Posted in the wrong forum earlier Server 2008 (32 bit) Domain Controller will be running just fine, then the normal 4624, 4634, etc. events will cease and the following will appear: The event logging service encountered an error while processing an incoming event from publisher Microsoft-Windows-Security-Auditing and trying to process the metadata for it. EVENT ID: 1107 I understand that LSA has a queue set in HKLM\SYSTEM\CurrentControlSet\Control\Lsa. It is currently 0x00 30 00 00 00 20 00 00. I have also found the following data: "Specifies thresholds for managing the length of the kernel-mode Local Security Authority ( LSA ) audit queue. The audit queue stores kernel-mode events destined for the Security Log in Event Viewer. The value of this entry is an 8-byte binary field. The value of the first four bytes specifies the maximum number of items that can be held in the audit queue (the upper bound). When the number of audits exceeds this value, LSA discards all new audits until the number of audits remaining in the queue reaches the lower bound, as specified by the value of the last four bytes. The system does not notify you when the queue is nearing, has reached, or has exceeded its upper bound. To prevent the system from running when it cannot report all security events, set the value of CrashOnAuditFail to 1." Well.... I am getting mighty tired of rebooting a domain controller because it is not logging properly. Are there any settings, changes, mods, upgrades that will allow me to run the system without repeatedly resetting? Note... In one case, clearing the security log 2x times allowed the queued events to be read and the event log to continue running. However, normally the event viewer crashes instead, requiring a full reboot. Dell PowerEdge 750 Pentium 4 Dual Core 2.8 Ghz 2.5 GB Ram

No ideas?

170+ views and not one response? If I am not clear, please tell me. If there is no fix, please let me know.

380+ views and no ideas?

800+ Views............. Any takers?

Nearly 1000 views and not one response.... Does no one know the answer to my question? Are there any settings, changes, mods, upgrades that will allow me to run the system without repeatedly rebooting to clear the 1107 events? More RAM? Larger LSA audit queue? If a larger queue, how large?

No answers?

Has passed 2000 views and yet not one person can assist?