Windows 10 Event Log Errors

Fully Clear Event Log

• Open a command prompt (ensure it is run as Administrator)
• Run the following command and then reboot:

 for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"

Log Reading Utility

http://www.resplendence.com/whocrashed

-

Source – Event ID – Task Category

Kernel-EventTracing - 3 - Session

As is relates to C:\WINDOWS\system32\WDI\LogFiles\ShutdownCKCL.etl

Increase the maximum files size of the Startup Event Trace Sessions.

• On the desktop, press Windows key + R and type cmd to open the Command Prompt (must be done in Administrator profile, or raised to Administrator via the Start Menu).
• Type 'perfmon' (without the quotes)
• The Performance Monitor window should open
• On the left panel of the Performance Monitor window, expand Data Collector Sets.
• Click on Startup Event Trace Sessions.
• Open ReadyBoot Trace Session Property Sheet.
• Click on the Stop Condition tab and increase the Maximum Size to 40.
• Click on Apply and OK.

DistributedCOM - 10016 - None

http://www.tomshardware.co.uk/faq/id-3128597/fix-windows-error-10016.html

Kernel-EventTracing - 3 - Session - PerfDiag Logger

• Open regedit.exe as Administrator
• Navigate to:

\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-System\{b675ec37-bdb6-4648-bc92-f3fdc74d3ca2}

• Edit the following keys from 1 to 0

Enabled
EnableProperty

NOTE: This does not cure the error messages, but it prevents them being shown in the event logs.

Thanks to Ten Forums

- -

Kernel-Processor-Power (Microsoft-Windows-Kernel-Processor-Power) - 37 - (7)

General (tab) (plain text description):

The speed of processor X in group X is being limited by system firmware. The processor has been in this reduced performance for X seconds since the last report.

Fix - Method One:

Update BIOS/UEFI firmware

Security Center - 16 - None

Error while updating status to SECUIRTY_PRODUCT_STATE_ON (error xxxxxxx).

Microsoft-Windows-AppModel-Runtime - 79 & 80

EventData 

 PackageFamilyName Microsoft.Windows.Photos_8wekyb3d8bbwe 
 ErrorCode 0x3d55 

The above is just one example of a programme that may causing the problem.

To fix:

• Start > Settings > Apps,
• Find each affected app in the list
• Click to select it
• Choose Advanced option
• Then click 'Terminate' then use the option 'Repair' if it is available, then finish with the 'Reset' option.
• Restart the system and check the event viewer log.

Error 10016

• https://forums.tomshardware.com/faq/windows-10-error-id-10016.2752271/
• https://thegeekpage.com/fix-dcom-event-id-10016-error-in-windows-10/
• https://port135.com/schannel-the-internal-error-state-is-10013-solved/
• https://docs.microsoft.com/en-us/answers/questions/380954/fatal-error-while-creating-a-tls-client-credential.html
• https://duckduckgo.com/?q=windows+10+A+fatal+error+occurred+while+creating+a+TLS+client+credential.+The+internal+error+state+is+10013.&va=b&t=hc&ia=web

• Level - Error
• Source - Schannel
• Event ID - 36871

A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

• Level - Warning
• Source - User Device Registration
• Event ID - 360

Windows Hello for Business provisioning will not be launched. Device is AAD joined ( AADJ or DJ++ ): Not Tested User has logged on with AAD credentials: No Windows Hello for Business policy is enabled: Not Tested Windows Hello for Business post-logon provisioning is enabled: Not Tested Local computer meets Windows hello for business hardware requirements: Not Tested User is not connected to the machine via Remote Desktop: Yes User certificate for on premise auth policy is enabled: Not Tested Machine is governed by none policy. Cloud trust for on premise auth policy is enabled: Not Tested User account has Cloud TGT: Not Tested See https://go.microsoft.com/fwlink/?linkid=832647 for more details.

• Level - Warning
• Source - DistributedCOM
• Event ID - 10016

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}

and APPID

{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

• Level - Warning
• Source - DeviceSetupManager
• Event ID - 200 201 202

• 200 - A connection to the Windows Update service could not be established.
• 201 - A connection to the Windows Metadata and Internet Services (WMIS) could not be established.
• 202 - The Network List Manager reports no connectivity to the internet.