| Event Id | 12291 |
| Source | Groveler |
| Description | USN log read failure on partition drive letter |
| Event Information | This event may logged in along with ESENT event 0.Check for the details of Event ID 0 from the source "ESENT". CAUSE : This behavior can occur if the Single Instance Storage (SIS) Groveler service is running, but can no longer read the database file on the volume that it is supposed to manage. When the SIS Groveler service starts, it searches for volumes to manage by looking for a root folder named SIS Common Store. The SIS service is part of the Remote Installation Service (RIS) installation and manages volumes that contain operating system images. The SIS service reduces the disk space consumed by these images by storing duplicate files in the SIS Common Store folder. There are two situations in which the applications events listed above can occur: If a volume is managed by the SIS service and is suddenly reformatted, or becomes damaged. If you move a volume that contains Remote Installation images (a volume that contains a SIS Common Store folder) from one computer to an existing computer running the RIS service and then suddenly format that volume. NOTE: This can occur if you use the /X switch with the FORMAT command to force a volume dismount before formatting. RESOLUTION : To resolve this issue, use the appropriate method: On a computer that is no longer going to run the RIS service, remove the service with the Add/Remove Programs tool in Control Panel before formatting the volume. This also removes the SIS service and prevents the event messages from occurring. Have the Groveler service reinstate your volumes by stopping and starting the Single Instance Storage Groveler service. You can do this either in the Computer Management snap-in, or by typing the following lines at a command prompt: net stop "Single Instance Storage Groveler" net start "Single Instance Storage Groveler" |
| Reference Links | More Information |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.