649 questions
We haven't, no.
Windows Server 2019 and 2022 Security Event 521 Issues
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
Windows Server 2019 and 2022 Security Event 521 Issues - We get this error in the security logs on all domain controllers, but the most events happen on the primary domain controller. We've increased the event log buffers to the max, no help. We have added the AutoBackup entries for the logs per forums, we've disabled third party agents on the servers, and the issue remains. We've used process monitor to try to align issues with processes, and we're not really connecting any dots.
We still don't know whether it's a buffer overflow condition, or, a permissions issue. Given all the steps that we've tried, we're leaning permissions but we can't be quite sure just yet.
Windows Server Identity and access Active Directory
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.
{count} votes
29 answers
Sort by: Most helpful
-
Anonymous
2024-02-26T17:46:15+00:00 -
Anonymous
2024-06-07T05:00:19+00:00 Hello Jamie,
I managed to solve this problem by opening Event Viewer -> Right-click on "Security" log -> "Clear log".
This creates new Security.evtx file and server is able to write in it again. I don't know what was blocking writing into this file before, all required permissions were in place.
-
Anonymous
2024-06-07T12:55:38+00:00 Hello Jamie,
I managed to solve this problem by opening Event Viewer -> Right-click on "Security" log -> "Clear log".
This creates new Security.evtx file and server is able to write in it again. I don't know what was blocking writing into this file before, all required permissions were in place.
Thank you for the tip! I believe we have done that as well... to no avail. But I bet this would work for some...
-
Anonymous
2024-08-07T10:59:10+00:00 Experiencing the same on one of our AD domains.
Event 521
Unable to log events to security log:
Status code: 0x80000005
Value of CrashOnAuditFail: 0
Number of failed audits: 1
-
Anonymous
2024-08-07T12:51:15+00:00 Experiencing the same on one of our AD domains.
Event 521
Unable to log events to security log:
Status code: 0x80000005
Value of CrashOnAuditFail: 0
Number of failed audits: 1
Oh, just one? We have it happening on all of our DCs. Each DC produces a different amount of alerts in the same time period though. Do you have Azure Threat Protection or any other third party apps on your server that's generating the 521's? Or is it a newer/different OS than your other DCs, if you have more than one?