View Health Events Collected by Aternity

This section lists the health events (application, system, health) which are monitored by Aternity, to help you troubleshoot issues with specific devices, or view common symptoms on multiple devices in your organization.

A system health event for a device is a significant problem at the level of the operating system which impacts on the device's overall health, like the entire system crashes, or BSODs.

Application Health Events

The following table is the list of health events associated with monitored applications.

Field Description Source
Application Crash (on Windows) or Crash Occurred (on mobile)

(Windows) Aternity registers an application crash with Windows Event Log ID 1000 (a process or DLL ends unexpectedly), event ID 1001 (.NET process ends unexpectedly), event ID 1002 (a user stops a Not Responding process), or event ID 1026 (.NET runtime error).

To resolve, note any error numbers, or check the logs of the application, then consult the support site of the application vendor.

(Monitored mobile apps only) The Aternity Mobile SDK reports a crash if the app issues an unhandled exception, or if it receives an abort signal from the operating system (Android or iOS).

For every mobile app crash, Aternity collects the exception's code and type, and the app's stack trace, a summary of the crash information, and offers you to download the dump file if needed. It also collects any breadcrumbs leading up to the crash.

(Windows) The Agent queries Windows Event Log

(Mobile) The Aternity Mobile SDK receives a notification that the monitored app crashed.

Application Closed After Hang

(Windows only) Windows event ID 1002 occurs when a user has manually forced an application's process to close after it stopped responding.

To resolve, note any common actions leading to the hang, then consult the support site of the application vendor.

The Agent queries Windows Event Log

DotNet Process Crash

(Windows only) Windows event ID 1001 occurs when a .Net process or DLL ended unexpectedly.

To resolve, note any error numbers, or check the logs of the application, then consult the support site of the application vendor.

The Agent queries Windows Event Log

DotNet Runtime Error

(Windows only) Windows event ID 1026 appears when a handled exception in .Net occurs.

You don't have to resolve. You may check the logs of the application to see which exception occurred.

The Agent queries Windows Event Log

Error Occurred

(Monitored mobile apps only) When a monitored mobile app running on iOS 9.x or earlier reports an error (not warning) to the system log, Aternity collects it, along with the text of the error message and its severity level.

Note

If your iOS app sends debug and error messages using the NSLog function, they appear in the Apple System Log (ASL) as a warning (not error), so by default Aternity does not capture these messages. You can configure the Aternity Mobile SDK to also collect warnings if required.

Aternity monitors all errors from your iOS app in the Apple System Log (ASL), while for Android, it checks errors reported using the android.util.Log class and monitored using the logcat tool.

Web Errors

(Web applications only) Web errors are errors experienced by applications which receive an error as a response to their HTTP request, like HTTP 40x errors (like Error 404 Page Not Found), and 50x errors (like unauthorized access messages).

(Monitored mobile apps only) The Aternity Mobile SDK reports the HTTP errors and low-level TCP errors when a monitored app uses HTTP traffic.

(Windows) The Agent monitors web browsers to monitor the performance and errors in web applications.

(Mobile) The Aternity Mobile SDK monitors the app's HTTP network traffic.

System Health Events

The following table lists the health events associated with system-wide problems, at the Windows operating system level, on a single device.

Field Description Source
Low Disk Space

Aternity creates this event if the device's system disk has less than 5% free space, or less than 500MB available, which limits the size of virtual memory.

Low virtual memory significantly slows down performance, and causes applications to malfunction or crash with memory exception errors.

To resolve, free some more space on the hard disk (empty trash, remove unused applications and files) or increase its capacity.

The Agent queries Windows API once a minute.

Low Memory Pagefaults

Aternity creates this event if a device uses more than 95% of its physical memory and issued more than 1000 virtual memory accesses (page faults) per second.

High usage of virtual memory slows performance significantly, because using the hard disk instead of RAM is 1000 times slower than physical memory.

To resolve, increase the capacity of RAM on the device.

The Agent queries Windows Performance Counters once a minute.

Since this status can continue for some time, it reports only one such event per day for each device.

Low Virtual Memory

Aternity creates this event if the device uses more than 90% of its virtual memory for more than three minutes.

Low virtual memory significantly slows down performance, and causes applications to malfunction or crash with memory exception errors.

To resolve, free some more space on the hard disk (empty trash, remove unused applications and files) or increase its capacity. In addition, increase the capacity of RAM on the device.

The Agent queries Windows Performance Counters once every three minutes.

Since this status can continue for some time, it reports only one such event per day for each device.

Memory Allocation Failure / Nonpaged

Windows event ID 2019 is caused by a memory leak. It has the description "The server was unable to allocate from the system non-paged pool because the pool was empty." For details and a resolution, search this error ID in Microsoft's support site.

The Agent queries Windows Event Log

Memory Allocation Failure / Paged

Windows event ID 2020 has the description "The server was unable to allocate from the system paged pool because the pool was empty." For details and a resolution, search this error ID in Microsoft's support site.

The Agent queries Windows Event Log

Network Interface Long Queue

Aternity creates this event if a device's network connection has a queue of more than two data items waiting to be sent. Network jams often result in slower performance.

If this remains consistently high, it could point to a hardware problem with the NIC (network interface card) or other networking component.

To resolve, consider updating the component's driver, or find the cause of high loads on specific servers. Also consider checking the component's driver settings, verifying that the Windows Receive Side Scaling (RSS) option is enabled.

The Agent queries Windows Performance Counters once every five minutes.

Since this status can continue for some time, it reports only one such event per day for each device.

Network Interface Saturation

Aternity creates this event if a device's network interface card (NIC) is using more than 75% of its bandwidth capacity.

As a NIC reaches saturation, it starts to lose network packets, resulting in performance drops.

If saturation is frequent, add a faster network card or consider segmenting the network, or scheduling the high bandwidth activities to off-peak hours. For example, you can optimize traffic by scheduling backups or virus checks at night.

The Agent queries Windows API to check all the device's NICs once every five minutes.

Since this status can continue for some time, it reports only one such event per day for each device.

Overheat Related Shutdown

Windows event ID 86 occurs when the system shuts down due to overheating. "The system was shut down due to a critical thermal event."

This event is a call for action. It indicates a problem with a hardware component, often when the CPU overheats if its heat sink is covered in dust and cannot dissipate heat, or if the fan is faulty, or something preventing air flow circulation.

Turn off your computer and check the hardware. Clean the heat sinks, and make sure that air circulates properly.

The Agent queries Windows Event Log

Printing Error / Bad Security Descriptor

Windows event ID 366 occurs when the print queue security settings are not configured correctly.

Try restarting the print spooler. For details and a resolution, search this error ID in Microsoft's support site.

The Agent queries Windows Event Log

Printing Error / Init Failed

Windows event ID 354 indicates the printing operation failed to initialize, due to low system resources on the device. For details and a resolution, search this error ID in Microsoft's support site.

The Agent queries Windows Event Log

Printing Error / No Driver Found

Windows event ID 319 occurs when the printer could not initialize.

This typically occurs when the system did not find a suitable driver.

To resolve, install a compatible printer driver. For details and a resolution, search this error ID in Microsoft's support site.

The Agent queries Windows Event Log

Printing Error / Package Regeneration Failed

Windows event ID 73 occurs when the print spooler failed to regenerate the printer driver information. This can occur after a system upgrade or a disk corruption.

If this issue persists, it indicates low system resources (CPU, disk I/O or memory resources).

To resolve, investigate the Top Processes section in the Troubleshoot Device dashboard.

The Agent queries Windows Event Log

Printing Error / Port Init Error

Windows event ID 66 occurs when the printer failed to initialize its ports.

The error message states, "This error usually occurs because of a problem with the port monitor. Try recreating the port using a standard TCP/IP printer port, if possible. This problem does not affect other printers."

The Agent queries Windows Event Log

Printing Error / Print Failed

Windows event ID 372 occurs when a document failed to print.

Try printing again or restart the print spooler.

The Agent queries Windows Event Log

Printing Error / Spooler Creation Failed

Windows event ID 363 occurs when the print spooler failed to start.

If this issue persists, it indicates low system resources (CPU, disk I/O or memory resources).

To resolve, investigate the Top Processes section in the Troubleshoot Device dashboard.

