Event 1530 revisited
On this computer I have regular Event 1530 reports referring to lsass.exe. Investigating using Process Monitor I find references to the Registry key HKLM\SAM\SAM\DOMAINS\etc where the task is "Desired Access Read and the Result is Name not found.
The computer is a Workstation and HKLM\SAM\SAM has no Domain entries. How do you backtrack to find what causes whatever it is to look for Domain entries on a Workstation?
TIA, Gerry
June 8th, 2012 3:15pm
This error has been cured in pre Vista/W 7 operating system with UPHclean. This correcting functionality has been build into Vista and UPHclean is incompatible with Vista and W 7.
Description of this error is in KB
http://support.microsoft.com/kb/947238/en-us
Regards
Milos
Free Windows Admin Tool Kit Click here and download it now
June 9th, 2012 1:41am
Milos
KB947238 says "The application that is listed in the event detail is leaving the registry handle open and should be investigated." That is what I am trying to do!
Hope this helps, Gerry
June 9th, 2012 2:29am
Hi,
Based on my research, this problem may occur when event tracing for Security Accounts Manager (SAM) events is enabled.
To work around this problem, please try to disable event tracing for SAM events and see how it works.
You can use
Logman command or
Trace Log Tool to disable it.
Hope this helps.
Jeremy Wu
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
June 11th, 2012 5:33am
Hi,
Based on my research, this problem may occur when event tracing for Security Accounts Manager (SAM) events is enabled.
To work around this problem, please try to disable event tracing for SAM events and see how it works.
You can use
Logman command or
Trace Log Tool to disable it.
Hope this helps.
Jeremy Wu
TechNet Community Support
June 18th, 2012 5:24am