Solved How fatal is "fatal"? -- Two persistent log errors, help please

[Stimson]

How fatal is "fatal"? -- Two persistent log errors, help please

Greetings,

I have been finding these two errors in my log and don't know what action -- if any -- I should be taking to fix. I don't know how serious these are. The information that I find online is not clear to me at all -- sometimes sounds dangerous, sometimes not.

The following error has shown up for about six-months, first sporadically, now usually once per day. Seems to occur after the first time that the computer wakes from sleep-mode.

Description: The server {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} did not 
register with DCOM [FONT=Times New Roman][FONT=Verdana]within the required timeout. [/FONT]
[FONT=Verdana]Source: Microsoft-Windows-DistributedCOM[/FONT]
[FONT=Verdana]Event ID: 10010[/FONT]
[/FONT]

And the following error has shown up since last October. Occurs maybe once every few days with no associated task than I can discover.

Description: The following fatal alert was received: 40
Source: Schannel
Event ID: 36887

I am especially confused by the information I have found on the last one. Including in this discussion on Sevenforums: http://www.sevenforums.com/news/352557-microsoft-warns-problems-schannel-security-update-2.html . I update Windows regularly but don't find the questionable update among my listed updates. And my computer isn't a "server," just a desk-top home work-station running Win-7 Pro, 64-bit.

I've seen one "fix" involving "deleting ciphers:" Microsoft MS14-066: SChannel Security Update Fixes Vulnarabillity, Causes Instability | SensorsTechForum.com But I don't even know what that means, and I probably don't want to try it.

The phrase "Fatal alert" has a definite attention-focusing quality to it. But, I've had no crashes and no obvious performance problems (other than some startup issues that I hope to address in another thread).

Advice greatly appreciated. Many thanks, in advance.

(Log-files below, in case it might be useful.)

Log Name:      System
Source:        Microsoft-Windows-DistributedCOM
Date:          1/19/2015 7:06:44 AM
Event ID:      10010
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      AcerOne-05-2013
Description:
The server {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} did not register with DCOM within the required timeout.
Event Xml:
<Event xmlns="[URL]http://schemas.microsoft.com/win/2004/08/events/event[/URL]">
  <System>
    <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
    <EventID Qualifiers="49152">10010</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-19T15:06:44.000000000Z" />
    <EventRecordID>173166</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>AcerOne-05-2013</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}</Data>
  </EventData>
</Event>
____________________________________________________________________
 
Log Name:      System
Source:        Schannel
Date:          1/19/2015 2:05:50 PM
Event ID:      36887
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      AcerOne-05-2013
Description:
The following fatal alert was received: 40.
Event Xml:
<Event xmlns="[URL]http://schemas.microsoft.com/win/2004/08/events/event[/URL]">
  <System>
    <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
    <EventID>36887</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-19T22:05:50.991516100Z" />
    <EventRecordID>173273</EventRecordID>
    <Correlation />
    <Execution ProcessID="684" ThreadID="736" />
    <Channel>System</Channel>
    <Computer>AcerOne-05-2013</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="AlertDesc">40</Data>
  </EventData>
</Event>

 

[Tookeri]

The first one seem related to VSS - Volume Shadow Copy Service by a search on the ID, so it might affect restore points etc. Can't help more than that, sorry. But in case System Restore would fail if or when you need it sometime, you could be prepared with a System Image Backup using the excellent Macrium Reflect Free for example.

The Schannel errors I get too, but only on some HTTPS sites using Internet Explorer. I've confirmed it with other people using the same sites and they also get these errors when using IE. So I use Firefox mostly now. That's one solution

 

[Stimson]

Tookeri, thank you for the information. The Wikipedia article told me a lot more than I knew.

I regularly save restore-points and make system-images for backup. I have never received any errors in the process. It has been a while since I used system-restore, but it worked fine then. Unless there is some way to check, I guess I'll just have to assume those things are working for the moment.

One (more!) thing I don't understand, and maybe someone can educate me, it why the error refers to a "server" that did not registered. The computer in question is a stand-alone, not-networked machine. It is wire-connected to a router. Where is the "server" in this situation? (I admit my knowledge of "networks" and ''servers" is very limited.)

On the second error, I will start to keep my own log to see if the error is associated with any particular web sites. And I've been intending to set up Firefox -- will look into it further.)

Thanks much.

 

[Tookeri]

I've actually never thought about the term "server" that way. To me it could mean just "something" running on my system. But I tried to dig a little deeper:

The first error mentions DistributedCOM (or DCOM) which is usually not really used on home computers but more a feature for domain business networks. If that's the case then any errors for it wouldn't be critical either, just logically. This MS article explains a bit: https://technet.microsoft.com/en-us/library/cc771387.aspx

So why is it enabled? That's a good question and here's one attempt to an explanation: The Easy Answer to Do I Really Need DCOM? - Miss Virtual Reality
Here's one more aimed for XP: DCOM Windows XP - You Do Not Really Need It!

Now, I'm not saying you should go ahead and disable DCOM as mentioned in the articles. But with the information from these articles I assume it's safe to ignore errors about DCOM.

So to sum up, I don't think any of these fatal errors really are fatal

 

[Stimson]

Tookeri, thanks once again. Your research and thoughts are much appreciated.

Your linked articles mention DCOM as a possible entry point for worms, so that might be reason enough to disable if it's unneeded -- which seems likely in my case.

Sounds like I should consider the word "server" in a wider sense than I have been.

Cheers!

 

[Layback Bear]

Stimson your system specs don't show what security programs you have installed and use active.
Could you put that information in your My System Specs?

 

[Tookeri]

Your linked articles mention DCOM as a possible entry point for worms, so that might be reason enough to disable if it's unneeded -- which seems likely in my case.

It looks unneeded for most home users but difficult to say for sure if disabling it could cause problems. The Miss Virtual Reality link mentions VPN so maybe DCOM is required to use that, I don't know:

What are the risks involved with disabling DCOM?
This is perhaps the most pending question and one that even I had a hard time finding out the answer to. Without DCOM your computer basically cannot be remote accessed or connect to certain things that need lots of communication, such as VPNs. So most home users really do not need to worry about using DCOM, while business users might want to find out what they need to run as a vital part of work. Other than that, you won’t even miss it or notice it being gone.

 

[Stimson]

Layback: I Will update my specs. Thanks for bringing to my attention.

Tookeri: I try to be cautious -- if I have doubts, or if I can't see any big reason to make changes, I'm totally happy to leave things as they were. I'm just going to assume the DCOM error is a non-problem for now. (Seems like everytime I try to learn something new about how computers work, I discover three additional things I need to understand first!!) :sarc: