Event Id | 4199 |
Source | COM+ |
Description | The COM+ Services DLL (comsvcs.dll) was unable to load because allocation of thread local storage failed. Process Name: ReadEventLog.exe Error Code = 0x80070008 : Not enough storage is available to process this command. COM+ Services Internals Information: File: .\comsvcs.cpp, Line: 289 |
Event Information | According to Microsoft: CAUSE: A combination of two problems causes this issue: 1. The EventLogEntry class incorrectly loads the event log entry message file DLL as an executable module instead of as a data file. 2. A TLS index leak occurs when loadlibrary is called against the DLL (Comsvcs.dll, in this case). This Comsvcs.dll leak occurs only on computers running Microsoft Windows 2000. A fix for this problem is available in COM+ Rollup 27. Note Other DLLs may also experience the same TLS index leak behavior (the small computer system interface (SCSI) device driver for Tivoli Storage Manager (Adsmscsi.sys) is a known file that experiences this behavior). When a different DLL experiences this problem, the same 4199 event log entry appears. However, the entry has a different Event Source and Description. RESOLUTION: The following hotfix is for the System.Diagnostics.EventLogEntry class in the .NET Framework. A supported fix is now available from Microsoft, but it is only intended to correct the problem described in this article. Only apply it to systems that are experiencing this specific problem. This fix may receive additional testing to further ensure product quality. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next Microsoft .NET Framework Service Pack that contains this fix. |
Reference Links | FIX: EventLogEntry Class May Cause Leaks in Thread Local Storage and Event ID 4199 Event Log Entries |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.