Windows Events — Event ID Reference & Troubleshooting
Windows Event ID 30 – Kernel-Power: System Power State Transition
Event ID 30 from Kernel-Power indicates a system power state transition, typically recording when Windows enters or exits sleep, hibernation, or other power management states.
Windows Event ID 27 – Application Error: Application Hang Detection
Event ID 27 indicates Windows has detected an application hang or unresponsive state. This event fires when applications stop responding to user input or system messages for extended periods.
Windows Event ID 26 – Application Popup: System Process Terminated Unexpectedly
Event ID 26 indicates a critical system process has terminated unexpectedly, triggering Windows Error Reporting. This event typically signals serious system instability requiring immediate investigation.
Windows Event ID 24 – Application Error: Application Hang Detection
Event ID 24 indicates Windows has detected an application hang or unresponsive state. This event fires when applications stop responding to user input or system messages for extended periods.
Windows Event ID 23 – Application Error: Application Hang Detection
Event ID 23 indicates Windows has detected an application hang condition where a program becomes unresponsive and fails to process messages within the timeout threshold.
Windows Event ID 17 – WHEA-Logger: Hardware Error Architecture Corrected Error
Event ID 17 from WHEA-Logger indicates Windows Hardware Error Architecture detected and corrected a hardware error. This informational event helps track system stability and potential hardware degradation.
Windows Event ID 15 – Kernel-General: System Time Changed
Event ID 15 from Kernel-General logs when the system time is changed, either manually by users, automatically by time synchronization services, or due to hardware clock adjustments.
Windows Event ID 5 – Kernel: Process Terminated Unexpectedly
Event ID 5 indicates a critical process or service has terminated unexpectedly, often due to access violations, memory corruption, or system instability requiring immediate investigation.
Windows Event ID 4 – Kernel-General: System Process Terminated Unexpectedly
Event ID 4 indicates a critical system process has terminated unexpectedly, often signaling kernel-level failures, driver issues, or system instability requiring immediate investigation.
Windows Event ID 3 – System: Network Connection Established
Event ID 3 indicates a successful network connection has been established by the Windows system, typically logged when network services start or connections are made to remote resources.
Windows Event ID 19 – Kernel-PnP: Device Installation or Configuration Event
Event ID 19 from Kernel-PnP indicates Plug and Play device installation, configuration changes, or driver-related activities on Windows systems.
Windows Event ID 2019 – Srv: Server Service Connection Limit Exceeded
Event ID 2019 indicates the Windows Server service has reached its maximum connection limit, preventing new client connections until existing sessions are freed.
Windows Event ID 3065 – WinRM: WS-Management Service Authentication Error
Event ID 3065 indicates WinRM authentication failures when clients attempt to connect to the WS-Management service, typically due to credential issues or configuration problems.
Windows Event ID 76 – Application Popup: System Process Terminated Unexpectedly
Event ID 76 indicates a critical system process has terminated unexpectedly, triggering Windows to display an application error popup and potentially initiate system recovery procedures.
Windows Event ID 29 – Kernel-Power: Critical System Power Event
Event ID 29 from Kernel-Power indicates a critical system power event, typically occurring during unexpected shutdowns, power failures, or hardware-related power issues that require immediate investigation.
Windows Event ID 2 – Kernel-General: System Boot Completion
Event ID 2 from Kernel-General indicates successful Windows system boot completion. This informational event logs when the kernel finishes loading and the system is ready for user logon.
Windows Event ID 131 – Unknown: Application or Service Crash Event
Event ID 131 indicates an application or service has crashed unexpectedly. This critical event helps administrators identify failing processes and investigate system stability issues.
Windows Event ID 157 – Disk: Disk Error Detected
Event ID 157 indicates a disk error has been detected by the Windows storage subsystem, typically signaling hardware issues, bad sectors, or failing storage devices requiring immediate investigation.
Windows Event ID 0 – Unknown: System Event with Undefined Source
Event ID 0 with Unknown source indicates a system event where the event source could not be properly identified or registered, often pointing to corrupted event log entries or missing event source definitions.
Windows Event ID 5783 – NETLOGON: Dynamic DNS Registration Failed
Event ID 5783 indicates that a domain controller failed to register its DNS records dynamically. This critical networking event affects Active Directory authentication and client connectivity to domain services.
Windows Event ID 4776 – Microsoft-Windows-Security-Auditing: Computer Account Authentication
Event ID 4776 logs computer account authentication attempts in Active Directory environments, tracking domain controller validation of computer credentials during logon processes.