Windows Events — Event ID Reference & Troubleshooting
Complete Windows Event ID reference. Understand every system event, its causes and solutions.
Windows Event ID 36887 – Schannel: TLS Connection Error or Certificate Validation Failure
Event ID 36887 indicates TLS/SSL connection failures or certificate validation errors in the Schannel security provider, commonly affecting HTTPS connections and secure communications.
Windows Event ID 7034 – Service Control Manager: Service Crashed Unexpectedly
Event ID 7034 indicates a Windows service terminated unexpectedly without a clean shutdown. This critical error requires immediate investigation to identify the failing service and root cause.
Windows Event ID 1002 – Application Error: Application Hang Detection
Event ID 1002 indicates an application has stopped responding and Windows has detected a hang condition. This critical event helps identify problematic applications affecting system performance.
Windows Event ID 6008 – EventLog: Unexpected System Shutdown Detection
Event ID 6008 indicates Windows detected an unexpected system shutdown. The system was not properly shut down before the previous boot, suggesting power loss, hardware failure, or forced restart.
Windows Event ID 4608 – Security: Windows System Startup Initialization
Event ID 4608 logs when Windows starts up and the Local Security Authority Subsystem Service (LSASS.EXE) initializes the auditing subsystem during system boot.
Windows Event ID 4723 – Microsoft-Windows-Security-Auditing: User Account Password Change Attempt
Event ID 4723 logs when a user attempts to change another user's password. This security audit event tracks administrative password reset operations and helps monitor unauthorized password modifications across Windows domains.
Windows Event ID 4625 – Microsoft-Windows-Security-Auditing: An Account Failed to Log On
Event ID 4625 records failed logon attempts in Windows Security logs. Critical for detecting brute force attacks, credential issues, and unauthorized access attempts across domain and local accounts.
Windows Event ID 4624 – Microsoft-Windows-Security-Auditing: An Account Was Successfully Logged On
Event ID 4624 records successful user authentication attempts in Windows. This security audit event fires whenever a user, service, or computer account successfully logs on to the system, providing detailed logon session information.
Windows Event ID 10010 – DistributedCOM: DCOM Server Process Launcher Access Denied
Event ID 10010 indicates DCOM server process launcher encountered access denied errors when attempting to start COM+ applications or services, typically due to permission issues or corrupted DCOM configurations.
Windows Event ID 10016 – Microsoft-Windows-DistributedCOM: DCOM Permission Denied Error
Event ID 10016 indicates DCOM permission issues when applications attempt to access COM components without proper authorization. This warning-level event is often benign but can indicate security configuration problems.
Windows Event ID 41 – Kernel-General: System Rebooted Without Clean Shutdown
Event ID 41 indicates Windows rebooted unexpectedly without proper shutdown. Caused by power failures, hardware issues, or critical system errors requiring immediate investigation.