Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Example Event

system:
  provider: Microsoft-Windows-Complus
  guid: '{0f177893-4a9c-4709-b921-f432d67f43d5}'
  event_source_name: COM+
  event_id: 781
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 36028797018963968
  time_created: '2023-11-06T06:25:46.553578+00:00'
  event_record_id: 1443
  correlation: {}
  execution:
    process_id: 4608
    thread_id: 0
  channel: Application
  computer: WinDev2310Eval
  security:
    user_id: ''
event_data:
  param1: '86400'
  param2: SuppressDuplicateDuration
  param3: Software\Microsoft\COM3\Eventlog
message: ''

References

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Fields

Fields

Fields

Fields

Fields

Example Event

system:
  provider: Microsoft-Windows-Complus
  guid: '{0f177893-4a9c-4709-b921-f432d67f43d5}'
  event_source_name: COM+
  event_id: 4440
  version: 0
  level: 3
  task: 28
  opcode: 0
  keywords: 36028797018963968
  time_created: '2023-11-06T06:25:46.051085+00:00'
  event_record_id: 1442
  correlation: {}
  execution:
    process_id: 4608
    thread_id: 0
  channel: Application
  computer: WinDev2310Eval
  security:
    user_id: ''
event_data:
  Data:
    Name: param1
    Value: "WINDEVEVAL\r\n\r\nServer Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235}\r\nServer
      Application Instance ID:\r\n{0A80C347-76E1-445F-9329-C69735827198}\r\nServer
      Application Name: System Application\r\nComsvcs.dll file version: ENU 2001.12.10941.16384
      shp"
message: ''

References

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Message

The mtstocom launching routine has started.%1

Fields

Message

The mtstocom launching routine has completed.%1

Fields

Message

The mtstocom migration utility is attempting to retry populating the packages collection because it failed its first attempt.%1

Fields

Message

Application image succesfully dumped.%1

Fields

Message

Application image dump failed.%1

Fields

Message

MSMQ Workgroup configuration does not provide sender identity for a COM+ application that has security enabled. The usage is accepted.%1

Fields

Message

MSMQ Message Authentication disabled for a COM+ application that has security enabled. The usage is accepted.%1

Fields

Message

The COM+ sub system is suppressing duplicate event log entries for a duration of %1 seconds.  The suppression timeout can be controlled by a REG_DWORD value named %2 under the following registry key: HKLM\%3.

Fields

Message

The average call duration has exceeded the configured threshold.%1

Fields

Message

The average call duration has exceeded 10 minutes. If this is not the expected behavior, please see article 910904 in the Microsoft Knowledge Base at http://support.microsoft.com for details on how to use the COM+ AutoDump feature to automatically generate dump files and/or terminate the process if the problem occurs again.%1

Fields

Message

A new CRM log file was created. This CRM log file is not secure because the application Identity is Interactive User or the file system is not NTFS. %1

Fields

Message

A new CRM log file was created. This CRM log file is secure. %1

Fields

Message

A new CRM log file was created for the System Application.

Message

An error occurred in your COM+ component.  %1

Fields

Message

A method call to an object in a COM+ application was rejected because the caller is not properly authorized to make this call. The COM+ application is configured to use Application and Component level access checks, and enforcement of these checks is currently enabled. The remainder of this message provides information about the component method that the caller attempted to invoke and the identity of the caller.%1

Fields

Message

A method call to an object in a COM+ application was rejected because the caller is not properly authorized to make this call. The COM+ application is configured to use Application and Component level access checks, and enforcement of these checks is currently enabled. Information about the component method that the caller attempted to invoke and about the identity of the caller could not be obtained, probably due to low memory conditions on this computer.

Message

Failures have occurred during migration of MTS packages and program settings to COM+ applications and program settings. See the mtstocom.log file in the windows directory for more information.%1

Fields

Message

A registry value was changed while installing the following component into a COM+ Application. If you are experiencing activation problems with this component then please check the registry value for the following key.%1

Fields

Message

Controlled registration of this component failed. It has been registered directly. If you are not using partitions you can ignore this warning. If you are using partitions you may need to add support components that are required before controlled registration of this component can succeed. Check your documentation for details.%1

Fields

Message

You have installed an application which contains one or more private components into the base partition. Private components are not supported in the base partition. The private components have been made public.%1

Fields

Message

During controlled registration of this component the component cancelled registry redirection. This may cause problems with component installation. Check your documentation for details.%1

Fields

Message

The

Fields

Message

COM+ failed to find the correct partition for the admin SDK. The admin SDK will use the base partition. Check that users are configured into partitions correctly. See your documentation for details.%1

Fields

Message

Unable to load file %1 during component registration. File does not exist.

Fields

Message

Unable to load DLL %1 during component registration. Unable to validate DLL entry points.

