[solved] No sound and AMD-Vi: Event logged

Similar Messages

• Allow Non-Administrator accounts to create event sources and write to event logs

  We are setting up BizTalk 2013 in Windows Server 2012 and one of the requirements is to allow the service account to create sources and write in event logs (Application) of the BizTalk servers. We have found what it seems to be a simple solution for this
  without giving service accounts local admin rights.
  Give Full control for the following registry keys to the service accounts or groups to allow creating of event sources and write to event logs:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security
  Note: when changing permissions for EventLog key, the child keys will inherit the permissions by default except Security key which must be done manually.
  Initial tests using a .net test app seems to work as expected. New event sources are being created in the event logs and writing to the event logs after that works perfectly.
  The above method has been deployed in production and this is the most suitable solution for us.

  Hi Keong6806,
  Thanks a lot for posting and sharing here.
  Do you have any other questions regarding this topic? If not I would change the type as 'Discussion' then.
  Best Regards,
  Elaine
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Battery drain and error in event log!!!

  So I recently got a curve 9360, but battery life wasn't the 1 and a half days I expected. Doesn't last more than 5 hrs on normal use, and it falls drastically when doing slightly heavy work like now, bridged to my PlayBook like now, it turns of radio at about 30% then blacks out in under 5 minutes. So i did some digging around and most people said it was the OS, so I downloaded the os that most people say fixed there curve's, got a response for 7.1.0.190 and 7.1.0.258, bug still no difference. Out of curiosity I checked my event long and found this error ,
  Name: System
  Severity: Error
  GUID: 97c9f5f641d25e5f
  Time: "the date and time shown"
  JVM:INFOp=mypin,a='7.1.0.190',o='9.6.0.24',h=e001507
  So when I changed the os to 7.1.0.190, still got the same error and it's always at the top of the event log so am guess its what's causing the battery drain. Changed batteries, and wiped the OS and reinstalled but no solution. 
  Any help people!

  Hi,
  The Certificate Chain you installed on the FE server did not have "Enable all purposes for this certificat" enabled.
  Run MMC--Add\Remove Snap-ins--certificates--Local Computer--Trusted Root Certificate Authorities--Certificates, find the certificate chain you installed--Properties--General, check the "Enable all purposes for this certificate".
  Restart Lync FE server and check the problem is solved.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• When I turn on my MacBook pro, I get the 'macintosh he's symbol. Then, at my login, certain keys (I,e,u) get an error sound, and I can't log in. Anyone know what's up?

  Oh, I'm on my phone because if the problem, so I put the whole question in the title. But, the  problem is that my computer acts like I've got the alt key down   I start up, and gives me an error sound when I hit certain keys (e i, u, and a few othes) so I can't log in. Help?

  You showed a kernel panic file from OS X, apprantly Log Me In is installed into OS X or running when you log in.
  You should be using the developers installer/unistaller to remove Log Me In from OS X.
  Somehow it's in OS X, I don't know, but it's there and you need to remove it. I'm not dealing with Windows, just OS X.
  Talk to Log Me In people and find out what is installed where so you can do a manual deletion out of OS X.
  If that doesn't work, you have to reboot holding the Shift key down manually search for any Log Me In or Himachi files on your computer, in your System/Library/Extensions folder too, use the free Easy Find.
  https://s3.amazonaws.com/DTWebsiteSupport/download/freeware/easyfind/4.9/EasyFin d.app.zip

• [SOLVED]Are X11 and AMD catalyst drivers friends again?

  last time i installed linux on my laptop X11 had dropped support fro amd catalyst drivers (proprietary video card drivers), did amd do something about it? did X11 team reconsider? can i use the catalyst drivers on X11 again now?  my laptop and it's stupid APU or "dual graphics" aren't playing so nice with the open source radeon drivers.
  Last edited by rabcor (2013-06-20 19:16:00)

