Event ID 1106 — Security Channel Publishing
Applies To: Windows Server 2008
.jpg)
As events are delivered to the Event Log service to be saved in the Security log, they pass through the operating system (OS) kernel. If the kernel does not have enough resources to deliver the events to the Event Log service (which can happen if the Event Log service has to handle a large number of events), then the events are lost. This can compromise the security of the system and ability of administrators, support personnel, and automated utilities to troubleshoot and diagnose problems.
Event Details
| Product: | Windows Operating System |
| ID: | 1106 |
| Source: | Microsoft-Windows-Eventlog |
| Version: | 6.0 |
| Symbolic Name: | EVENT_AUDIT_FAILURE |
| Message: | Events have been dropped by the event logging service. The reason code is %1. |
Resolve
Decrease the number of events logged in the Security log
Events sent to the Security log are dropped (they cannot reach the Event Log service and the Security log) when their volume exceeds system capabilities. The hardware (CPU speed and disk size) can be improved to allow the system to handle a higher volume of events, or the number of events published should be reduced. For a busy domain controller system with full auditing enabled, the system attempts to publish a large number of events into the Security log. To allow the system to handle the volume, disable some auditing.
Verify
Use the Event Viewer to read the Security log on the local computer after the computer has been restarted. Verify that events 1101 or 1106 do not appear in the Security log.