Ever wonder what your Windows Servers are doing when you leave the office? The answers are only a few clicks away located in the Event Logs! Combing the event logs should be part of your daily system checks as an IT Professional.
First go to Administrative Tools on a Windows Server and open Event Viewer. There are many categories in the Event Viewer depending on what is installed on your server. We will focus on Application, Security and System for now.
There are 3 types of events, Informational, Warning and Error for each category.
Most of the time the Information events are things to be aware of, but do not require action. An example of an Information event from the Application Log is Event ID 1704. This is stating that Group Policy Objects have been applied. Good information to know and no action required.
Windows Server Event Viewer Application Information LogsA Warning event is something to be aware of, look into and potentially act upon. An example of a warning from the System Log is Event ID 36. This warning event is one that is very important to be aware of and may actually require attention. It indicates that the Time Service has not synchronized in a certain amount of time. This may not sound important in the very beginning, but a Windows Domain requires Time Synchronization for many services to function. If the event is continually logged than action will be required. A slight delay in Time Sync can happen from time to time.
An Error event is usually something that requires immediate attention and may be prohibiting the server from function normally. One example of an error message taken from the System Log is Event ID 1059. This error is referring to the DHCP Server not being Authorized. Definitely an important message to pay attention to, however this may not be an emergency. If a server has DHCP installed, but is not authorized because another server or device handles DHCP then this message can be ignored. If it is the only source for DHCP than attention is necessary.
Another example of an error taken from the System Log is Event ID 5719. This is normally a critical error indication some type of network problem because the computer could set up a secure session with a Domain Controller. This will in most cases require immediate attention.
These are just a few among many Events from a Windows Server 2008 Event Viewer. To be an effective IT Professional you must know your environment; be aware of what services are installed on your network and what systems they reside on. Look at the logs each day to know what is going on within the environment. It’s all right there at your finger tips.