  If wine supported skype, i would be more dead set on using linux than using the amd proprietary drivers.
  The reason this isn't a big deal to me is mostly because i only use this laptop for 3 things, regardless of OS. Teamspeak 3, Skype, Playing Videos.
  I have it set up on a dual boot because neither windows nor linux seem to be reliable on this laptop, the reason is hardware-side, this APU is driving me nuts.
  The reason i'm having problems with the radeon drivers is that even if i set my computer to disable the "switchable graphics" on boot it sometimes seems to randomly re-enable it without even notifying me. The reason this is bad is because the switchable graphics cause my laptopt to overheat. If this happens in windows it usually just enters hibernation mode while the heat levels are just barely critical, in linux however it keeps running for a while at critical levels before it'll finally just overeat. I'm hoping that the AMD proprietary drivers can help me solve this on the linux side.
  Whichever operating system i can manage to make stop ever using the switchable graphics (thus preventing all overheating) will be the one i will use in the end, but i'm not in any big rush, windows is working decently for me on the laptop right now, and i can patiently wait for the amd proprietary drivers to support X again, since i  don't interact much with the computer at all anyways. Using linux would mostly just be to make the laptop look better. Linux seems to be the more likely one to succeed with this task in the end however (because i can optimize/customize it a whole lot more than i ever could windows, and because i'm scared of updating the catalyst drivers in windows because my laptop has often just completely broken upon catalyst driver update in windows.)

• [solved] No sound with AMD Fusion C-60

  I have a freshly-installed headless server with a Fusion C-60 APU (http://www.newegg.com/Product/Product.a … 6813131843). It's mostly a NAS box, but I'm also trying to set it up to run MPD. However, I apparently have no sound at all:
  sir ~ # aplay -l
  aplay: device_list:268: no soundcards found...
  Is the C-60 just too new to be supported? Do I need to be running a GUI of some sort to make the audio work?
  sir ~ # lsmod
  Module Size Used by
  acpi_cpufreq 10470 0
  mperf 1267 1 acpi_cpufreq
  kvm_amd 51746 0
  kvm 388889 1 kvm_amd
  eeepc_wmi 4552 0
  asus_wmi 15520 1 eeepc_wmi
  sparse_keymap 3114 1 asus_wmi
  rfkill 15633 1 asus_wmi
  video 11170 1 asus_wmi
  pci_hotplug 22930 1 asus_wmi
  evdev 9912 2
  microcode 14196 0
  psmouse 76297 0
  pcspkr 2027 0
  serio_raw 5041 0
  radeon 896820 1
  r8169 56439 0
  mii 4059 1 r8169
  k10temp 3050 0
  sp5100_tco 5784 0
  i2c_piix4 10311 0
  ttm 64499 1 radeon
  drm_kms_helper 35090 1 radeon
  drm 223795 3 ttm,drm_kms_helper,radeon
  i2c_algo_bit 5391 1 radeon
  processor 27239 3 acpi_cpufreq
  i2c_core 22774 5 drm,i2c_piix4,drm_kms_helper,i2c_algo_bit,radeon
  wmi 8379 1 asus_wmi
  button 4701 0
  ext4 471524 2
  crc16 1359 1 ext4
  jbd2 77224 1 ext4
  mbcache 5930 1 ext4
  sd_mod 30818 4
  ahci 22096 2
  libahci 20503 1 ahci
  libata 168037 2 ahci,libahci
  ohci_hcd 26544 0
  ehci_pci 4120 0
  ehci_hcd 47407 1 ehci_pci
  usbcore 173007 3 ohci_hcd,ehci_hcd,ehci_pci
  scsi_mod 129231 2 libata,sd_mod
  usb_common 954 1 usbcore
  sir ~ # lspci
  00:00.0 Host bridge: Advanced Micro Devices [AMD] Family 14h Processor Root Complex
  00:01.0 VGA compatible controller: Advanced Micro Devices [AMD] nee ATI Wrestler [Radeon HD 6290]
  00:04.0 PCI bridge: Advanced Micro Devices [AMD] Family 14h Processor Root Port
  00:11.0 SATA controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 SATA Controller [AHCI mode] (rev 40)
  00:12.0 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
  00:12.2 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB EHCI Controller
  00:13.0 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
  00:13.2 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB EHCI Controller
  00:14.0 SMBus: Advanced Micro Devices [AMD] nee ATI SBx00 SMBus Controller (rev 42)
  00:14.3 ISA bridge: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 LPC host controller (rev 40)
  00:14.4 PCI bridge: Advanced Micro Devices [AMD] nee ATI SBx00 PCI to PCI Bridge (rev 40)
  00:14.5 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB OHCI2 Controller
  00:15.0 PCI bridge: Advanced Micro Devices [AMD] nee ATI SB700/SB800/SB900 PCI to PCI bridge (PCIE port 0)
  00:15.1 PCI bridge: Advanced Micro Devices [AMD] nee ATI SB700/SB800/SB900 PCI to PCI bridge (PCIE port 1)
  00:16.0 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
  00:16.2 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB EHCI Controller
  00:18.0 Host bridge: Advanced Micro Devices [AMD] Family 12h/14h Processor Function 0 (rev 43)
  00:18.1 Host bridge: Advanced Micro Devices [AMD] Family 12h/14h Processor Function 1
  00:18.2 Host bridge: Advanced Micro Devices [AMD] Family 12h/14h Processor Function 2
  00:18.3 Host bridge: Advanced Micro Devices [AMD] Family 12h/14h Processor Function 3
  00:18.4 Host bridge: Advanced Micro Devices [AMD] Family 12h/14h Processor Function 4
  00:18.5 Host bridge: Advanced Micro Devices [AMD] Family 12h/14h Processor Function 6
  00:18.6 Host bridge: Advanced Micro Devices [AMD] Family 12h/14h Processor Function 5
  00:18.7 Host bridge: Advanced Micro Devices [AMD] Family 12h/14h Processor Function 7
  04:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168 PCI Express Gigabit Ethernet controller (rev 09)
  sir ~ # uname -a
  Linux sir 3.8.8-2-ARCH #1 SMP PREEMPT Tue Apr 23 10:28:14 CEST 2013 x86_64 GNU/Linux
  Last edited by rabidfurby (2013-05-10 16:22:46)

