Difference between revisions of "Windows 10 Event Log Errors"
imported>Indieit |
|||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | === Event Log | + | === Fully Clear Event Log === |
| + | |||
| + | * Open a command prompt (ensure it is run as Administrator) | ||
| + | * Run the following command and then reboot: | ||
| + | for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" | ||
| + | |||
| + | === Log Reading Utility === | ||
http://www.resplendence.com/whocrashed | http://www.resplendence.com/whocrashed | ||
| Line 21: | Line 27: | ||
*Click on the Stop Condition tab and increase the Maximum Size to 40. | *Click on the Stop Condition tab and increase the Maximum Size to 40. | ||
*Click on Apply and OK. | *Click on Apply and OK. | ||
| − | |||
| − | |||
DistributedCOM - 10016 - None | DistributedCOM - 10016 - None | ||
http://www.tomshardware.co.uk/faq/id-3128597/fix-windows-error-10016.html | http://www.tomshardware.co.uk/faq/id-3128597/fix-windows-error-10016.html | ||
| + | |||
| + | === Kernel-EventTracing - 3 - Session - PerfDiag Logger === | ||
| + | |||
| + | *Open regedit.exe as Administrator | ||
| + | *Navigate to: | ||
| + | \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-System\{b675ec37-bdb6-4648-bc92-f3fdc74d3ca2} | ||
| + | *Edit the following keys from 1 to 0 | ||
| + | Enabled | ||
| + | EnableProperty | ||
| + | |||
| + | '''NOTE:''' This does not cure the error messages, but it prevents them being shown in the event logs. | ||
| + | |||
| + | Thanks to [https://www.tenforums.com/general-support/137114-session-perfdiag-logger-failed-start-error-0xc0000035-event-id-2-a.html Ten Forums] | ||
| + | |||
| + | === - - === | ||
| + | |||
=== Kernel-Processor-Power (Microsoft-Windows-Kernel-Processor-Power) - 37 - (7) === | === Kernel-Processor-Power (Microsoft-Windows-Kernel-Processor-Power) - 37 - (7) === | ||
| Line 62: | Line 82: | ||
=== Error 10016 === | === Error 10016 === | ||
| − | https://forums.tomshardware.com/faq/windows-10-error-id-10016.2752271/ | + | *https://forums.tomshardware.com/faq/windows-10-error-id-10016.2752271/ |
| + | *https://thegeekpage.com/fix-dcom-event-id-10016-error-in-windows-10/ | ||
| + | *https://port135.com/schannel-the-internal-error-state-is-10013-solved/ | ||
| + | *https://docs.microsoft.com/en-us/answers/questions/380954/fatal-error-while-creating-a-tls-client-credential.html | ||
| + | *https://duckduckgo.com/?q=windows+10+A+fatal+error+occurred+while+creating+a+TLS+client+credential.+The+internal+error+state+is+10013.&va=b&t=hc&ia=web | ||
| + | |||
| + | |||
| + | *Level - Error | ||
| + | *Source - Schannel | ||
| + | *Event ID - 36871 | ||
| + | |||
| + | A fatal error occurred while creating a TLS client credential. The internal error state is 10013. | ||
| + | |||
| + | *Level - Warning | ||
| + | *Source - User Device Registration | ||
| + | *Event ID - 360 | ||
| + | |||
| + | Windows Hello for Business provisioning will not be launched. | ||
| + | Device is AAD joined ( AADJ or DJ++ ): Not Tested | ||
| + | User has logged on with AAD credentials: No | ||
| + | Windows Hello for Business policy is enabled: Not Tested | ||
| + | Windows Hello for Business post-logon provisioning is enabled: Not Tested | ||
| + | Local computer meets Windows hello for business hardware requirements: Not Tested | ||
| + | User is not connected to the machine via Remote Desktop: Yes | ||
| + | User certificate for on premise auth policy is enabled: Not Tested | ||
| + | Machine is governed by none policy. | ||
| + | Cloud trust for on premise auth policy is enabled: Not Tested | ||
| + | User account has Cloud TGT: Not Tested | ||
| + | See https://go.microsoft.com/fwlink/?linkid=832647 for more details. | ||
| + | |||
| + | *Level - Warning | ||
| + | *Source - DistributedCOM | ||
| + | *Event ID - 10016 | ||
| + | |||
| + | The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID | ||
| + | |||
| + | {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} | ||
| + | |||
| + | and APPID | ||
| + | |||
| + | {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} | ||
| + | |||
| + | to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | ||
| + | |||
| + | *Level - Warning | ||
| + | *Source - DeviceSetupManager | ||
| + | *Event ID - 200 201 202 | ||
| + | |||
| + | *200 - A connection to the Windows Update service could not be established. | ||
| + | *201 - A connection to the Windows Metadata and Internet Services (WMIS) could not be established. | ||
| + | *202 - The Network List Manager reports no connectivity to the internet. | ||
Latest revision as of 10:23, 21 September 2021
Fully Clear Event Log
- Open a command prompt (ensure it is run as Administrator)
- Run the following command and then reboot:
for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
Log Reading Utility
http://www.resplendence.com/whocrashed
-
Source – Event ID – Task Category
Kernel-EventTracing - 3 - Session
As is relates to C:\WINDOWS\system32\WDI\LogFiles\ShutdownCKCL.etl
Increase the maximum files size of the Startup Event Trace Sessions.
