IT Reference & Documentation
Technical reference documentation: verified KB articles and complete Windows Event ID reference.
Windows Event ID 129 – Storahci: Reset to Device Issued by Port Driver
Event ID 129 indicates the Windows storage port driver issued a reset command to a storage device, typically due to unresponsive I/O operations or device communication failures.
Windows Event ID 4625 – Microsoft-Windows-Security-Auditing: An Account Failed to Log On
Event ID 4625 records failed logon attempts in Windows Security logs. Critical for detecting unauthorized access attempts, brute force attacks, and troubleshooting authentication issues across domain and local accounts.
Windows Event ID 1704 – Winlogon: User Profile Service Failed
Event ID 1704 indicates the User Profile Service failed to load a user profile, preventing successful user logon and potentially causing profile corruption or access issues.
Windows Event ID 12289 – Kernel-General: Memory Manager Performance Counter Update
Event ID 12289 indicates Windows Memory Manager has updated performance counters for memory allocation tracking. This informational event helps monitor system memory usage patterns and virtual memory operations.
Windows Event ID 4771 – Microsoft-Windows-Security-Auditing: Kerberos Pre-authentication Failed
Event ID 4771 indicates a Kerberos pre-authentication failure, typically caused by incorrect passwords, expired accounts, or time synchronization issues between client and domain controller.
Windows Event ID 2088 – ESENT: Database Recovery Completed Successfully
Event ID 2088 indicates ESENT database engine has successfully completed database recovery operations after an unexpected shutdown or crash, confirming data integrity restoration.
Windows Event ID 153 – Kernel-General: Memory Management Error
Event ID 153 indicates a kernel-level memory management error where Windows detected memory corruption or allocation failures, typically requiring immediate investigation to prevent system instability.
Windows Event ID 7023 – Service Control Manager: Service Terminated with Error
Event ID 7023 indicates a Windows service terminated unexpectedly with an error code. This critical event requires immediate investigation to identify failing services and prevent system instability.
Windows Event ID 10010 – DistributedCOM: DCOM Server Process Launcher Service Access Denied
Event ID 10010 indicates DCOM server process launcher access denied errors, typically caused by insufficient permissions for COM applications or services attempting to start DCOM server processes.
Windows Event ID 4648 – Microsoft-Windows-Security-Auditing: Logon Attempted Using Explicit Credentials
Event ID 4648 fires when a user or process attempts authentication using explicit credentials different from their current logon session, commonly seen with RunAs, network authentication, or service account operations.
Windows Event ID 1511 – Kernel-General: System Time Change Detected
Event ID 1511 fires when Windows detects a significant system time change, either from manual adjustment, NTP synchronization, or hardware clock drift. Critical for security auditing and troubleshooting time-sensitive applications.
Windows Event ID 32022 – Microsoft-Windows-Kernel-Power: System Power State Transition
Event ID 32022 indicates a system power state transition initiated by the Windows kernel power management subsystem, typically occurring during sleep, hibernate, or wake operations.
Windows Event ID 5805 – DFSR: Database Recovery Completed Successfully
Event ID 5805 indicates that the Distributed File System Replication (DFSR) service has successfully completed database recovery operations after an unexpected shutdown or corruption event.
Windows Event ID 3002 – WinRM: WinRM Service Configuration Error
Event ID 3002 indicates a Windows Remote Management (WinRM) service configuration error, typically occurring during service startup or when authentication settings are misconfigured.
Windows Event ID 1753 – RPC/Endpoint Mapper: The Endpoint Mapper Database Entry Could Not Be Created
Event ID 1753 indicates the RPC Endpoint Mapper service failed to create a database entry for a service endpoint, typically causing RPC communication failures and service registration issues.
Windows Event ID 3066 – LSASRV: LSA Package Initialization Error
Event ID 3066 indicates a Local Security Authority (LSA) package failed to initialize during system startup, potentially affecting authentication services and security protocols.
Windows Event ID 1500 – Application Error: Application Crash or Hang Detection
Event ID 1500 indicates an application has crashed, hung, or encountered a critical error. This event is logged when Windows Error Reporting detects application failures and generates crash dumps for analysis.
Windows Event ID 506 – Winlogon: Interactive Logon Process Registration
Event ID 506 indicates the Windows Winlogon service has registered an interactive logon process. This informational event tracks authentication provider initialization during system startup and user session management.
Windows Event ID 1129 – Disk: Disk Reset Due to Timeout
Event ID 1129 indicates a disk reset occurred due to a timeout condition. This critical storage event signals potential hardware issues, driver problems, or storage subsystem failures requiring immediate investigation.
Windows Event ID 7023 – Service Control Manager: Service Terminated with Error
Event ID 7023 indicates a Windows service has terminated unexpectedly with an error code. This critical event requires immediate investigation to identify failing services and prevent system instability.