0CF-5907-F008-2BBC-9AE3016278E7}} {{9FB919F0-15CB-EE
18-D81A-7E44116D85A2}} {TK5CCPWEB01.redmond.corp.microsoft.com} {NSLab-RB-30} {s
pecialSQLServerInstanceName} {0} {-14} {1} {day} {OPPROD}
00036 Information Health Service Script
10101 15:55:07 08/21/2011
Management Group:OPPROD;;Data feed Name : IBU.BrowserUsage.Weekly;;Script Source
: discovery;;version:.26 : ;;arguments:;;{A5041237-655A-3D7D-6BAE-7F957EC9309C};
;{9FB919F0-15CB-EE18-D81A-7E44116D85A2};;TK5CCPWEB01.redmond.corp.microsoft.com;
;OPPROD;;NSLAB-RH-IBU;;specialSQLServerInstanceName;;0;;-7;;0;;day
00036 Information Health Service Script
 10001 15:55:07 08/21/2011
Management Group:OPPROD;;Data feed Name : IBU.BrowserUsage.Daily;;Script Source:
discovery;;version:.26 : ;;arguments:;;{9C848252-8CD6-640A-71E0-CA388F8A5922};;
{9FB919F0-15CB-EE18-D81A-7E44116D85A2};;TK5CCPWEB01.redmond.corp.microsoft.com;;
OPPROD;;NSLAB-RH-IBU;;specialSQLServerInstanceName;;0;;-1;;0;;day
00030 Information OpsMgr Connector
21022 15:54:36 08/21/2011
No certificate was specified. This Health Service will not be able to communica
te with other health services unless those health services are in a domain that
has a trust relationship with this domain. If this health service needs to comm
unicate with health services in untrusted domains; please configure a certificat
e.
00030 Information OpsMgr Connector
20062 15:54:36 08/21/2011
Active Directory Integration has been enabled for management group OpsMgr07CORPM
T04.
00030 Information HealthService
2012 15:54:35 08/21/2011
The Health Service successfully retrieved policy from Active Directory
00030 Information Health Service ESE Store
102 15:54:29 08/21/2011
HealthService (1792) Health Service Store: The database engine (6.00.6002.0000)
started a new instance (0).
00029 Warning HealthService
2120 16:13:50 08/11/2011
The Health Service has deleted one or more items for management group "OPPROD" w
hich could not be sent in 1440 minutes.
00025 Information HealthService
1201 19:29:28 08/19/2011
New Management Pack with id:"Microsoft.NetSec.OPM.Applications.AgentJobs"; versi
on:"1.0.0.55" received.
00025 Information HealthService
1200 19:29:23 08/19/2011
New Management Pack(s) requested. Management group "OPPROD"; configuration id:"3
6 6F 84 A9 0A 38 15 D7 B0 31 68 2B 5F 5B 91 CA 9A D6 BC 7A ".
00024 Information HealthService
1204 23:41:00 08/19/2011
Management Pack with id:"Microsoft.SystemCenter.OperationsManager.DefaultUser";
version:"6.1.7221.0" is no longer used by HealthService and will be deleted from
cache.
00023 Warning Health Service Script
6024 12:21:36 08/21/2011
LaunchRestartHealthService.js : Launching Restart Health Service. Health Service
exceeded Process\Handle Count or Private Bytes threshhold.
00022 Information Health Service Script
6062 11:54:20 08/21/2011
RestartHealthService.js : Restarting Health Service. Service successfully restar
ted.
00022 Information Health Service ESE Store
 103 11:53:51 08/21/2011
HealthService (1644) Health Service Store: The database engine stopped the insta
nce (0).
00022 Error Health Service Modules
21400 14:27:09 08/21/2011
Failed to create process due to error '0x80070020 : The process cannot access th
e file because it is being used by another process.;;'; this workflow will be un
loaded. ;;;;Command executed: "C:\Windows\system32\cscript.exe" /nologo "Custo
m.TaskScheduler2.Task.ServiceDiscovery.vbs" {6E1E14D0-B99F-DD2B-10F5-99698A9E694
3} {9FB919F0-15CB-EE18-D81A-7E44116D85A2} TK5CCPWEB01.redmond.corp.microsoft.com
false;;Working Directory: c:\Program Files\System Center Operations Manage
r 2007\Health Service State\Monitoring Host Temporary Files 150\1475\ ;;;;One or
more workflows were affected by this. ;;;;Workflow name: Custom.TaskScheduler2
.Task.DiscoverByScript ;;Instance name: TK5CCPWEB01.redmond.corp.microsoft.com ;
;Instance ID: {9FB919F0-15CB-EE18-D81A-7E44116D85A2} ;;Management group: xitmon
00017 Error OpsMgr Connector
21006 07:15:10 08/21/2011
The OpsMgr Connector could not connect to TK5SCOMMG4MS2.redmond.corp.microsoft.c
om:5723. The error code is 10060L(A connection attempt failed because the conne
cted party did not properly respond after a period of time; or established conne
ction failed because connected host has failed to respond.). Please verify ther
e is network connectivity; the server is running and has registered it's listeni
ng port; and there are no firewalls blocking traffic to the destination.
