Microsoft-Windows-Security-Auditing Event#1108 Errors?


pietcorus2

Well-known member
Member
VIP
Local time
3:16 AM
Posts
286
Location
Netherlands
OS
Windows11 Pro
" Apparently, DEV 25201 and up has fixed the issue. Will look to see. "................did you found a solution , which we can use in 22H2...................?
 

My Computer

System One

  • OS
    Windows11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    i7
    Motherboard
    z97k
    Memory
    32GB
    Graphics Card(s)
    nVidia
    Sound Card
    Realtek
    Hard Drives
    3
    Cooling
    air

Zardoc

Dazed & Confused
Power User
VIP
Local time
9:16 PM
Posts
699
Location
In a van down by the river
OS
Windows 11 Enterprise
No, I have to join the dev team and I don't want that. Some users are having trouble leaving the dev channel.
 

My Computer

System One

  • OS
    Windows 11 Enterprise
    Computer type
    PC/Desktop
    CPU
    Intel® Core™ i7-12700K Processor 25M Cache, up to 5.00
    Motherboard
    Asus TUF Gaming Z690-PLUS WIFI D4
    Memory
    G.Skill Ripjaws V Series 32gb (2x16gb) DDR4 3200mhz
    Graphics Card(s)
    Asus Dual Geforce Rtx™ 2070 Oc Edition 8gb Gddr6
    Monitor(s) Displays
    BenQ EW3270U 31.5” 3840x2160 UHD 16:9 HDR LED 4K LG 27UK850-W 27'' 4K UHD IPS LED Monitor with HDR10
    Screen Resolution
    3840x2160
    Hard Drives
    Samsung 980 PRO PCIe 4.0 Gen 4 NVMe® SSD 1TB
    Samsung 980 PRO PCIe 4.0 Gen 4 NVMe® SSD 250GB
    Samsung 970 Evo M.2 2280 2tb Pcie Gen3. X4
    Crucial MX500 2TB 3D NAND SATA Internal SSD
    PSU
    Corsair AXi Series AX860i Digital 860W 80 PLUS PSU
    Case
    Corsair 275R ATX Mid Tower Case
    Keyboard
    Logi MX Keys
    Mouse
    Logi M705
    Internet Speed
    400 mbs
    Browser
    Firefox
    Antivirus
    Eset NOD32
    Other Info
    Love fast boots

pietcorus2

Well-known member
Member
VIP
Local time
3:16 AM
Posts
286
Location
Netherlands
OS
Windows11 Pro
I see........ will have to wait for solution still , in 21H2 did not have these id=1108 ...............so, have to clean the eventviewer on regular base .
Wondering if Windows will clean the eventviewer on regular base , or we have to use our " clean task " , we made .
What do you sugest/advice...........?? :unsure:
 

My Computer

System One

  • OS
    Windows11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    i7
    Motherboard
    z97k
    Memory
    32GB
    Graphics Card(s)
    nVidia
    Sound Card
    Realtek
    Hard Drives
    3
    Cooling
    air

pietcorus2

Well-known member
Member
VIP
Local time
3:16 AM
Posts
286
Location
Netherlands
OS
Windows11 Pro
Still not fixed , after latest update !
This is how my eventviewer looks , after each reboot ;

After every reboot.png
And after clean-bat ( ten minutes after reboot) ; after clean-bat.png
 

My Computer

System One

  • OS
    Windows11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    i7
    Motherboard
    z97k
    Memory
    32GB
    Graphics Card(s)
    nVidia
    Sound Card
    Realtek
    Hard Drives
    3
    Cooling
    air

Zardoc

Dazed & Confused
Power User
VIP
Local time
9:16 PM
Posts
699
Location
In a van down by the river
OS
Windows 11 Enterprise
This is an unknown issue for a lot of users. No one seems to be able to explain to what it's related or they don't have the time to reply.

I've seen a lot of issues in my years and this one is NOT like VSS which can be explained and ignored for known reasons.

This is a security audit issue. What is affected? What's the root cause ? I have an idea what it might be related to and posted on the MSDN forum to see if I could get a clue but I'm still waiting.

