Windows Events — Event ID Reference & Troubleshooting
Windows Event ID 1038 – Kernel-Power: Critical System Power Event
Event ID 1038 indicates a critical system power event where Windows detected an unexpected power loss or system shutdown without proper shutdown procedures.
Windows Event ID 1035 – MsiInstaller: Windows Installer Service Reconfiguration
Event ID 1035 from MsiInstaller indicates Windows Installer service has reconfigured an installed product, typically during repair operations or feature modifications.
Windows Event ID 1034 – MsiInstaller: Windows Installer Reconfiguration Event
Event ID 1034 from MsiInstaller indicates Windows Installer has completed a product reconfiguration or repair operation, typically triggered by application self-repair or administrative maintenance tasks.
Windows Event ID 1033 – WinMgmt: WMI Repository Corruption or Initialization Error
Event ID 1033 indicates WMI (Windows Management Instrumentation) repository corruption or initialization failures, typically requiring repository rebuild or service restart to resolve.
Windows Event ID 1026 – Application Error: Application Crash or Hang Detection
Event ID 1026 indicates an application has crashed, hung, or encountered a critical error. This event helps administrators track application stability and identify problematic software components.
Windows Event ID 1023 – Perflib: Performance Counter Registry Corruption
Event ID 1023 indicates performance counter registry corruption in Windows. This error affects system monitoring tools and performance data collection, requiring registry repair or counter rebuilding.
Windows Event ID 1022 – MsiInstaller: Windows Installer Reconfiguration Event
Event ID 1022 from MsiInstaller indicates Windows Installer has begun reconfiguring an installed product, typically triggered by repair operations, feature modifications, or automatic maintenance tasks.
Windows Event ID 1016 – WinLogon: Group Policy Application Failed
Event ID 1016 indicates Group Policy processing failures during user logon or computer startup, typically caused by network connectivity issues, domain controller problems, or corrupted policy files.
Windows Event ID 1013 – Kernel-General: System Uptime Information
Event ID 1013 records system uptime information when Windows starts or resumes from hibernation, providing administrators with boot time tracking and system availability metrics.
Windows Event ID 1008 – Perflib: Performance Counter Provider Load Failure
Event ID 1008 indicates a performance counter provider failed to load or initialize properly. This warning typically affects system monitoring tools and performance data collection without impacting core functionality.
Windows Event ID 1005 – DCOM: Distributed COM Service Startup Failure
Event ID 1005 indicates a DCOM service failed to start within the configured timeout period, typically affecting COM+ applications and distributed services on Windows systems.
Windows Event ID 1004 – Application Error: Application Crash or Hang Detection
Event ID 1004 indicates an application has crashed, hung, or encountered a critical error. This event helps administrators track application stability and identify problematic software across Windows systems.
Windows Event ID 1003 – Application Error: Application Crash or Hang Detection
Event ID 1003 indicates an application crash or hang detected by Windows Error Reporting. This critical event logs when applications terminate unexpectedly or become unresponsive, requiring immediate investigation.
Windows Event ID 903 – Microsoft-Windows-Kernel-General: System Time Changed
Event ID 903 indicates the system time has been changed, either manually by a user or automatically through time synchronization services. Critical for security auditing and compliance tracking.
Windows Event ID 902 – DNS Client: DNS Query Timeout or Resolution Failure
Event ID 902 indicates DNS client query timeouts or resolution failures when Windows cannot resolve domain names within the configured timeout period.
Windows Event ID 900 – Kernel-General: System Boot Performance Monitoring
Event ID 900 tracks Windows boot performance metrics, recording system startup times and boot phases. Generated by Kernel-General during system initialization to monitor boot duration and identify performance bottlenecks.
Windows Event ID 326 – Volsnap: Volume Shadow Copy Service Writer Error
Event ID 326 indicates a Volume Shadow Copy Service (VSS) writer error during backup operations. This event fires when VSS writers fail to complete snapshot creation or encounter timeout issues.
Windows Event ID 325 – System: Boot Configuration Data Store Corruption
Event ID 325 indicates corruption or issues with the Boot Configuration Data (BCD) store, typically occurring during system startup when Windows cannot properly read boot configuration settings.
Windows Event ID 302 – Unknown: System Process or Service Initialization Event
Event ID 302 indicates a system process or service initialization event that occurs during Windows startup or service management operations, typically logged when core system components begin their initialization sequence.
Windows Event ID 301 – Unknown: System Performance Counter Collection Error
Event ID 301 indicates a performance counter collection failure or registry corruption affecting system monitoring capabilities and performance data gathering.
Windows Event ID 300 – Unknown: Generic Application or System Event
Event ID 300 from an unknown source typically indicates a generic application or system event that requires investigation to determine the actual source and significance.