Fields

Message

The CRM log file was originally created on a computer with a different name. It has been updated with the name of the current computer. If this warning appears when the computer name has been changed then no further action is required. %1

Fields

Message

The CRM log file was originally created with a different application ID. It has been updated with the current application ID. If this warning appears when the CRM log file has been renamed then no further action is required. %1

Fields

Message

A log information record was not found in the existing CRM log file. It has been added. If this warning appears when the CRM log file is being initially created then no further action is required. %1

Fields

Message

An unexpected method call was received. It has been safely ignored. Method Name: %1

Fields

Message

An empty CRM log file was detected. It has been re-initialized. If this warning appears when the CRM log file is being initially created then no further action is required. %1

Fields

Message

An incompletely initialized CRM log file was detected. It has been re-initialized. If this warning appears when the CRM log file is being initially created then no further action is required. %1

Fields

Message

The application attempted to use the CRM but the CRM is not enabled for this application. You can correct this problem using the Component Services administrative tool. Display the Properties for your application. Select the Advanced tab and check Enable Compensating Resource Managers. The CRM can only be enabled for server applications. %1

Fields

Message

Some transactions could not be completed because they are in-doubt. The CRM will attempt to complete them on its next recovery. %1

Fields

Message

The system has called the CRM Compensator custom component and that component has failed and generated an exception. This indicates a problem with the CRM Compensator component. Notify the developer of the CRM Compensator component that this failure has occurred. The system will continue because the IgnoreCompensatorErrors registry flag is set, but correct compensation might not have occurred. %1

Fields

Message

The system has called the CRM Compensator custom component and that component has returned an error. This indicates a problem with the CRM Compensator component. Notify the developer of the CRM Compensator component that this failure has occurred. The system will continue because the IgnoreCompensatorErrors registry flag is set, but correct compensation might not have occurred. %1

Fields

Message

The CRM log file for this application is located on a disk which is low on space. This may cause failures of this application. Please increase the space available on this disk. The CRM log file name is shown below.%1

Fields

Message

CRM Worker custom components require a transaction. You can correct this problem using the Component Services administrative tool. Display the Properties for your CRM Worker component. Select the Transactions tab. Select the Transaction support Required option button.%1

Fields

Message

Event class failed Query Interface. Please check the event log for any other errors from the EventSystem.%1

Fields

Message

Failed to create event class. Please check the event log for any other errors from the EventSystem.%1

Fields

Message

Event failed. Please check the event log for any other errors from the EventSystem.%1

Fields

Message

A previous instance of this server application has been terminated.%1

Fields

Message

The attempt to trace an event has failed with E_OUTOFMEMORY. This has happened so far a total of %1 times.

Fields

Message

During initialization, the System Application stopped an open COM+ tracing session.

Message

COM+ Services was unable to obtain local SAM information. COM+ will continue to operate normally, but any calls between local and remote COM+ components will incur additional overhead. The error returned is shown below.%1

Fields

Message

A COM+ service (such as Queued Components or Compensating Resource Manager) failed an ApplicationFree event.  This is not a normal occurrence, but it is considered a non-critical error. The service GUID and HRESULT are: %1

Fields

Message

A COM+ service (such as Queued Components or Compensating Resource Manager) failed an ApplicationShutdown event.  This is not a normal occurrence, but it is considered a non-critical error. The service GUID and HRESULT are: %1

Fields

Message

COM+ has determined that your machine is running very low on available memory.  In order to ensure proper system behavior, the activation of the component has been refused.  If this problem continues, either install more memory or increase the size of your paging file.  Memory statistics are: %1

Fields

Message

COM+ failed an activation because the creation of a context property returned E_OUTOFMEMORY %1

Fields

Message

The shutdown process of COM+ surrogate failed because of an unknown ApplId. This is an unexpected error, but is ignored because the application is in the process of shutting down.%1

Fields

Message

An external error has been reported to COM+ services.%1

Fields

Message

The server process has lost its connection with MS-DTC. This is expected if MS-DTC has stopped, or if MS-DTC failover has occurred on a cluster.%1

Fields

Message

The current registration database is corrupt. COM+ catalog has reverted to a previous version of the database. %1

Fields

Message

Error creating security descriptor.

Message

Failed to initialize registration database server.

Message

Failed to initialize registration database API.

Message

COM Replication: An unexpected error occurred.  The failing function is listed below. %1

Fields

Message

You have attempted to install an application which contains one or more imported components into a non-base partition. Imported components are only supported in the base partition.%1

Fields

Message

The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. %1

Fields

Message

The run-time environment has detected the absence of a critical resource and has caused the process that hosted it to terminate. %1

Fields

Message

The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. %1

Fields

Message

Could not obtain a proxy/stub class factory for given interface. Proxy/stub is not registered correctly. %1

Fields

Message

Failed to create a stub object for given interface.  %1

Fields

Message

Replication: Invalid machine name supplied for %1.