I didn't create an auto log cleaner because it takes 10 seconds to clear with event cleaner so I'm more worried about the scope and the consequences of the credential guard rather than how to remove the errors from event viewer although it is a pain having a bunch of the same errors. ;-)

@echo off
FOR /F "tokens=1,2*" %%V IN ('bcdedit') DO SET adminTest=%%V
IF (%adminTest%)==(Access) goto noAdmin
for /F "tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G")
echo.
echo goto theEnd
:do_clear
echo clearing %1
wevtutil.exe cl %1
goto :eof
:noAdmin
exit
 

My Computer

System One

  • OS
    Windows 11 Enterprise
    Computer type
    PC/Desktop
    CPU
    Intel® Core™ i7-12700K Processor 25M Cache, up to 5.00
    Motherboard
    Asus TUF Gaming Z690-PLUS WIFI D4
    Memory
    G.Skill Ripjaws V Series 32gb (2x16gb) DDR4 3200mhz
    Graphics Card(s)
    Asus Dual Geforce Rtx™ 2070 Oc Edition 8gb Gddr6
    Monitor(s) Displays
    BenQ EW3270U 31.5” 3840x2160 UHD 16:9 HDR LED 4K LG 27UK850-W 27'' 4K UHD IPS LED Monitor with HDR10
    Screen Resolution
    3840x2160
    Hard Drives
    Samsung 980 PRO PCIe 4.0 Gen 4 NVMe® SSD 1TB
    Samsung 980 PRO PCIe 4.0 Gen 4 NVMe® SSD 250GB
    Samsung 970 Evo M.2 2280 2tb Pcie Gen3. X4
    Crucial MX500 2TB 3D NAND SATA Internal SSD
    PSU
    Corsair AXi Series AX860i Digital 860W 80 PLUS PSU
    Case
    Corsair 275R ATX Mid Tower Case
    Keyboard
    Logi MX Keys
    Mouse
    Logi M705
    Internet Speed
    400 mbs
    Browser
    Firefox
    Antivirus
    Eset NOD32
    Other Info
    Love fast boots

Zardoc

Dazed & Confused
Power User
VIP
Local time
9:16 PM
Posts
699
Location
In a van down by the river
OS
Windows 11 Enterprise
I was able to login to DEV channel and the
(Event ID 1108: Microsoft-Windows-Security-Auditing) and
the (Event ID 15: Wininit Windows Defender Credential Guard (LsaIso.exe)
are gone.
Event Viewer Dev Build 25211.1001 2022-10-01.png

However, the 2 other events are present but seem to align with the fact that credential guard is not activated
(Event ID 360: Windows hello for business)
(Event ID 6155: LSA package is not signed as expected. This can cause unexpected behavior with Credential Guard.),


is gone. However, I still have the Hello business

So let's hope it's a sign that the next 22H2 build will have a fix. :cool:
 

My Computer

System One

  • OS
    Windows 11 Enterprise
    Computer type
    PC/Desktop
    CPU
    Intel® Core™ i7-12700K Processor 25M Cache, up to 5.00
    Motherboard
    Asus TUF Gaming Z690-PLUS WIFI D4
    Memory
    G.Skill Ripjaws V Series 32gb (2x16gb) DDR4 3200mhz
    Graphics Card(s)
    Asus Dual Geforce Rtx™ 2070 Oc Edition 8gb Gddr6
    Monitor(s) Displays
    BenQ EW3270U 31.5” 3840x2160 UHD 16:9 HDR LED 4K LG 27UK850-W 27'' 4K UHD IPS LED Monitor with HDR10
    Screen Resolution
    3840x2160
    Hard Drives
    Samsung 980 PRO PCIe 4.0 Gen 4 NVMe® SSD 1TB
    Samsung 980 PRO PCIe 4.0 Gen 4 NVMe® SSD 250GB
    Samsung 970 Evo M.2 2280 2tb Pcie Gen3. X4
    Crucial MX500 2TB 3D NAND SATA Internal SSD
    PSU
    Corsair AXi Series AX860i Digital 860W 80 PLUS PSU
    Case
    Corsair 275R ATX Mid Tower Case
    Keyboard
    Logi MX Keys
    Mouse
    Logi M705
    Internet Speed
    400 mbs
    Browser
    Firefox
    Antivirus
    Eset NOD32
    Other Info
    Love fast boots

pietcorus2

Well-known member
Member
VIP
Local time
3:16 AM
Posts
286
Location
Netherlands
OS
Windows11 Pro
" credential guard is not activated "..............HOW(?) to deactivate it ??
 

