View Health Event Data Collected by Aternity

This section lists the health events (application, system, hardware) which Aternity monitors, to troubleshoot issues with one device or view common symptoms across multiple devices in your organization.

A system health event for a device is a significant problem at the level of the operating system which impacts on the device's overall health, like the entire system crashes, or BSODs.

You can view health events across your organization in the Device Health dashboard, or see the Troubleshoot Device to see the health events of a single device.

Examine health events in detail with the Device Health dashboard

You can also contact configure Aternity to send health alerts. Learn more.

Application Health Events

The following table is the list of health events associated with monitored applications.

Field Description Source
Crash (on Windows, Mac) or App Crashes (on mobile)

(Windows) Aternity registers an application crash with Windows Event Log ID 1000 (a process or DLL ends unexpectedly), event ID 1001 (.NET process ends unexpectedly), event ID 1002 (a user stops a Not Responding process), or event ID 1026 (.NET runtime error).

To resolve, note any error numbers, or check the logs of the application, then consult the support site of the application vendor.

(Macs) Aternity registers an application crash on Mac applications if the crash is entered in the system log.

(For monitored mobile apps only) The Aternity Mobile SDK reports a crash if the app issues an unhandled exception, or if it receives an abort signal from the operating system (Android or iOS). For every mobile app crash, Aternity collects the exception's code and type, and the app's stack trace, a summary of the crash information, and offers you to download the dump file if needed. It also collects any breadcrumbs leading up to the crash.

(Windows) Agent queries Windows Event Log

(Mac) The Aternity Agent for Mac queries the macOS system log.

(Mobile) The Aternity Mobile SDK receives a notification that the monitored app crashed.

Crash (After Hang)

(Windows) Event ID 1002 occurs when a user has manually forced an application's process to close after it stopped responding.

(Mac) Aternity uses the system log to determine when a user has manually forced an application's process to close after it stopped responding.

To resolve, note any common actions leading to the hang, then consult the support site of the application vendor.

(Windows) Agent queries Windows Event Log

(Mac) The Aternity Agent for Mac queries the macOS system log.

Crash (DotNet)

(Windows only) Windows event ID 1001 occurs when a .Net process or DLL ended unexpectedly.

To resolve, note any error numbers, or check the logs of the application, then consult the support site of the application vendor.

Agent queries Windows Event Log

DotNet Runtime Error

(Windows only) Windows event ID 1026 appears when a handled exception in .NET occurs.

You don't have to resolve. You may check the logs of the application to see which exception occurred.

Agent queries Windows Event Log

HTTP Errors / Web Errors

Web errors are errors experienced by applications which receive an error as a response to their HTTP request, like HTTP 40x errors (like Error 404 Page Not Found), and 50x errors (like unauthorized access messages).

(Windows) The Agent monitors web browsers to monitor the performance and errors in web applications.

The Aternity Mobile SDK monitors the app's HTTP network traffic.

System Health Events

The following table lists the health events associated with system-wide problems, at the Windows operating system level, on a single device.

Field Description Source
Low Disk Space

Aternity creates this event if the device's system disk has less than 5% free space, or less than 500MB available, which limits the size of virtual memory.

Low virtual memory significantly slows down performance, and causes applications to malfunction or crash with memory exception errors.

To resolve, free some more space on the hard disk (empty trash, remove unused applications and files) or increase its capacity.

Agent queries Windows API once a minute.

Low Memory Pagefaults

Aternity creates this event if a device uses more than 95% of its physical memory AND issued more than 1000 virtual memory accesses (hard page faults) per second.

High usage of virtual memory slows performance significantly, because using the hard disk instead of RAM is 1000 times slower than physical memory.

To resolve, increase the capacity of RAM on the device.

Agent queries Windows Performance Counters once a minute.

Since this status can continue for some time, it reports only one such event per day for each device.

Low Virtual Memory

Aternity creates this event if the device uses more than 90% of its virtual memory (hard disk) for more than three minutes.

Low virtual memory significantly slows down performance, and causes applications to malfunction or crash with memory exception errors.

To resolve, free some more space on the hard disk (empty trash, remove unused applications and files) or increase its capacity. In addition, increase the capacity of RAM on the device.

Agent queries Windows Performance Counters once every three minutes.

Since this status can continue for some time, it reports only one such event per day for each device.

Memory Allocation Failure / Nonpaged

Windows event ID 2019 is caused by a memory leak. It has the description The server was unable to allocate from the system non-paged pool because the pool was empty. For details and a resolution, search this error ID in Microsoft's support site.

