Frequently, the Device Manager error code helps determine what created the unknown device. For example, if your computer generates a "Bad or missing device driver" error message, three types of entries may be listed under Problem Devices , depending on the device type:. View the Setupapi. By default, the Setupapi. Sometimes the listed device name can be misleading. For example, a device may be listed as a serial device in Device Manager, when in reality it is not related to a serial port.
This typically occurs when a partial Plug and Play ID is available, and Device Manager interprets it as a serial device. This interpretation may occur because of a compatible ID specified by the device. Again, this can be corrected by locating the startup program that may not be behaving correctly.
Be aware that merely removing the unknown device in Device Manager does not work if a software program is the cause of the unknown device. You must remove the program and then restart your computer.
If the unknown device is still listed in Device Manager after you restart your computer in safe mode, contact Microsoft Customer Support Services for help in removing the device. Remove hardware devices from your computer Remove hardware devices one at a time until the unknown device is no longer listed in Device Manager. Be aware that this method may be time-consuming and is not always reliable. Determine whether the device driver is digitally signed When you install a device driver, and Windows detects that it is not digitally signed, you may receive a warning message and the option to cancel or continue the installation This message is displayed only if your computer is configured to display a warning message whenever an installation program tries to install a device driver without a digital signature.
Note A device driver that is digitally signed can still be listed as an unknown device in Device Manager. For more information about driver signing for Windows, visit the following Microsoft Web site:. You can block the installation of device drivers that do not contain a digital signature. Use this approach when you want to prevent any deliberate attempts to destabilize the computer. To do this, follow these steps:. Click Start , click Run , type control sysdm.
Under Drivers , click Driver Signing , and then click Block - Never install unsigned driver software. To view a list of device drivers installed on your computer that are not digitally signed, use either of the following methods:. Error 0xef: The third-party INF does not contain digital signature information. Use the File Signature Verification tool The File Signature Verification tool lists all the unsigned drivers that are installed on your computer.
It creates a Sigverif. Use any text editor for example, Notepad to view the file. To use the File Signature Verification tool to display a list of drivers that are not digitally signed, follow these steps:. Click Start , click Run , type sigverif, and then click OK. Click Advanced , click the Search tab, and then click Look for other files that are not digitally signed. Click to select the Include subfolders check box, and then click Browse.
Review the list, and then contact the driver manufacturer for information about how to obtain an updated driver that is digitally signed. USB devices that are based on earlier versions of the USB specification may create ghost devices that appear when the device is connected, and then disappear when the device is disconnected. Also, the device may work fine, but may create a disassociated unknown device.
This is typically caused by firmware that is either outdated or configured incorrectly. In this case, contact the device manufacturer for updated firmware.
A ghosted device can appear if you manually install a driver for a Plug and Play device that the computer has already detected and installed. Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits. A notification package has been loaded by the Security Account Manager. Invalid use of LPC port. The system time was changed. A monitored security event pattern has occurred. Administrator recovered system from CrashOnAuditFail.
A security package has been loaded by the Local Security Authority. An account was successfully logged on. An account failed to log on. Group membership information. An account was logged off. IKE DoS-prevention mode started. User initiated logoff. A logon was attempted using explicit credentials.
A replay attack was detected. An IPsec Main Mode security association was established. An IPsec Main Mode negotiation failed. An IPsec Quick Mode negotiation failed.
An IPsec Main Mode security association ended. A handle to an object was requested. A registry value was modified. The handle to an object was closed. A handle to an object was requested with intent to delete. An object was deleted. An operation was performed on an object. An attempt was made to access an object. An attempt was made to create a hard link. An attempt was made to create an application client context. An application attempted an operation. An application client context was deleted.
An application was initialized. Permissions on an object were changed. An application attempted to access a blocked ordinal through the TBS. Special privileges assigned to new logon. A privileged service was called. An operation was attempted on a privileged object.
SIDs were filtered. A new process has been created. A process has exited. An attempt was made to duplicate a handle to an object. Indirect access to an object was requested. Backup of data protection master key was attempted.