- On the desktop, press Windows key + R and type cmd to open the Command Prompt (must be done in Administrator profile, or raised to Administrator via the Start Menu).
- Type 'perfmon' (without the quotes)
- The Performance Monitor window should open
- On the left panel of the Performance Monitor window, expand Data Collector Sets.
- Click on Startup Event Trace Sessions.
- Open ReadyBoot Trace Session Property Sheet.
- Click on the Stop Condition tab and increase the Maximum Size to 40.
- Click on Apply and OK.
DistributedCOM - 10016 - None
http://www.tomshardware.co.uk/faq/id-3128597/fix-windows-error-10016.html
Kernel-EventTracing - 3 - Session - PerfDiag Logger
- Open regedit.exe as Administrator
- Navigate to:
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-System\{b675ec37-bdb6-4648-bc92-f3fdc74d3ca2}
- Edit the following keys from 1 to 0
Enabled EnableProperty
NOTE: This does not cure the error messages, but it prevents them being shown in the event logs.
Thanks to Ten Forums
- -
Kernel-Processor-Power (Microsoft-Windows-Kernel-Processor-Power) - 37 - (7)
General (tab) (plain text description):
The speed of processor X in group X is being limited by system firmware. The processor has been in this reduced performance for X seconds since the last report.
Fix - Method One:
Update BIOS/UEFI firmware
Security Center - 16 - None
Error while updating status to SECUIRTY_PRODUCT_STATE_ON (error xxxxxxx).
Microsoft-Windows-AppModel-Runtime - 79 & 80
EventData
PackageFamilyName Microsoft.Windows.Photos_8wekyb3d8bbwe ErrorCode 0x3d55
The above is just one example of a programme that may causing the problem.
To fix:
- Start > Settings > Apps,
- Find each affected app in the list
- Click to select it
- Choose Advanced option
- Then click 'Terminate' then use the option 'Repair' if it is available, then finish with the 'Reset' option.
- Restart the system and check the event viewer log.
Error 10016
- https://forums.tomshardware.com/faq/windows-10-error-id-10016.2752271/
- https://thegeekpage.com/fix-dcom-event-id-10016-error-in-windows-10/
- https://port135.com/schannel-the-internal-error-state-is-10013-solved/
- https://docs.microsoft.com/en-us/answers/questions/380954/fatal-error-while-creating-a-tls-client-credential.html
- https://duckduckgo.com/?q=windows+10+A+fatal+error+occurred+while+creating+a+TLS+client+credential.+The+internal+error+state+is+10013.&va=b&t=hc&ia=web
- Level - Error
- Source - Schannel
- Event ID - 36871
A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
- Level - Warning
- Source - User Device Registration
- Event ID - 360
Windows Hello for Business provisioning will not be launched. Device is AAD joined ( AADJ or DJ++ ): Not Tested User has logged on with AAD credentials: No Windows Hello for Business policy is enabled: Not Tested Windows Hello for Business post-logon provisioning is enabled: Not Tested Local computer meets Windows hello for business hardware requirements: Not Tested User is not connected to the machine via Remote Desktop: Yes User certificate for on premise auth policy is enabled: Not Tested Machine is governed by none policy. Cloud trust for on premise auth policy is enabled: Not Tested User account has Cloud TGT: Not Tested See https://go.microsoft.com/fwlink/?linkid=832647 for more details.
- Level - Warning
- Source - DistributedCOM
- Event ID - 10016
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
- Level - Warning
- Source - DeviceSetupManager
- Event ID - 200 201 202
- 200 - A connection to the Windows Update service could not be established.
- 201 - A connection to the Windows Metadata and Internet Services (WMIS) could not be established.
- 202 - The Network List Manager reports no connectivity to the internet.
