Event IDs 11092 and 14012 in application event logs on computers hosting Query Engines (QEs)
|Article:TECH113926|||||Created: 2007-01-20|||||Updated: 2008-01-07|||||Article URL http://www.symantec.com/docs/TECH113926|
Why do warnings 11092 and 14012 appear in application event logs on computers hosting QEs?
Observed when the Window Firewall/Internet Connection Sharing service (ICS) is turned off or disabled.
This event is logged at startup of Query Engine service & Enterprise Configuration Service at start up if the firewall service is turned off or disabled. In this case:
- Query Engine & ECS are not asked to register itself with the firewall
- They try to synchronize the windows firewall settings with Bindview registry settings.
- The Windows firewall settings are stored in the windows. While the firewall information which Bindview contains about the windows firewall is stored in the registry.
- The synchronization is done to ensure that the registry settings are in sync with windows firewall settings.
- During synchronization QE tries to contact firewall to read its settings(from the windows location), but since firewall service is stopped/disabled this synchronization fails
- This logs the warning event IDs 11092 & 14012.
The event description should instead be:
Application Warning: Synchronize the Query Engine with firewall. (Firewall service stopped)
Application Warning: Register the Query Engine with firewall:There are no more endpoints available from the endpoint mapper.Exception was caught.
To have this event ID in the application log is vital, because this tells the user that the Query Engine & ECS are not synchronized with the Firewall settings OR The firewall service is turned off or disabled.
No action is required, since these are informational event IDs.
Article URL http://www.symantec.com/docs/TECH113926