Guest Paul & Lucy Posted July 25, 2007 Posted July 25, 2007 Good afternoon everyone, I'm a home user, and I notice that I'm getting many of these errors in the event viewer. I can't find where this error is coming from. Does anyone know what this is ? All my internet apps (mail, web, chat) seem to work fine. "Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network. (Error Code: 2, Event ID: 5032, Source: security-auditing) " I tried looking up 5032 in Microsoft's error lookup page, but found nothing. Thanks for any insight you can provide, sincerely, Paul Quote
Guest Jesper Posted July 26, 2007 Posted July 26, 2007 This happens when a service is blocked from receiving inbound traffic. The firewall only notifies the user when an interactive program is blocked. If you open the event and look at the details you will see a Process ID. That process ID will tell you which process was blocked. You can determine the name of the process using Task Manager (hit CTRL+SHIFT+ESC to launch it). There is also a thread ID there. If you are inclined to go debugging you can use that to figure out more specifically what was blocked. Keep in mind, however, that process IDs are ephemeral and will change when the process is restarted. --- Your question may already be answered in Windows Vista Security: http://www.amazon.com/gp/product/047010155...rotectyourwi-20 "Paul & Lucy" wrote: <span style="color:blue"> > Good afternoon everyone, > > I'm a home user, and I notice that I'm getting many of these errors in the > event viewer. I can't find where this error is coming from. Does anyone > know what this is ? All my internet apps (mail, web, chat) seem to work > fine. > > "Windows Firewall was unable to notify the user that it blocked an > application from accepting incoming connections on the network. (Error > Code: 2, Event ID: 5032, Source: security-auditing) " > > I tried looking up 5032 in Microsoft's error lookup page, but found nothing. > > Thanks for any insight you can provide, sincerely, > > Paul > > > > > </span> Quote
Guest Paul & Lucy Posted July 26, 2007 Posted July 26, 2007 Thanks for the insight Jesper. I did as you suggested. The task manager shows that the process is called "Isass.exe" which is the "local security authority process" and is part of the RPC (remote procedure call) process. The service that are associated with it is something called "CNG Key Isolation" (KeyIso). Don't know what to do here. It was also mentioned that this error can come up when the computer doesn't have enough memory to notify the user. ___________________________________ "Jesper" <Jesper@discussions.microsoft.com> wrote :<span style="color:blue"> > This happens when a service is blocked from receiving inbound traffic. The > firewall only notifies the user when an interactive program is blocked. > > If you open the event and look at the details you will see a Process ID. > That process ID will tell you which process was blocked. You can determine > the name of the process using Task Manager (hit CTRL+SHIFT+ESC to launch > it). > There is also a thread ID there. If you are inclined to go debugging you > can > use that to figure out more specifically what was blocked. Keep in mind, > however, that process IDs are ephemeral and will change when the process > is > restarted. > --- > Your question may already be answered in Windows Vista Security: > http://www.amazon.com/gp/product/047010155...rotectyourwi-20 ></span> Quote
Guest Jesper Posted July 26, 2007 Posted July 26, 2007 It is actually kind of the other way around. Think of LSASS as the "executive branch" of security on your computer. It enforces all the rules around security, including authentication, access checks, etc. It uses RPC for many of its calls. I have never heard this may happen when the computer has insufficient memory, but maybe it could. In this particular case it is most definitely a service that received data that the firewall blocked. It could be malicious or benign. Without sniffing to find out you won't know. It can actually be as simple as LSASS calling into itself (which is quite common) using a network API. Upon failure it can retry with a local call. I would not worry about it though. It is quite normal to see these. Over the last two days I have 29 of these. Most or all are related to LSASS. I have noticed no stability problems with it, and in any case, there is insufficient information in the event log message to act on it. --- Your question may already be answered in Windows Vista Security: http://www.amazon.com/gp/product/047010155...rotectyourwi-20 "Paul & Lucy" wrote: <span style="color:blue"> > Thanks for the insight Jesper. I did as you suggested. The task manager > shows that the process is called "Isass.exe" which is the "local security > authority process" and is part of the RPC (remote procedure call) process. > The service that are associated with it is something called "CNG Key > Isolation" (KeyIso). Don't know what to do here. > > It was also mentioned that this error can come up when the computer doesn't > have enough memory to notify the user. > > ___________________________________ > > "Jesper" <Jesper@discussions.microsoft.com> wrote :<span style="color:green"> > > This happens when a service is blocked from receiving inbound traffic. The > > firewall only notifies the user when an interactive program is blocked. > > > > If you open the event and look at the details you will see a Process ID. > > That process ID will tell you which process was blocked. You can determine > > the name of the process using Task Manager (hit CTRL+SHIFT+ESC to launch > > it). > > There is also a thread ID there. If you are inclined to go debugging you > > can > > use that to figure out more specifically what was blocked. Keep in mind, > > however, that process IDs are ephemeral and will change when the process > > is > > restarted. > > --- > > Your question may already be answered in Windows Vista Security: > > http://www.amazon.com/gp/product/047010155...rotectyourwi-20 > ></span> > > > </span> Quote