  Thanks, apparently it was disabled in the BIOS. Never thought to check there because I've never had a motherboard ship with sound disabled by default.

• Event 7000 and 7001 in event log; cannot verify signature

  On the user's system, the Workstation service will not start, preventing access to network drives through UNC paths.
  The dependencies for the Workstation service (Browser Support service, SMB 1 redirect, SMB 2 redirect) are not starting because the system detects a problem with the digital signature for a file. For example:
  The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
  Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  I've run sfc /scannow a number of times, but that does not resolve the issue.
  Suggestions, please!

  I tried updating bowser.sys at an elevated command prompt using the following commands:
  takeown /f  C:\windows\system32\drivers\bowser.sys
  icacls C:\windows\system32\drivers\bowser.sys  /grant administrators:F
  copy file-from-working-system C:\windows\system32\drivers\bowser.sys
  The CBS.log from sfc doesn't indicate the directory in C:\Windows\winsxs to copy the file. There are multiple directories for the file, each tagged with multiple IDs. I used the same commands on the latest directory in \Winsxs, copied bowser.sys there, but
  sigcheck shows that the file is still not signed.
  Sigcheck v2.1 - File version and signature viewer
  Copyright (C) 2004-2014 Mark Russinovich
  Sysinternals - www.sysinternals.com
  c:\windows\system32\drivers\bowser.sys:
          Verified:       Unsigned
          Link date:      11:55 PM 2/22/2011
          Publisher:      Microsoft Corporation
          Description:    NT Lan Manager Datagram Receiver Driver
          Product:        Microsoft« Windows« Operating System
          Prod version:   6.1.7601.17565
          File version:   6.1.7601.17565 (win7sp1_gdr.110222-1630)
          MachineType:    64-bit
          Binary Version: 6.1.7601.17565
          Original Name:  browser.sys
          Internal Name:  browser.sys
          Copyright:      ⌐ Microsoft Corporation. All rights reserved.
          Comments:       n/a
          Entropy:        6.178

• [partially solved] Kernel upgrade and longer udev events

  Hi guys,
  Well this isn't actually a problem, but nevertheless I'm curious about why the time to finish the 'udev events' during boot seems to be increasing after the two previous kernel upgrades.
  kernel26-2.6.25.11-1 : around 3.5 seconds
  kernel26-2.6.26.2-1 : around 5.7 seconds
  kernel26-2.6.26.3-1 : around 9.5 seconds
  Any idea?
  Last edited by new2arch (2008-08-29 12:11:26)

  zyghom wrote:on mine with 26.3 is 3.5 sec
  Back to ~5.5 seconds again by applying this 'how to':
  http://wiki.archlinux.org/index.php/Speedup_udev
  I opted for option 1.