Agent queries Windows Event Log

Memory Allocation Failure / Paged

Windows event ID 2020 has the description The server was unable to allocate from the system paged pool because the pool was empty. For details and a resolution, search this error ID in Microsoft's support site.

Agent queries Windows Event Log

Network Interface Long Queue

Aternity creates this event if a device's network connection has a queue of more than two data items waiting to be sent. Network jams often result in slower performance.

If this remains consistently high, it could point to a hardware problem with the NIC (network interface card) or other networking component.

To resolve, consider updating the component's driver, or find the cause of high loads on specific servers. Also consider checking the component's driver settings, verifying that the Windows Receive Side Scaling (RSS) option is enabled.

Agent queries Windows Performance Counters once every five minutes.

Since this status can continue for some time, it reports only one such event per day for each device.

Network Interface Saturation

Aternity creates this event if a device's network interface card (NIC) is using more than 75% of its bandwidth capacity.

As a NIC reaches saturation, it starts to lose network packets, resulting in performance drops.

If saturation persists over several days, add a faster network card or consider segmenting the network, or scheduling the high bandwidth activities to off-peak hours. For example, you can optimize traffic by scheduling backups or virus checks at night.

Agent queries Windows API to check all the device's NICs once every five minutes.

Since this status can continue for some time, it reports only one such event per day for each device.

Overheat Related Shutdown

Windows event ID 86 occurs when the system shuts down due to overheating. The system was shut down due to a critical thermal event.

This event is a call for action. It indicates a problem with a hardware component, often when the CPU overheats if its heat sink is covered in dust and cannot dissipate heat, or if the fan is faulty, or something preventing air flow circulation.

Turn off your computer and check the hardware. Clean the heat sinks, and make sure that air circulates properly.

Agent queries Windows Event Log

Printing Error / Bad Security Descriptor

Windows event ID 366 occurs when the print queue security settings are not configured correctly.

Try restarting the print spooler. For details and a resolution, search this error ID in Microsoft's support site.

Agent queries Windows Event Log

Printing Error / Init Failed

Windows event ID 354 indicates the printing operation failed to initialize, due to low system resources on the device. For details and a resolution, search this error ID in Microsoft's support site.

Agent queries Windows Event Log

Printing Error / No Driver Found

Windows event ID 319 occurs when the printer could not initialize.

This typically occurs when the system did not find a suitable driver.

To resolve, install a compatible printer driver. For details and a resolution, search this error ID in Microsoft's support site.

Agent queries Windows Event Log

Printing Error / Package Regeneration Failed

Windows event ID 73 occurs when the print spooler failed to regenerate the printer driver information. This can occur after a system upgrade or a disk corruption.

If this issue persists, it indicates low system resources (CPU, disk I/O or memory resources).

To resolve, investigate the Top Processes section in the Troubleshoot Device dashboard.

Agent queries Windows Event Log

Printing Error / Port Init Error

Windows event ID 66 occurs when the printer failed to initialize its ports.

The error message states, This error usually occurs because of a problem with the port monitor. Try recreating the port using a standard TCP/IP printer port, if possible. This problem does not affect other printers.

Agent queries Windows Event Log

Printing Error / Print Failed

Windows event ID 372 occurs when a document failed to print.

Try printing again or restart the print spooler.

Agent queries Windows Event Log

Printing Error / Spooler Creation Failed

Windows event ID 363 occurs when the print spooler failed to start.

If this issue persists, it indicates low system resources (CPU, disk I/O or memory resources).

To resolve, investigate the Top Processes section in the Troubleshoot Device dashboard.

Agent queries Windows Event Log

Printing Error / Spooler Out of Resources

Windows event ID 373 occurs when a component of the spooler has too many open Graphical Device Interface (GDI) objects.

As a result, some enhanced metafile (EMF) print jobs might not print.

To resolve, restart the spooler.

Agent queries Windows Event Log

Printing Error / Spooler Shutdown

Windows event ID 99 occurs when the print spooler encountered a fatal error while executing a critical operation and must immediately shut down.

To resolve, restart the print spooler service from Windows Services, or open the command prompt and typing net start spooler.

Agent queries Windows Event Log

System Crash

(Windows) Aternity reports a system crash when Windows created a memory dump file as the result of a BSOD. Aternity analyzes the Windows dump and attempts to extract the following data:

  • The likely name of Windows process which caused the crash.

  • The module or driver which caused the issue, including the name, start address, and offset.

  • The event, which contains Microsoft's error codes ('bug check codes').