Recovery of data protection master key was attempted. Protection of auditable protected data was attempted. Unprotection of auditable protected data was attempted. A primary token was assigned to process.
A service was installed in the system. A scheduled task was created. A scheduled task was deleted. A scheduled task was enabled. A scheduled task was disabled. A scheduled task was updated. A token right was adjusted. A user right was assigned. A user right was removed. A new trust was created to a domain.
A trust to a domain was removed. IPsec Services was started. IPsec Services was disabled. IPsec Services encountered a potentially serious failure.
Kerberos policy was changed. Encrypted data recovery policy was changed. The audit policy SACL on an object was changed. Trusted domain information was modified. System security access was granted to an account. System security access was removed from an account. System audit policy was changed. A user account was created. A user account was enabled. An attempt was made to change an account's password. An attempt was made to reset an accounts password. A user account was disabled.
A user account was deleted. A security-enabled global group was created. A member was added to a security-enabled global group. A member was removed from a security-enabled global group. A security-enabled global group was deleted. A security-enabled local group was created.
A member was added to a security-enabled local group. A member was removed from a security-enabled local group. A security-enabled local group was deleted. A security-enabled local group was changed. A security-enabled global group was changed. A user account was changed. Domain Policy was changed. A user account was locked out. A computer account was created.
A computer account was changed. A computer account was deleted. A security-disabled local group was created. A security-disabled local group was changed. A member was added to a security-disabled local group. A member was removed from a security-disabled local group. A security-disabled local group was deleted. A security-disabled global group was created.
A security-disabled global group was changed. A member was added to a security-disabled global group. A member was removed from a security-disabled global group. A security-disabled global group was deleted. A security-enabled universal group was created. A security-enabled universal group was changed. A member was added to a security-enabled universal group. A member was removed from a security-enabled universal group.
A security-enabled universal group was deleted. A security-disabled universal group was created. A security-disabled universal group was changed. A member was added to a security-disabled universal group. A member was removed from a security-disabled universal group. A security-disabled universal group was deleted.
A groups type was changed. SID History was added to an account. An attempt to add SID History to an account failed. A user account was unlocked. A Kerberos authentication ticket TGT was requested. A Kerberos service ticket was requested. A Kerberos service ticket was renewed. Kerberos pre-authentication failed. A Kerberos authentication ticket request failed. A Kerberos service ticket request failed.
An account was mapped for logon. An account could not be mapped for logon. The domain controller attempted to validate the credentials for an account.
The domain controller failed to validate the credentials for an account. A session was reconnected to a Window Station. A session was disconnected from a Window Station. The ACL was set on accounts which are members of administrators groups. The name of an account was changed. The password hash an account was accessed. A basic application group was created. A basic application group was changed. A member was added to a basic application group.
A member was removed from a basic application group. A non-member was added to a basic application group. Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services. Privacy policy. Event ID 51 may occur when you write information to the physical disk.
This article describes how to decode the data section of an Event ID 51 event message. When you write information to the physical disk, the following event message may be logged in the System log:.
If a generic error occurs when your computer pages information to or from the disk, an Event ID 51 event message is logged. In a paging operation, the operating system either swaps a page of memory from memory to disk, or retrieves a page of memory from disk to memory. It's part of the memory management of Windows. In this case, no harmful effects are experienced. The system logs the event even though the disc is writable, and the USB device is still usable.
In these particular cases, you can safely ignore the log entries. No action is required. As a result, the displayed hard disk number, or the device object name itself may be incorrect. Because a large amount of information is stored in the data section, the space that's available for the DeviceName is reduced.
In this case, you can find the appropriate device by looking at the destination disk data that's stored in the data section. For more information, see Decode the data section of an Event ID 51 event message. On Windows Vista and later versions, the event log entry size has been increased, and DeviceName isn't truncated.
Consider the following information when you review the data section of an Event ID 51 event message.
0コメント