Fields

Message

The run-time environment was unable to create a new UUID. %1

Fields

Message

An attempt was made to access a SPM Property Group in LockMethod mode, by an object without JIT Activation, or by an object with a lock on another Property Group. %1

Fields

Message

The class ID of the proxy stub DLL for the interface is not available, or failed to load the proxy stub DLL, or failed to create a proxy.

Message

An unexpected error occurred. The failing function is listed below. The data section may have additional information.%1

Fields

Message

COM+ Queued Components failed to obtain necessary information from the catalog.%1

Fields

Message

The COM+ Queued Components Player was unable to create an instance of a Queued Component. %1

Fields

Message

An unauthenticated message was received by an application that accepts only authenticated messages.%1

Fields

Message

The system has called a custom component and that component has failed and generated an exception. This indicates a problem with the custom component. Notify the developer of this component that a failure has occurred and provide them with the information below.%1

Fields

Message

An error occurred while checking to see if a queued message was sent by a trusted partner. The process may have insufficient privileges to call GetEffectiveRightsFromAcl. The HRESULT from this call is %1

Fields

Message

The server was unable to determine if a queued message was sent by a trusted partner due to a lack of available memory. The sender is assumed to be untrusted. %1

Fields

Message

The server was unable to determine if a queued message was sent by a trusted partner due to an unexpected failure in a Windows API call. The sender is assumed to be untrusted. The failed API and corresponding error code are shown below. %1

Fields

Message

The COM+ Services DLL (comsvcs.dll) was unable to load because allocation of thread local storage failed. %1

Fields

Message

COM+ Services was unable to load a required string resource. The string resource identifier was not found. This results from an error in the localization process for this product and should be reported to Microsoft customer support. The binary data for this event contains the resource identifier that failed to load. %1

Fields

Message

COM+ Services was unable to initialize due to a failure in the system API shown below. This is often caused by a shortage of system resources on the local machine.%1

Fields

Message

The system has called the CRM Compensator custom component and that component has failed and generated an exception. This indicates a problem with the CRM Compensator component. Notify the developer of the CRM Compensator component that this failure has occurred. %1

Fields

Message

The application cannot access the CRM log file because it is being used by another process, probably because another server process is running for the same application. Please verify that no other server processes are running for this application and try again. %1

Fields

Message

COM+ Services was unable to authorize the incoming call due to an unexpected failure. The incoming call was denied and a "permission denied" error was returned to the caller. The unexpected error code is shown below.%1

Fields

Message

COM+ Services was unable to determine the caller's identity because of an unexpected error. This may be caused by a shortage of system resources on the local machine. The caller will be treated as anonymous which may result in access failures or other errors. The name of the failed API and the error code that it returned are shown below.%1

Fields

Message

COM+ Services was unable to process a component's call to IsCallerInRole due to an unexpected failure. The unexpected error code (shown below) was returned to the caller.%1

Fields

Message

The system has called the CRM Compensator custom component and that component has returned an error. This indicates a problem with the CRM Compensator component. Notify the developer of the CRM Compensator component that this failure has occurred. %1

Fields

Message

The system failed to create the CRM Compensator custom component. %1

Fields

Message

The system failed to create the CRM Compensator because the system is out of memory. %1

Fields

Message

The Queued Components Listener received an improperly formatted message.%1

Fields

Message

An unexpected error was returned by the Message Queuing API %1

Fields

Message

The server was unable to determine if a queued message was sent by a trusted partner due to an unexpected failure in a COM+ catalog component. The sender is assumed to be untrusted. The failed catalog API and corresponding error code are shown below.%1

Fields

Message

An unexpected error was returned by Message Queuing API indicated. Unable to retrieve the associated error message text. Message Queuing API return values are defined in Platform SDK file MQ.H.%1

Fields

Message

The Synchronization property is required for the Transaction property. Activation failed for object: %1

Fields

Message

The Synchronization property is required for the JIT property. Activation failed for object: %1

Fields

Message

The following component is configured for Construction, and either the IObjectConstruct::Construct() method failed, or the component does not support IObjectConstruct. Activation failed for object: %1

Fields

Message

A condition has occurred that indicates this COM+ application is in an unstable state or is not functioning correctly. Assertion Failure: %1

Fields

Message

Output arguments are not supported by queued methods. The data section contains the IID and method number.%1

Fields

Message

A COM+ service (such as Queued Components or Compensating Resource Manager) failed an ApplicationLaunch event.  If this problem continues, try disabling CRM and/or QC on your application. If you are using QC, make sure that Message Queuing is installed. The service GUID and HRESULT are: %1

Fields

Message

A COM+ service (such as Queued Components or Compensating Resource Manager) failed to start. The service GUID and HRESULT are: %1