• HH3A event log entries - firewall

  I have recently received a replacement hub and in the event log am getting loads of the following entries - is this usual (IP address is my laptop)
  23:59:57, 15 May.
  (458348.960000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->49744, internal ports: 49744, internal client: 192.168.1.64
  23:59:16, 15 May.
  (458308.430000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->49744, internal ports: 49744, internal client: 192.168.1.64
  Also when I do a tracert I get the following as the first line
  1     3 ms     2 ms     1 ms  api.home [192.168.1.254]
  I am only confused because on the old hub the firewall entries were
  20:50:11, 30 Apr.
  BLOCKED 1 more packets (because of Spoofing protection)
  20:50:09, 30 Apr.
  IN: BLOCK [12] Spoofing protection (IGMP 86.157.215.96->224.0.0.22 on ppp0)
  and the tracert was
  1     1 ms    <1 ms    <1 ms  BThomehub.home [192.168.1.254]
  I presume that nothing is amiss
  Solved!
  Go to Solution.

  conrad wrote:
  Many thanks DS - have turned UPnP off.  
  Why is this comment displayed   "It is recommended to keep the Extended UPnP security enabled to ensure the security of your home network." Presumably not having it enabled is ok.
  The spoofing stuff was obviously caused by me switching between wired/wireless as part of my line problems but thanks for the info as no doubt it will occur again.
  No problem
  The extended UPnP is a new item that BT have added to the latest firmware on the hub3. TBH I've not looked in to what this actually means as I've always turned UPnP off, even from when I was using the HH2.
  The spoofing events will return if you flick between each method of connecting, unless you delete the method not in use
  -+-No longer a forum member-+-

• Methods for Remote Event Log Collection (WMI vs RPC vs WinRM)

  Hi,
  I'm currently evaluating several 3rd party tools (SIEMs) to help me with log management in a large (mostly) Windows domain environment. Each tool uses a different approach to collecting the event log from remote systems, and I'd like help understanding the
  pros and cons of each approach. I've dropped this in the scripting forum as the tools are essentially running different scripts and it's this part I would like to understand.
  WMI: An agent installed on a windows server connects to each monitored box and grabs their event logs via WMI. Our legacy SIEM already collects from over 2000 servers using this method.
  RPC: As above, but using RPC. No changes required on the remote machines.
  WinRM: An appliance integrates with AD and collects event logs remotely using WinRM. This is reasonably new to me (i'm a security guy, not a sys admin) but I seem to have to enable an additional remote management tool, and open a new listening port on every
  single machine I want to collect the event log from.
  I read the following blog entry, which seemed to indicate that RPC was the best choice for performance, considering I'm going to be making high frequency connections to over 2000 targets:
  http://blogs.technet.com/b/josebda/archive/2010/04/02/comparing-rpc-wmi-and-winrm-for-remote-server-management-with-powershell-v2.aspx 
  However, everything I have found on the subject of remote event collection seems to suggest that WinRM is the "approved" method for event log collection. The vendor using the WinRM approach is also suggesting that it is the only official MS supported
  way of doing this.
  So I would like to ask, is there a reason that WMI and RPC should not be used for this purpose, since they clearly work and don't require any changes to my environment? Is there some advantage to WinRM that justifies touching my entire estate and opening
  an additional port (increasing my attack surface)?
  Thanks in advance,

  Hi,
  I'm aware of the push method, and may indeed move to it in time, although I'm just as likely to install a 3rd party agent on the machines to perform this role with greater functionality and manageability for the same effort. I've only seen organisations
  using commercial agents (snare, splunk, etc) or WMI for log collection in practice, so I don't think I'm the only one with reservations about it.
  Anything that involves making configuration changes to a large and very varied estate is not something to do lightly. Particularly if alternatives exist that don't require this change to be carried out immediately. That is why I'm looking to properly understand
  the pros and cons of these "legacy" approaches for use as an interim solution if nothing more.
  Pulling probably is more resource intensive, although I've not seen an actual comparison, but it's not really that fragile in my experience. If a single pull fails, you just collect the logs you missed at the next pull cycle in a few seconds/minutes.
  All logs are pulled directly into a SIEM for analysis, so that part is covered.
  Anyway, I appreciate the input, but I'm still holding out for concrete reasons to move away from WMI/RPC or to embrace WinRM. Bear in mind I'm considering fixing something that doesn't look broken to me!
  Cheers,