Guest Paul & Lucy Posted July 27, 2007 Posted July 27, 2007 I'm glad I don't have to worry about it, because it would otherwise one heck of a problem to crack. I was just going through the event viewer to see what errors are in there and trying to see which ones are important and which ones aren't. Thanks once again, Paul __________________________________ "Jesper" <Jesper@discussions.microsoft.com> wrote in message news:0238925D-0C6F-410B-9B5A-7181A553BA4D@microsoft.com...<span style="color:blue"> > It is actually kind of the other way around. Think of LSASS as the > "executive > branch" of security on your computer. It enforces all the rules around > security, including authentication, access checks, etc. It uses RPC for > many > of its calls. > > I have never heard this may happen when the computer has insufficient > memory, but maybe it could. In this particular case it is most definitely > a > service that received data that the firewall blocked. It could be > malicious > or benign. Without sniffing to find out you won't know. It can actually be > as > simple as LSASS calling into itself (which is quite common) using a > network > API. Upon failure it can retry with a local call. > > I would not worry about it though. It is quite normal to see these. Over > the > last two days I have 29 of these. Most or all are related to LSASS. I have > noticed no stability problems with it, and in any case, there is > insufficient > information in the event log message to act on it. > > --- > Your question may already be answered in Windows Vista Security: > http://www.amazon.com/gp/product/047010155...rotectyourwi-20 > > > "Paul & Lucy" wrote: ><span style="color:green"> >> Thanks for the insight Jesper. I did as you suggested. The task manager >> shows that the process is called "Isass.exe" which is the "local security >> authority process" and is part of the RPC (remote procedure call) >> process. >> The service that are associated with it is something called "CNG Key >> Isolation" (KeyIso). Don't know what to do here. >> >> It was also mentioned that this error can come up when the computer >> doesn't >> have enough memory to notify the user. >> >> ___________________________________ >> >> "Jesper" <Jesper@discussions.microsoft.com> wrote :<span style="color:darkred"> >> > This happens when a service is blocked from receiving inbound traffic. >> > The >> > firewall only notifies the user when an interactive program is blocked. >> > >> > If you open the event and look at the details you will see a Process >> > ID. >> > That process ID will tell you which process was blocked. You can >> > determine >> > the name of the process using Task Manager (hit CTRL+SHIFT+ESC to >> > launch >> > it). >> > There is also a thread ID there. If you are inclined to go debugging >> > you >> > can >> > use that to figure out more specifically what was blocked. Keep in >> > mind, >> > however, that process IDs are ephemeral and will change when the >> > process >> > is >> > restarted. >> > --- >> > Your question may already be answered in Windows Vista Security: >> > http://www.amazon.com/gp/product/047010155...rotectyourwi-20 >> ></span> >> >> >></span> > </span> Quote
Guest Thomas Krogstad Posted October 19, 2008 Posted October 19, 2008 Same problem Just to start out, I KNOW this thread is a year old, but since I have the same problem, I'll bump this, rather than creating a new thread. I've been looking EVERYWHERE for a solution now, and I am getting desperate... I get this exact same error in my Event Viewer. However, I wouldn't have bothered with it, unless it actually caused me problems. The 11th of October I started disconnecting within one hour (5 mins at minimum) from my internet while playing a game I use to play, but the internet reconnects quickly within 10-15 seconds. This is getting really annoying, and I always disconnect from the game I'm playing when this happens. I've been looking for solutions EVERYWHERE, asked everywhere, and done everything I could... but I have yet to locate the problem. Just to put it out there, I've tried almost everything (and no, it's not my router, modem, connection, stability or any of that, because this only happens on MY computer only, and no other computer on the same network); check this thread where I've written in more details: http://www.vistaheads.com/forums/microsoft...40-minutes.html I've concluded that this error HAS to be the reason my internet disconnects, because I started getting the logs at the EXACT same date my disconnections started happening; I am now up to 800-900 logs of this same error. It also happens at the same minute my internet disconnection happens. I've located the process, and just as the person who created this topic, I've found it to be Lsass.exe. I do not know what to do anymore. This disconnection is bothering me incredibly much, and I'm almost about to give up after 1 and a half week of researching. Thanks in advance. Quote
Guest Gordon Posted October 19, 2008 Posted October 19, 2008 Re: Same problem "Thomas Krogstad" wrote in message news:2008101993334thomas_krogstad@spray.no...<span style="color:blue"> > Just to start out, I KNOW this thread is a year old, but since I have the > same problem, I'll bump this, rather than creating a new thread.</span> Please note: This is NOT a chat room and You are NOT posting to a forum run by Eggheadcafe - you are actually posting to a global Usenet Newsgroup. You will get a far better experience if you use a newsreader and subscribe to these groups directly, rather than through Eggheadcafe. Setting up Outlook Express/Windows Mail to access Microsoft newsgroups http://www.michaelstevenstech.com/outlooke...ssnewreader.htm Accessing the MS newsgroups in Outlook Express/Windows Mail Newsreader http://www.microsoft.com/windowsxp/expertz...groupsetup.mspx If you must stay with Egghheadcafe then please follow Usenet custom by quoting the post you are replying to, and replying to the thread. Thank you. http://dts-l.net/goodpost.htm Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.