Fields

Message

A request for a callback on a MTA thread failed. This should happen only if the system is in an extremely unstable state. It is possible that custom components running in this COM+ application caused the instability that led to this failure. %1

Fields

Message

The initialization of the COM+ surrogate failed -- the CApplication object failed to initialize.%1

Fields

Message

The BYOT Gateway failed to import the transaction using TIP. Make sure that the installed MS-DTC supports the TIP protocol. %1

Fields

Message

The BYOT Gateway failed to create the component.%1

Fields

Message

The BYOT Gateway could not set transactional property in new object context.%1

Fields

Message

The BYOT Gateway could not delegate the activation. The component being created may be incorrectly configured. %1

Fields

Message

The BYOT Gateway component is incorrectly configured. %1

Fields

Message

The IObjectControl::Activate() method failed.  The CLSID of the object is: %1

Fields

Message

Queued Components has detected an invalid Marshaled object.%1

Fields

Message

Object reference passed as a method parameter to a Queued Component does not implement IPersistStream.%1

Fields

Message

The CRM has lost its connection with MS-DTC. This is expected if MS-DTC has stopped, or if MS-DTC failover has occurred on a cluster.%1

Fields

Message

COM+ Services was unable to initialize security infrastructure due to a failure in the system API shown below. This is often caused by a shortage of system resources on the local machine. No components requiring security infrastructure services will be created in this process. %1

Fields

Message

A non-empty queue could not be deleted.  Purge messages and try again.%1

Fields

Message

Queued Application has an invalid catalog entry. Uncheck and check the Application's Queue property.%1

Fields

Message

Queued Application has an invalid catalog entry. Uncheck and check the Application's Queue property.%1

Fields

Message

Queued Components requires Message Queuing. Message Queuing is not installed.%1

Fields

Message

GetProcAddress for a Message Queuing API failed.  Message Queuing may not be installed correctly.%1

Fields

Message

Unknown event ID. Please check the event log for any other errors from the EventSystem.%1

Fields

Message

Unable to instantiate Exception Class.%1

Fields

Message

COM+ requires that ODBC version 2.0 or greater be installed on your machine.  The version of ODBC that ships with Windows 2000 is sufficient.  Please reinstall ODBC from your distribution media.%1

Fields

Message

COM+ was unable to set up the ODBC shared environment, which means that automatic transaction enlistment will not work.%1

Fields

Message

A CRM checkpoint has failed. Most likely this application is not configured correctly for use on the cluster. See the COM+ Compensating Resource Manager (CRM) documentation for details on how to fix this problem.%1

Fields

Message

The threading model of the component specified in the registry is inconsistent with the registration database. The faulty component is: %1

Fields

Message

CRM recovery has failed because MS-DTC thinks that the previous instance of this application is still connected. This is a temporary condition that can occur if the system is too busy. Please attempt the CRM recovery again by restarting this application.%1

Fields

Message

The CRM Compensator custom component has timed out out waiting for the CRM Worker custom component to complete. See the COM+ Compensating Resource Manager (CRM) documentation for further explanation of this error.%1

Fields

Message

CRM recovery has failed because the device is not ready. This is a temporary condition which can occur during cluster failover. Please attempt the CRM recovery again by restarting this application.%1

Fields

Message

You have attempted to use COM+ Conversation support, and an error was generated accessing the database.  You must specify a valid DSN in the construct string of the COMSvcs.Conversation component. For information on what a valid DSN is, see the documentation for the SQLDriverConnect API in MSDN or the Platform SDK. An example of a valid DSN is "DSN=Conversation".

Message

TransactionManager->GetWhereabouts failed. If Distributed Transaction Coordinator is configured to use remote host to coordinate transactions, it is likely that remote host cannot be contacted. You can configure MSDTC to use local coordinator by clicking MSDTC toolbar button in Component Services MMC snap-in. Since further execution is impossible at this time, server process has been terminated.%1

Fields

Message

A COM+ service (such as Queued Components or Compensating Resource Manager) failed in its PauseProcess method. The service GUID and HRESULT are: %1

Fields

Message

A COM+ service (such as Queued Components or Compensating Resource Manager) failed in its ResumeProcess method. The service GUID and HRESULT are: %1

Fields

Message

The COM+ tracing GUIDs couldn't be registered. Tracing will be disabled.%1

Fields

Message

The COM+ tracing session failed to initialize. %1

Fields

Message

The COM+ event filter encountered an unexpected error. The system event will not be fired. %1

Fields

Message

This is the first external error message in this file. It is a marker only, never issued.%1

Fields

Message

An external error has been reported to COM+ services.%1

Fields

Message

COM+ could not create a new thread due to a low memory situation.%1

Fields

Message

This is the last external error message in this file. It is a marker only, never issued.%1

Fields