Tag: Event 5008

Event ID 5008 — Microsoft Antimalware Engine Update

PCIS Support Team Leave a comment

Event ID 5008 — Microsoft Antimalware Engine Update

Updated: October 23, 2007

Applies To: Windows Server 2008

The Microsoft Antimalware Engine version is updated frequently to detect and remove the latest spyware or other potentially unwanted software. The Microsoft Antimalware Engine must be started and functioning correctly for a scan to successfully complete.

Event Details

Product: Windows Defender
ID: 5008
Source: Microsoft-Windows-Windows Defender
Version: 1.1
Symbolic Name: MALWAREPROTECTION_ENGINE_FAILURE
Message: %1 engine has been terminated due to an unexpected error. %tFailure Type:%b%5 %tException code:%b%6 %tResource:%b%3

Resolve
Restart Windows Defender

The scanning engine must be available when Windows Defender starts. Close Windows Defender and then open it again. If the scanning engine is still not available, restart the computer.

Verify

Windows Defender uses the scanning engine to run Windows Defender scans. To verify that the scanning engine updated successfully and is working correctly, you should run a Windows Defender quick scan.

To perform this procedure, you must be a member of the Users group, or you must have been delegated the appropriate authority.

To verify that the scanning engine updated successfully and is working correctly:

  1. Click Start, point to All Programs, and then click Windows Defender.
  2. Click the down arrow next to Scan, and then click Quick Scan.
  3. If the quick scan completes successfully, the scanning engine was updated successfully and is working correctly.

Related Management Information

Microsoft Antimalware Engine Update

Windows Defender

Related:

Event ID 5008 — Miniport Driver Configuration

PCIS Support Team Leave a comment

Event ID 5008 — Miniport Driver Configuration

Updated: January 7, 2009

Applies To: Windows Server 2008 R2

The configuration of a miniport driver can be found in the registry, driver, and hardware settings that control the network adapter.

Event Details

Product: Windows Operating System
ID: 5008
Source: E100B
Version: 6.1
Symbolic Name: EVENT_NDIS_NETWORK_ADDRESS
Message: %2 : Has encountered an invalid network address.

Resolve
Update network adapter driver configuration

Check the registry settings for configuration information such as network address, VLAN ID, offload settings, or control flow settings. 

To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To update the driver configuration information:

  1. Click Start, type devmgmt.msc in Start Search, and then press ENTER.
  2. In the Device Manager tree, click Network adapters, and then verify that the network adapter is present.
  3. Right-click the network adapter, and then click Properties.
  4. Click Advanced, and then change the values as appropriate.

Verify

To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To use Device Manager to view the status of network adapters:

  1. Click Start, type devmgmt.msc in Start Search, and then press ENTER.
  2. In the Device Manager tree, click Network adapters, and then verify that the network adapter is present.
  3. Right-click the network adapter, and then click Properties.
  4. Device Status should indicate This device is working properly.

Related Management Information

Miniport Driver Configuration

Networking

Related:

%2 : Has encountered an invalid network address.

PCIS Support Team Leave a comment
Details
Product: Windows Operating System
Event ID: 5008
Source: ndis
Version: 5.0
Component: System Event Log
Symbolic Name: EVENT_NDIS_NETWORK_ADDRESS
Message: %2 : Has encountered an invalid network address.
   
Explanation

The base address supplied in the Network and Dial-up Connections of Control Panel does not match the network adapter settings.
   
User Action

Contact the person with administrative rights on your computer. The administrator should verify that the network adapter is configured properly and that the card’s configuration does not conflict with the configurations of other hardware. You might want to have your network adapter replaced if this error message occurs frequently.

Related:

The message tracking log file was deleted.

PCIS Support Team Leave a comment
Details
Product: Exchange
Event ID: 5008
Source: MSExchangeSA
Version: 6.5.6940.0
Component: Microsoft Exchange System Attendant
Message: The message tracking log file <file name> was deleted.
   
Explanation

A logfile became outdated and was deleted to conserve disk space.
   
User Action

No user action is required.

Related:

The topology does not contain any route to server %1 in Active Directory site %2 in routing tables with timestamp %3. Recipients will not be routed to this server.

PCIS Support Team Leave a comment
Details
Product: Exchange
Event ID: 5008
Source: MSExchangeTransport
Version: 8.0
Symbolic Name: RoutingNoRouteToServer
Message: The topology does not contain any route to server %1 in Active Directory site %2 in routing tables with timestamp %3. Recipients will not be routed to this server.
   
Explanation

This Error event indicates that the Microsoft Exchange Server 2007 transport routing engine can’t find a route to the specified Exchange server in the specified Active Directory site. Therefore, routing is unable to deliver messages to this server. This error may be caused by replication latency. This error can also occur if there are no Hub Transport servers configured in the specified Active Directory site.
   
User Action

To resolve this error, do one or more of the following:

  • Verify that the specified Active Directory site is included in at least one IP site link.

  • If the specified Active Directory site was recently created, this error may be caused by Active Directory replication latency. Because no route is available, the messages will be delivered to the Unreachable queue and resubmitted when routing configuration changes.

  • Verify that the Active Directory site that is specified in the error message text contains at least one Hub Transport server.

  • Review other related Error and Warning events in the Application log. These related events may help you find the root cause of this error.

  • If the recommended steps do not resolve this error, contact Microsoft Customer Support Services. For more information about how to contact support, visit the Microsoft Help and Support Web site.

If you are not already doing so, consider running the tools that Microsoft Exchange offers to help administrators analyze and troubleshoot their Exchange environment. These tools can help you make sure that your configuration is in line with Microsoft best practices. They can also help you identify and resolve performance issues, improve mail flow, and better manage disaster recovery scenarios. Go to the Toolbox node of the Exchange Management Console to run these tools now. For more information about these tools, see Toolbox in the Exchange Server 2007 Help.

Related:

The host is either unreachable, or RPC is not running on the server

PCIS Support Team Leave a comment
Details
Product: Windows Operating System
Event ID: 5008
Source: DFSR
Version: 5.2.3790.1830
Message: The host is either unreachable, or RPC is not running on the server
   
Explanation

The DFS replication service is unable to establish contact with its partner via Remote Procedure Call (RPC).  The service will not be able to replicate until this issue is resolved.

Cause

The DFS replication service is unable to establish contact with its partner via Remote Procedure Call (RPC).  The service will not be able to replicate until this issue is resolved.
   
User Action
  1. Check if the RPC service is disabled and enable RPC if disabled following http://go.microsoft.com/fwlink/?LinkId=57836
  2. Check if a firewall is blocking the RPC end point mapper at port 135.  The DFS Replication service can be configured to a static port using the DFSR diagnostic command line interface as follows:Dfsrdiag StaticRPC /port:port /member:name

Note that if port 135 is blocked by a firewall, DFS Replication will not be able to replicate even if it is configured to use a static port since RPC first contacts port 135 to map the static port.  In this case, the firewall must allow both port 135 and the configured static port.

After the issue has been resolved, see event 1210.

Related: