Hello
It seems you are experiencing a common issue with Event ID 521, which indicates that the system is unable to log events to the security log due to a status code of 0x80000005. This can be caused by the security log buffer being written to faster than it can be flushed to disk, leading to a backlog of events that cannot be processed in time.
Suggested solution for the Event ID 521 issue is to adjust the BufferSize and MaximumBuffers in the registry to accommodate the volume of audit events. If the problem persists, it's recommended to identify and address any I/O bottlenecks or reduce the number of events being logged.
[windows - Event ID 521 - Critical Logging Failure on Domain Controllers - Server Fault](https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fserverfault.com%2Fquestions%2F740281%2Fevent-id-521-critical-logging-failure-on-domain-controllers&data=05%7C02%7Cwesleyl%40wicresoft.com%7C7add48bf28c2449a845608dc7ffb0cc6%7Cb2ae8dd9097749768706861b488b1512%7C0%7C0%7C638525963477236010%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=f3ripHUlqW69JkLX%2FqR621dPaT4t0ZgNEJZ603e9jAo%3D&reserved=0"原始 URL: https://serverfault.com/questions/740281/event-id-521-critical-logging-failure-on-domain-controllers。如果你信任此链接, 请单击或点击。")
Adding more Domain Controllers could help distribute the load and reduce the number of audit logs generated on each DC. However, before proceeding with this, you might want to consider the registry adjustments and check for any I/O issues as mentioned in the web resources. It's also worth reviewing your current audit policies to ensure they are not overly broad, which could lead to an excessive number of events being logged.