My Computer

System One

  • OS
    Windows11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    i7
    Motherboard
    z97k
    Memory
    32GB
    Graphics Card(s)
    nVidia
    Sound Card
    Realtek
    Hard Drives
    3
    Cooling
    air

Zardoc

Dazed & Confused
Power User
VIP
Local time
9:16 PM
Posts
699
Location
In a van down by the river
OS
Windows 11 Enterprise
" credential guard is not activated "..............HOW(?) to deactivate it ??
Are you getting LSA 6155 errors or any other error I mentioned in last post ?

In most cases, it's not activated. It's only with Enterprise versions that it's activated but the errors should not show with Pro or home versions because it's not activated by default.

I had an enterprise version before, but this is a Pro install but it's showing errors as if it was an Enterprise version.

The 1108 errors are associated with windows security settings so if you only have that, it could be something different.
 

My Computer

System One

  • OS
    Windows 11 Enterprise
    Computer type
    PC/Desktop
    CPU
    Intel® Core™ i7-12700K Processor 25M Cache, up to 5.00
    Motherboard
    Asus TUF Gaming Z690-PLUS WIFI D4
    Memory
    G.Skill Ripjaws V Series 32gb (2x16gb) DDR4 3200mhz
    Graphics Card(s)
    Asus Dual Geforce Rtx™ 2070 Oc Edition 8gb Gddr6
    Monitor(s) Displays
    BenQ EW3270U 31.5” 3840x2160 UHD 16:9 HDR LED 4K LG 27UK850-W 27'' 4K UHD IPS LED Monitor with HDR10
    Screen Resolution
    3840x2160
    Hard Drives
    Samsung 980 PRO PCIe 4.0 Gen 4 NVMe® SSD 1TB
    Samsung 980 PRO PCIe 4.0 Gen 4 NVMe® SSD 250GB
    Samsung 970 Evo M.2 2280 2tb Pcie Gen3. X4
    Crucial MX500 2TB 3D NAND SATA Internal SSD
    PSU
    Corsair AXi Series AX860i Digital 860W 80 PLUS PSU
    Case
    Corsair 275R ATX Mid Tower Case
    Keyboard
    Logi MX Keys
    Mouse
    Logi M705
    Internet Speed
    400 mbs
    Browser
    Firefox
    Antivirus
    Eset NOD32
    Other Info
    Love fast boots

pietcorus2

Well-known member
Member
VIP
Local time
3:16 AM
Posts
286
Location
Netherlands
OS
Windows11 Pro
" The 1108 errors are associated with windows security settings so if you only have that, it could be something different. ".......Yes, only id=1108 , did not occur in previous version .
I really want to get rid of these 1108 , its eating my eventviewer !
Tried several enabl/disable , no luck so far...........
Im almost certain , there must be a way to disable these 1108-items !
I wont give up , my previous eventviewer always clean , appreciate some help still...........:wink:
 

My Computer

System One

  • OS
    Windows11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    i7
    Motherboard
    z97k
    Memory
    32GB
    Graphics Card(s)
    nVidia
    Sound Card
    Realtek
    Hard Drives
    3
    Cooling
    air

Zardoc

Dazed & Confused
Power User
VIP
Local time
9:16 PM
Posts
699
Location
In a van down by the river
OS
Windows 11 Enterprise
Or, you can do as I do, remain on 22000.1042 ;-)
 

