How to troubleshoot events in the Windows Event Logs?

windows troubleshooting windows-event-log
5,655

Solution 1

For the other part of your question: The 0x43 in windows networking world means "The network name cannot be found" 0x43 = Decimal 67. So if you look up windows error code 67, you'll get this up.

I must say that this is one of those times when we'll have to sit and analyze the issue for a good time. I'd probably do the following in this case:

  1. Examine the errors and establish a pattern(like are they occuring after a specific event, like during start up, shutdown, start up of an application, etc.) and then try to narrow down the list of possible culprits.
  2. I will also try to isolate it further by checking if its specific to this user(have another user login to the same box), or specific to this machine(have this user login to another box).
  3. Then use the tools to capture the invisible details: procmon, procexp, tcpview, windbg etc., until the event occurs again, and then look at the info. I usually find something here(success rate > 75%)
  4. possibly something else based on the above three steps.

Of course, I'll keep using Google; hey it's an extension of our brains, no?

The ideal approach in the troubleshooting world has to be isolate-and-conquer. Hope I made some sense.

Solution 2

I don't know of any sites offering this info and wait to be corrected. However answering your in a general way is say - this is where your skills as fault finder come into play.

i'd start by searching for key words, NlaSvc for example. Then possibly identifying the interface - maybe going to search for other log messages. All in all its a hunt the thimble game and you'll get better at it as you do more.

PS. I'm not saying you haven't done this - but this is how I'd approach a problem like this.

Put it into google, put parts of it into google, find associated information and repeat.

Solution 3

For your second question, try http://eventid.net

They have comprehensive info about almost every error logged in the event viewer.

Share:
5,655

Related videos on Youtube

Stoph
Author by

Stoph

In my free time I visit Stack Exchange to help out people with their questions and help maintain the community. Located in Belgium, I have studied Computer Science at the University of Antwerp and became a Master in Software Engineering. When I think a post can be improved I will try to do so by fixing grammatical or spelling errors, clarifying meaning without changing it, correcting minor mistakes, adding related resources or links. For the less obvious things of those I will leave a note in the edit, click on the date to see this. I will only edit content in posts once, and let the author or other users be free to choose to rollback; when there are opposing views, we can raise this to meta to let the majority decide which revision of the post they want. This will be done with respect of the original author and when I'm sure enough that it would only improve the post. Have a nice day! :)

Updated on September 17, 2022

Comments

  • Stoph
    Stoph almost 2 years

    • How do you troubleshoot events that are not clear when you read them?

    • Is there a website to search for those Event IDs and errors?

    In the following example event it is clear that the gateway resolution fails for the network location awareness service, but it is not clear what the cause of this event is, nor what error code 0x43 stands for.

    Looking for a solution on Google I end up with no results matching this event...
    Google Query: nlasvc 4205 0x43

    Source:
    Microsoft-Windows-NlaSvc

    Event ID:
    4205

    Task Category:
    Gateway Resolution

    Description:
    Gateway resolution failed on interface {075d4968-2da9-4051-9a43-43da54e86ca5}
    for 192.168.1.1 with error: 0x43

  • Stoph
    Stoph about 15 years
    Google doesn't work for me this time, and indeed, most of the time it does... See for example: google.be/search?q="Gateway+resolution+failed+on+interface" and looking for any combinations of the keywords I don't get a related answer for 0x43 either, even not 43 or 0x00000043.
  • henkojinko
    henkojinko about 15 years
    I stand corrected :-)
  • Stoph
    Stoph about 15 years
    Indeed an useful site, lists a lot of the Event IDs that are appearing in my logs, still no information for NlaSvc.
  • Spence
    Spence about 15 years
    I wholly disagree. EventID.net is CRAP. It's a bunch of speculating idiots who don't understand that correlation does not imply cause! "Oh, this event happened to me on a Tuesday. Therefore it must be caused by Tuesdays!" I'm sure there's some good information there, but it's mostly crap. It's like a dumber version of ExpertSexChange. (I'd be game for a free community "event ID" type site like Server Fault so that we could kill EventID.net's business... right after we put ExpertSexChange out of business.)
  • Spence
    Spence about 15 years
    +1 - Thinking through the message, understanding what service programs do, and doing basic investigation yourself are the best ways to figure out what an error in a closed-source program means. Read the docs for the product, search the Internet, and understand how the software works. For Windows OS-related errors, I have a lot of good luck w/ searching for the error code (0x00000043) and "winerror.h" (the C "header" file w/ the OS error codes in it). You end up with pages like this (msdn.microsoft.com/en-us/library/cc231199(PROT.10).aspx) that can help a lot.
  • Stoph
    Stoph about 15 years
    Indeed, although sometimes when you Google for a problem, Experts Exchange shows up and for the answers you have to scroll down to the end of the page (just a hotkey) and then you find a solution there. But I wouldn't ask something myself nor pay for their expertise.
  • Stoph
    Stoph about 15 years
    Seems the Windows errors are more commonly shared than I thought, indeed a good way to look at the right place or trying it in a decimal form. After a closer inspection of the event log: This is happening when I resume from standby, it indicates that it can't find the Router because the connection hasn't been re-established. I don't think I can troubleshoot this much so I might just ignore that log event. :-)
  • Stoph
    Stoph about 15 years
    Found another good site while looking for another error: bug.gd
  • Spence
    Spence about 15 years
    @TomWij: Don't worry-- I have high hopes that Server Fault will decimate ExpertSexChange's business, and you won't have to "scroll down" anymore. smile

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Installing .Net Framework Error: 0x800f080c Feature name netfx3 is unknown
Windows Update showed "Downloading updates 95%" for hours
Windows requires reboot to change TCP/IP settings
Blue Screen with no crash dump generated (0xF4)
Lots of BluetoothHeadsetProxy.exe processes
How to stop the Windows Update process when Windows refuses to stop it?
Wifi network undetectable on a Lenovo G470
Creating an answer file for “WindowsUpdateDiagnostic.diagcab” in Eclipse WTP
Floppy drive doesn’t work in Windows, but does outside of Windows
"Show hidden files" option is not working