The Agent queries Windows Event Log

Printing Error / Spooler Out of Resources

Windows event ID 373 occurs when a component of the spooler has too many open Graphical Device Interface (GDI) objects.

As a result, some enhanced metafile (EMF) print jobs might not print.

To resolve, restart the spooler.

The Agent queries Windows Event Log

Printing Error / Spooler Shutdown

Windows event ID 99 occurs when the print spooler encountered a fatal error while executing a critical operation and must immediately shut down.

To resolve, restart the print spooler service from Windows Services, or open the command prompt and typing net start spooler.

The Agent queries Windows Event Log

System Crash

Aternity creates this event if the operating system crashed and created a dump file, which is a snapshot of the device's state at that time.

There may be a problem with the device drivers, or with hardware, or the device may suffer from a virus.

To troubleshoot, save the dump files and use debugging tools, like those from Microsoft, to analyze the crash data.

The Agent queries Windows API

Unexpected Shutdown

Windows event ID 6008 occurs when it detects an unexpected shutdown.

This could happen because of a hardware failure (like excessive heat) or because of a firmware / driver / security / software fault. It could also occur when a program forces Windows to shut down while the computer is locked and password-protected.

To troubleshoot, check the Windows Event Viewer for critical errors which might correlate with the shutdown. For example, if you see a disk controller error (Event ID 11), you can run the check disk (CHKDSK) command, or check each disk with the S.M.A.R.T utility.

The Agent queries Windows Event Log

Windows Update Failure

Windows event ID 20 occurs when the process for updating Windows failed.

This can happen when installing a corrupt update, or if a previous update is missing, or if you install an update before a required reboot, or with a poor network connection, or if the user does not have the required permissions to install the update, and so on.

To resolve, restart the device and then install the updates manually. In addition, try to perform a system restore to revert to the state before the failed updates, or use the Windows Update troubleshooter to diagnose and fix the update problems.

The Agent queries Windows Event Log

Hardware Health Events

The following table lists the health events directly related to a hardware problem on a Windows device.

Field Description Source
Battery Wear

(Windows laptops only) Aternity checks the device to see if the overall capacity of the battery drops below a threshold (default is 50%).

This indicates that a full battery charge drains much faster than it should.

To resolve, replace the battery.

The Agent queries Windows API once a day.

Corrupted FS

This event occurs when the system disk contains damaged or corrupted files, which may cause Windows crashes and data loss.

This could happen, for example, after a power cut, or after a hardware change.

To resolve, run the System File Checker to restore corrupted files, or rescue its data by connecting the system disk as a slave drive to another device. If the disk is physically damaged, use third party data rescue services.

The Agent queries Windows Event Log once a minute.

Since Windows can generate a flood of events for a problem like this, it reports only up to two events for each device per minute.

Faulty HD S.M.A.R.T status

Aternity checks if the device's self-monitoring hard disk (SMART disk) generated an error.

S.M.A.R.T drives (Self-Monitoring, Analysis, and Reporting Technology) check their own reliability and give advanced warnings if they start to fail. These warnings could predict complete failure, or something less significant, like the inability to write to a sector, or slower performance.

To resolve, backup your data as soon as possible and determine whether you should replace the drive.

The Agent queries Windows API once per minute.

Since this status can continue for some time, it reports only one such event per day for each device.

HD Bad Blocks

Windows event ID 7 occurs when it detects a corrupted block of data on the hard disk. A few bad sectors do not indicate the drive is about to fail, but if many bad sectors develop, the drive needs attention.

There are two types of HD bad sectors:

  • Hard bad sectors are caused by physical damage, and cannot be repaired. To resolve, backup your data as soon as possible and replace the drive.

  • Soft bad sectors are logical, where clusters of data are corrupted, for example, when there was a power cut while writing to a sector. To resolve, use the Windows Disk Check tool, or format the disk.

The Agent queries Windows Event Log

HD Failure

Windows event ID 52 occurs when it detects an imminent failure of the hard disk.

This event is a call for immediate action. Back up your data immediately. Then run a scanning tool to detect problems. For example, if a hard drive's temperature is too high, turn off you computer and disconnect the power for that hard disk until you replace it.

The Agent queries Windows Event Log