Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions


Posted on 2014-10-20
Last Modified: 2014-10-22
Hello, I am getting regular event ID 1309's in my SBS2011 server. When I take a close look at the log details, I notice that it references a server that is no longer active on the network. This is a server that was decommissioned a while back and was the primary AD and Exchange server. It was taken offline and migrated to the new server.

I've included an image of where it is referencing the old server. Does anyone have any ideas on where that is coming from and how to remove it? I'm guessing it's timing out because it's trying to access a server that doesn't exist anymore..

evend ID 1309

Thanks in advance
Question by:ChiIT
  • 3
  • 2
LVL 33

Expert Comment

ID: 40393192
Check group policy for any WSUS settings.  You might find the root cause there.


Author Comment

ID: 40393275
I think you are correct. I did find references to it in there. I'm going to wait overnight and if they go away I'll mark it as closed. Thank you
LVL 33

Expert Comment

ID: 40393278
Not a problem.


Author Comment

ID: 40393493
The decommissioned server is now not getting that error, but a currently active server is.
I have looked through group policy and as far as I can tell I've actually disabled all wsus references. The error is occurring every 10 minutes, or so..

 event ID
LVL 33

Accepted Solution

it_saige earned 500 total points
ID: 40393560
If you are not using WSUS, then you need to remove the WSUS registry entries from your current active server in order to stop these event log entries.

Stop-Service wuauserv
Remove-Item -Path 'HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\*' -recurse -force
Start-Service wuauserv

Open in new window


Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Latest thoughts on C# utilizing Mono on Linux vs .NET on Windows? 5 62
IIS FTP Logging 10 39
exporting html table data 4 27
Please explain purpose of GZIP 4 34
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question