My Computer

System One

  • OS
    Windows 11 Enterprise
    Computer type
    PC/Desktop
    CPU
    Intel® Core™ i7-12700K Processor 25M Cache, up to 5.00
    Motherboard
    Asus TUF Gaming Z690-PLUS WIFI D4
    Memory
    G.Skill Ripjaws V Series 32gb (2x16gb) DDR4 3200mhz
    Graphics Card(s)
    Asus Dual Geforce Rtx™ 2070 Oc Edition 8gb Gddr6
    Monitor(s) Displays
    BenQ EW3270U 31.5” 3840x2160 UHD 16:9 HDR LED 4K LG 27UK850-W 27'' 4K UHD IPS LED Monitor with HDR10
    Screen Resolution
    3840x2160
    Hard Drives
    Samsung 980 PRO PCIe 4.0 Gen 4 NVMe® SSD 1TB
    Samsung 980 PRO PCIe 4.0 Gen 4 NVMe® SSD 250GB
    Samsung 970 Evo M.2 2280 2tb Pcie Gen3. X4
    Crucial MX500 2TB 3D NAND SATA Internal SSD
    PSU
    Corsair AXi Series AX860i Digital 860W 80 PLUS PSU
    Case
    Corsair 275R ATX Mid Tower Case
    Keyboard
    Logi MX Keys
    Mouse
    Logi M705
    Internet Speed
    400 mbs
    Browser
    Firefox
    Antivirus
    Eset NOD32
    Other Info
    Love fast boots

pietcorus2

Well-known member
Member
VIP
Local time
3:16 AM
Posts
286
Location
Netherlands
OS
Windows11 Pro
Or, you can do as I do, remain on 22000.1042 ;-)
This annoying id=1108 is not worth going back to previous build..............
Im sure a fix will be found , someday !
 

My Computer

System One

  • OS
    Windows11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    i7
    Motherboard
    z97k
    Memory
    32GB
    Graphics Card(s)
    nVidia
    Sound Card
    Realtek
    Hard Drives
    3
    Cooling
    air

Zardoc

Dazed & Confused
Power User
VIP
Local time
9:16 PM
Posts
699
Location
In a van down by the river
OS
Windows 11 Enterprise
This annoying id=1108 is not worth going back to previous build..............
Im sure a fix will be found , someday !
Like I mentioned, It's fixed in DEV build, so it will be fixed.

I just use Macrium to surf builds. When I'm satisfied, then I move to new build.
Besides, new build doesn't have much to offer besides Tabs and they aren't even activated everywhere. :rolleyes:
 

My Computer

System One

  • OS
    Windows 11 Enterprise
    Computer type
    PC/Desktop
    CPU
    Intel® Core™ i7-12700K Processor 25M Cache, up to 5.00
    Motherboard
    Asus TUF Gaming Z690-PLUS WIFI D4
    Memory
    G.Skill Ripjaws V Series 32gb (2x16gb) DDR4 3200mhz
    Graphics Card(s)
    Asus Dual Geforce Rtx™ 2070 Oc Edition 8gb Gddr6
    Monitor(s) Displays
    BenQ EW3270U 31.5” 3840x2160 UHD 16:9 HDR LED 4K LG 27UK850-W 27'' 4K UHD IPS LED Monitor with HDR10
    Screen Resolution
    3840x2160
    Hard Drives
    Samsung 980 PRO PCIe 4.0 Gen 4 NVMe® SSD 1TB
    Samsung 980 PRO PCIe 4.0 Gen 4 NVMe® SSD 250GB
    Samsung 970 Evo M.2 2280 2tb Pcie Gen3. X4
    Crucial MX500 2TB 3D NAND SATA Internal SSD
    PSU
    Corsair AXi Series AX860i Digital 860W 80 PLUS PSU
    Case
    Corsair 275R ATX Mid Tower Case
    Keyboard
    Logi MX Keys
    Mouse
    Logi M705
    Internet Speed
    400 mbs
    Browser
    Firefox
    Antivirus
    Eset NOD32
    Other Info
    Love fast boots

pietcorus2

Well-known member
Member
VIP
Local time
3:16 AM
Posts
286
Location
Netherlands
OS
Windows11 Pro
id=1108 is related to ; {fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148} .
Enable or disable does not fix the issue still !
Wonder if we can manipulate this key , maybe removing it or setting some/all values in it on 0...........
Will try...