00014 Information Health Service ESE Store
701 11:00:01 08/21/2011
HealthService (1644) Health Service Store: Online defragmentation has completed
a full pass on database 'c:\Program Files\System Center Operations Manager 2007\
Health Service State\Health Service Store\HealthServiceStore.edb'.
00014 Information Health Service ESE Store
700 11:00:00 08/21/2011
HealthService (1644) Health Service Store: Online defragmentation is beginning a
full pass on database 'c:\Program Files\System Center Operations Manager 2007\H
ealth Service State\Health Service Store\HealthServiceStore.edb'.
00011 Information OpsMgr Connector
21019 07:30:28 08/20/2011
OpsMgr has returned to communicating with it's primary host XITSQL08.redmond.cor
p.microsoft.com
00008 Information Health Service Script
4002 10:00:09 08/20/2011
Microsoft.Windows.Server.LogicalDisk.DefragAnalysis.vbs : DefragAnalysis results
(return code: 0)(disk: D:; computer: TK5CCPWEB01.redmond.corp.microsoft.com): O
SRecommended = False; FilePercentFragmentation = 0.
00007 Error OpsMgr Connector
21016 16:33:33 08/18/2011
OpsMgr was unable to set up a communications channel to NSLAB-RA-17.redmond.corp
.microsoft.com and there are no failover hosts. Communication will resume when
NSLAB-RA-17.redmond.corp.microsoft.com is available and communication from this
computer is allowed.
00006 Warning HealthService
1103 14:25:54 08/21/2011
Summary: 1 rule(s)/monitor(s) failed and got unloaded; 1 of them reached the fai
lure limit that prevents automatic reload. Management group "OpsMgr07CORPMT04".
This is summary only event; please see other events with descriptions of unloade
d rule(s)/monitor(s).
00006 Error HealthService
7000 22:51:17 08/08/2011
The Health Service could not log on the RunAs account FAREAST\mohsiny for manage
ment group xitmon. The error is Logon failure: unknown user name or bad passwor
d.(1326L). This will prevent the health service from monitoring or performing a
ctions using this RunAs account
00004 Warning HealthService
7020 22:51:17 08/08/2011
The Health Service has validated all RunAs accounts for management group xitmon;
except those we could not monitor.
00004 Information OpsMgr Connector
21017 07:24:56 08/20/2011
OpsMgr has successfully failed over to XITSUPPORTPC.fareast.corp.microsoft.com.
00004 Error OpsMgr Connector
21015 07:24:51 08/20/2011
OpsMgr was unable to set up a communications channel to XITSQL08.redmond.corp.mi
crosoft.com. Communication will resume when XITSQL08.redmond.corp.microsoft.com
is available and communication from this computer is allowed.
00004 Error HealthService
7015 22:51:17 08/08/2011
The Health Service cannot verify the future validity of the RunAs account FAREAS
T\mohsiny for management group xitmon. The error is Logon failure: unknown user
name or bad password.(1326L).
00002 Warning Health Service Modules
26013 15:54:59 08/21/2011
The Security Event Log on computer 'TK5CCPWEB01.redmond.corp.microsoft.com' appe
ars to have "wrapped" or been cleared while the Windows Event Log Provider was
not active or behind in processing events. This error occurs when the provider
is inactive for a period of time in which more events are logged than the event
log can contain or the log is cleared. Some events were likely lost. To avoi
d this error in the future; make your event log larger or ensure that the agent
service is not stopped for long periods. ;;;;One or more workflows were affecte
d by this. ;;;;Workflow name: UIGeneratedMonitorb050255ec3bb4f0da11395c7819460a
9 ;;Instance name: TK5CCPWEB01.redmond.corp.microsoft.com ;;Instance ID: {9FB919
F0-15CB-EE18-D81A-7E44116D85A2} ;;Management group: xitmon
00002 Information Health Service Modules
26005 15:54:59 08/21/2011
The Windows Event Log Provider has resumed processing the Security event log on
computer 'TK5CCPWEB01.redmond.corp.microsoft.com' after recovering from errors.