(Macs) Aternity reports a system crash when it detected a kernel panic from the macOS system logs.

This could be caused by a corrupted or mismatched driver, hardware fault, or virus. To troubleshoot, view the details of the event and troubleshoot the name of the process or module and its codes.

(Windows) Agent queries Windows API

(Mac) The Aternity Agent for Mac queries the macOS system log.

Unexpected Shutdown

(Windows) Event ID 6008 indicates an unexpected shutdown.

(Mac) Aternity reports an unexpected shutdown when reported in the macOS system logs.

This can be due to a hardware failure (like a power cut, or excessive heat) or a firmware or driver fault, or when a program forces the device to shut down while the computer is locked and password-protected.

To troubleshoot, check the Event Viewer for critical errors which might correlate with the shutdown. For example, if you see a disk controller error (Event ID 11), you can run check disk (chkdsk), or check each disk with the S.M.A.R.T utility.

Agent queries Windows Event Log

(Mac) The Aternity Agent for Mac queries the macOS system log.

WiFi Disconnect

(On WIndows devices with Agent 9.2 or later) Aternity reports whenever a device unexpectedly stops receiving the signal from a WiFi network, and suddenly disconnects.

This only reports unexpected disconnects, NOT through a user action like switching to airplane mode or putting it in sleep mode.

(Windows) Agent queries Windows API.

Windows Update Failure

Windows event ID 20 occurs when the process for updating Windows failed.

This can happen when installing a corrupt update, or if a previous update is missing, or if you install an update before a required reboot, or with a poor network connection, or if the user does not have the required permissions to install the update, and so on.

To resolve, restart the device and then install the updates manually. In addition, try to perform a system restore to revert to the state before the failed updates, or use the Windows Update troubleshooter to diagnose and fix the update problems.

Agent queries Windows Event Log

Note

By default, a virtual session only reports data to Aternity while a user is logged in to Windows, and stops when a user logs out. Aternity does not report boot times for virtual sessions.

Hardware Health Events

The following table lists the health events directly related to a hardware problem on a Windows device.

Field Description Source
Battery Wear

(Windows laptops only) Aternity checks the device to see if the overall capacity of the battery drops below a threshold (default is 50%), compared with its factory settings as designed by the battery vendor.

This indicates that a full battery charge drains much faster than it should.

To resolve, replace the battery.

Agent queries Windows API once a day to obtain the battery's Designed Capacity versus its Current Capacity Value.

Corrupted FS

This event occurs when the system disk contains damaged or corrupted files, which may cause Windows crashes and data loss.

This could happen, for example, after a power cut, or after a hardware change.

To resolve, run the System File Checker to restore corrupted files, or rescue its data by connecting the system disk as a slave drive to another device. If the disk is physically damaged, use third party data rescue services.

Agent queries Windows Event Log once a minute.

Since Windows can generate a flood of events for a problem like this, it reports only up to two events for each device per minute.

Faulty HD S.M.A.R.T status

Aternity checks if the device's self-monitoring hard disk (SMART disk) generated an error.

S.M.A.R.T drives (Self-Monitoring, Analysis, and Reporting Technology) check their own reliability and give advanced warnings if they start to fail. These warnings could predict complete failure, or something less significant, like the inability to write to a sector, or slower performance.

To resolve, backup your data as soon as possible and determine whether you should replace the drive.

Agent queries Windows API once per minute.

Since this status can continue for some time, it reports only one such event per day for each device.

HD Bad Blocks

Windows event ID 7 occurs when it detects a corrupted block of data on the hard disk. A few bad sectors do not indicate the drive is about to fail, but if many bad sectors develop, the drive needs attention.

There are two types of HD bad sectors:

  • Hard bad sectors are caused by physical damage, and cannot be repaired. To resolve, backup your data as soon as possible and replace the drive.

  • Soft bad sectors are logical, where clusters of data are corrupted, for example, when there was a power cut while writing to a sector. To resolve, use the Windows Disk Check tool, or format the disk.

Agent queries Windows Event Log

HD Failure

Windows event ID 52 occurs when it detects an imminent failure of the hard disk.

This event is a call for immediate action. Back up your data immediately. Then run a scanning tool to detect problems. For example, if a hard drive's temperature is too high, turn off you computer and disconnect the power for that hard disk until you replace it.

Agent queries Windows Event Log

Note

By default, a virtual session only reports data to Aternity while a user is logged in to Windows, and stops when a user logs out. Aternity does not report boot times for virtual sessions.