Update ; even removing this key from regedit does not solve the id=1108 in eventviewer , it just keeps coming after every reboot !!
 
Last edited:

My Computer

System One

  • OS
    Windows11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    i7
    Motherboard
    z97k
    Memory
    32GB
    Graphics Card(s)
    nVidia
    Sound Card
    Realtek
    Hard Drives
    3
    Cooling
    air

Zardoc

Dazed & Confused
Power User
VIP
Local time
9:16 PM
Posts
699
Location
In a van down by the river
OS
Windows 11 Enterprise
id=1108 is related to ; {fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148} .
Enable or disable does not fix the issue still !
Wonder if we can manipulate this key , maybe removing it or setting some/all values in it on 0...........
Will try...

Update ; even removing this key from regedit does not solve the id=1108 in eventviewer , it just keeps coming after every reboot !!
There is more than one key. In fact 3 or 4., but it still won't fix the problem. 😵‍💫
 

My Computer

System One

  • OS
    Windows 11 Enterprise
    Computer type
    PC/Desktop
    CPU
    Intel® Core™ i7-12700K Processor 25M Cache, up to 5.00
    Motherboard
    Asus TUF Gaming Z690-PLUS WIFI D4
    Memory
    G.Skill Ripjaws V Series 32gb (2x16gb) DDR4 3200mhz
    Graphics Card(s)
    Asus Dual Geforce Rtx™ 2070 Oc Edition 8gb Gddr6
    Monitor(s) Displays
    BenQ EW3270U 31.5” 3840x2160 UHD 16:9 HDR LED 4K LG 27UK850-W 27'' 4K UHD IPS LED Monitor with HDR10
    Screen Resolution
    3840x2160
    Hard Drives
    Samsung 980 PRO PCIe 4.0 Gen 4 NVMe® SSD 1TB
    Samsung 980 PRO PCIe 4.0 Gen 4 NVMe® SSD 250GB
    Samsung 970 Evo M.2 2280 2tb Pcie Gen3. X4
    Crucial MX500 2TB 3D NAND SATA Internal SSD
    PSU
    Corsair AXi Series AX860i Digital 860W 80 PLUS PSU
    Case
    Corsair 275R ATX Mid Tower Case
    Keyboard
    Logi MX Keys
    Mouse
    Logi M705
    Internet Speed
    400 mbs
    Browser
    Firefox
    Antivirus
    Eset NOD32
    Other Info
    Love fast boots

pietcorus2

Well-known member
Member
VIP
Local time
3:16 AM
Posts
286
Location
Netherlands
OS
Windows11 Pro
There is more than one key. In fact 3 or 4., but it still won't fix the problem. 😵‍💫
In fact after every reboot ; 20 times id=1108 , no other ids ................!
Must be a 22H2-bug , coz its been reported several times by other forum-members also ..........

Wonder if MS removes this nonsense automaticly ( sometimes ?!) , or do we have to clean it ?
If so , whats the best way for cleaning it ( once a week or every day ?!)............?
 
Last edited:

My Computer

System One

  • OS
    Windows11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    i7
    Motherboard
    z97k
    Memory
    32GB
    Graphics Card(s)
    nVidia
    Sound Card
    Realtek
    Hard Drives
    3
    Cooling
    air

pietcorus2

Well-known member
Member
VIP
Local time
3:16 AM
Posts
286
Location
Netherlands
OS
Windows11 Pro
There is more than one key. In fact 3 or 4., but it still won't fix the problem.
Which keys ? I sure want to know , maybe we will find the cullprit...............
 

My Computer

System One

  • OS
    Windows11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    i7
    Motherboard
    z97k
    Memory
    32GB
    Graphics Card(s)
    nVidia
    Sound Card
    Realtek
    Hard Drives
    3
    Cooling
    air

Latest Tutorials

Top Bottom