;;;;One or more workflows were affected by this. ;;;;Workflow name: UIGenerated
Monitorb050255ec3bb4f0da11395c7819460a9 ;;Instance name: TK5CCPWEB01.redmond.cor
p.microsoft.com ;;Instance ID: {9FB919F0-15CB-EE18-D81A-7E44116D85A2} ;;Manageme
nt group: xitmon
00001 Warning Health Service Modules
26017 13:40:49 08/21/2011
The Windows Event Log Provider monitoring the Security Event Log is 31 minutes b
ehind in processing events. This can occur when the provider is restarted after
being offline for some time; or there are too many events to be handled by the
workflow. ;;;;One or more workflows were affected by this. ;;;;Workflow name: U
IGeneratedMonitorb050255ec3bb4f0da11395c7819460a9 ;;Instance name: TK5CCPWEB01.r
edmond.corp.microsoft.com ;;Instance ID: {9FB919F0-15CB-EE18-D81A-7E44116D85A2}
;;Management group: xitmon
00001 Warning Health Service Modules
10409 11:55:05 08/21/2011
Object enumeration failed;;;; Query: 'SELECT Name FROM Win32_ServerFeature WHERE
Name = "Application Server Foundation"';; ;;HRESULT: 0x80041001 ;;Details: Gene
ric failure;; ;;;;One or more workflows were affected by this. ;;;;Workflow nam
e: Microsoft.Windows.AppServer.2008.Server.Discovery ;;Instance name: TK5CCPWEB0
1.redmond.corp.microsoft.com ;;Instance ID: {9FB919F0-15CB-EE18-D81A-7E44116D85A
2} ;;Management group: xitmon
00001 Information Health Service Modules
26018 13:40:49 08/21/2011
The Windows Event Log Provider monitoring the Security Event Log was previously
behind in event processing and has now recovered. ;;;;One or more workflows were
affected by this. ;;;;Workflow name: UIGeneratedMonitorb050255ec3bb4f0da11395c
7819460a9 ;;Instance name: TK5CCPWEB01.redmond.corp.microsoft.com ;;Instance ID:
{9FB919F0-15CB-EE18-D81A-7E44116D85A2} ;;Management group: xitmon
00001 Information Health Service ESE Store
612 14:32:51 08/21/2011
HealthService (1760) Health Service Store: The database engine has successfully
completed index cleanup on database 'c:\Program Files\System Center Operations M
anager 2007\Health Service State\Health Service Store\HealthServiceStore.edb'.
00001 Information Health Service ESE Store
609 14:32:51 08/21/2011
HealthService (1760) Health Service Store: The database engine is initiating ind
ex cleanup of database 'c:\Program Files\System Center Operations Manager 2007\H
ealth Service State\Health Service Store\HealthServiceStore.edb' as a result of
a Windows version upgrade from 6.0.6001 SP1 to 6.0.6002 SP2. This message is inf
ormational and does not indicate a problem in the database.
00001 Information Health Service ESE Store
302 12:22:35 08/21/2011
HealthService (3840) Health Service Store: The database engine has successfully
completed recovery steps.
00001 Information Health Service ESE Store
301 12:22:24 08/21/2011
HealthService (3840) Health Service Store: The database engine has begun replayi
ng logfile c:\Program Files\System Center Operations Manager 2007\Health Service
State\Health Service Store\edb.log.
00001 Information Health Service ESE Store
300 12:22:16 08/21/2011
HealthService (3840) Health Service Store: The database engine is initiating rec
overy steps.
00001 Error Health Service Script
6061 12:22:38 08/21/2011
RestartHealthService.js : Restarting Health Service. Failed to restart service.

********************************************************************************
********************
* Note: W2k3 = first occurrence, W2k8+ last occurrence
Recommendations: (sorted on priority)
1 * : Check working set in detailed report, some applications were consum
ing excessive memory: java.exe,
1 * : Ipak needs addressing: Older then N-2: WIN2008SP2:Build 6.2.33.0
1 * : unexpected version: bxnd60a.sys Driver needs to be updated
1 * : unexpected version: bxvbda.sys Driver needs to be updated
2 * : Check with Site Services to see if RMB is available for this system
3 * : Service/s set to automatic but not started detected:TPM Base Servic
es,