Windows – How to troubleshoot events in the Windows Event Logs

troubleshootingwindowswindows-event-log

  • How do you troubleshoot events that are not clear when you read them?

  • Is there a website to search for those Event IDs and errors?

In the following example event it is clear that the gateway resolution fails for the network location awareness service, but it is not clear what the cause of this event is, nor what error code 0x43 stands for.

Looking for a solution on Google I end up with no results matching this event…
Google Query: nlasvc 4205 0x43

Source:
Microsoft-Windows-NlaSvc

Event ID:
4205

Task Category:
Gateway Resolution

Description:
Gateway resolution failed on interface
{075d4968-2da9-4051-9a43-43da54e86ca5}
for 192.168.1.1 with error: 0x43

Best Answer

For the other part of your question: The 0x43 in windows networking world means "The network name cannot be found" 0x43 = Decimal 67. So if you look up windows error code 67, you'll get this up.

I must say that this is one of those times when we'll have to sit and analyze the issue for a good time. I'd probably do the following in this case:

  1. Examine the errors and establish a pattern(like are they occuring after a specific event, like during start up, shutdown, start up of an application, etc.) and then try to narrow down the list of possible culprits.
  2. I will also try to isolate it further by checking if its specific to this user(have another user login to the same box), or specific to this machine(have this user login to another box).
  3. Then use the tools to capture the invisible details: procmon, procexp, tcpview, windbg etc., until the event occurs again, and then look at the info. I usually find something here(success rate > 75%)
  4. possibly something else based on the above three steps.

Of course, I'll keep using Google; hey it's an extension of our brains, no?

The ideal approach in the troubleshooting world has to be isolate-and-conquer. Hope I made some sense.

Related Topic