• PS script to save event logs

   
  Hi,
  I want to create a PS script which will pick the server name from a text file and save the event logs one by one of all the server with server name in a shared folder in network
  For this I tried to create below code, but not successful. I know there are some silly mistake in this code which i m not able to identify
  Please help me because I’m new in scripting and have very little knowledge about this.
  ==================
  $Computer_Name = Get-Content \\sharepath\name.txt
  $logfile = ForEach ($Computer_Name)
  Get-WmiObject -Class win32_NTEventlogFile  -Filter "logFileName='Application'"
  $logfile.ClearEventlog('Sharepath\%computername%_Application_Logs.evt')
  ========================

  Thanks !!!
  The share path is working fine.
  If I am running the below script it will save the logs files of local computer to the shared drive with computer name.
  ==============
  $logfile = Get-WmiObject -Class win32_NTEventlogFile  -Filter "logFileName='Application'"
  $logfile.ClearEventlog('\\sharepath\%computername%_Application_Logs.evt')
  ================
  Now, I want to create a script which will pick the server name from a text file and save that to a shared folder with respective computer name.
  Also, is there any way to SAVE AS the log files rather than clearing the logs ?
  You can export the logs using Get-EventLog and Export-Csv  Get-EventLog can specify a filter of -after and -before to set a date range.
  Help get-eventlog -full
  You can specify an array or file of computer names on the commandline.  You can specify credentials on the commandline.
  You can also save eventlogs in their entirety but that is not a good practice as it produces too much overlap.
  I suggest that weekly extractions ican be managed on an overnight basis. Monthly extracts are likely to take too much time.
  LogParser is much better at extracting Eventlogs in many formats.
  Logs should beset to rol lover on a size basis.  I use 32 and 64 megabytes on bsic systems and much larger on busier systems.   like to have a year online if possible.
  ¯\_(ツ)_/¯

• RAID Admin Event Log?

  I'm seeing some strange behavior with our RAID Admin event log. On Friday, I did a rebuild of our one of our RAIDs and, in the event log, there was an entry added that said "RAID Rebuild Started" or something along those lines.
  Today I opened RAID Admin and that event entry was gone. All of the other events around it were still there (removing and reinserting a drive, etc.), but not the actual rebuild message (or the subsequent success message).
  Is this normal behavior?

  Yes, that is normal behavior. If there were any problems with the rebuild, you would see error messages in the event log, but the message about starting the rebuild does disappear after the rebuild finishes.
  -Phoenix

• Event log 36887

  I receive the following event.....
  A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 42. I cannot find much information on this. does anyone have any insight?
  Thank you

  Hi,
  Did there run IIS on the server? This error message indicates the computer received an SSL fatal alert message from the server. It may be caused by accessing web site or the installation of third party web browsers or others. Did you remember any specific
  operation that had been done before this issue occurred? For examples, install any third-party application or others? Please refer to following thread and check if can help you.
  Event ID: 36887 Source: Schannel, Error: The following
  fatal alert was received: 0.
  In addition, please also refer to following KB and enable Schannel event logging, then check if get more clues.
  How to enable Schannel event logging in IIS
  If any update, please feel free to let me know.
  Hope this helps.
  Best regards,
  Justin Gu
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• VM cannot get IP and shows host MAC in event logs

  I have a strange issue where the VM on a user's laptop worked fine in the office with a Wireless NIC but when he got home we began having some problems (no network in the VM, only get 169.x.x.x IP in the VM, host network connection drops when we try
  to access or configure the networking inside the VM).
  Here is what I know so far:
  Bridge exists on host (wireless NIC to virtual NIC) and is enabled
  Adapter in VM has MAC of 00-15-5D-0A-A5-00, cannot get IP
  VM settings for the wireless NIC show the MAC is Dynamic and the one assigned is within the range setup on the Virtual Switch
  Adapter on host has MAC of 9C-4E-36-AC-83-68, gets IP of 192.168.0.14
  In the VM, you cannot renew or assign an IP, it says the MAC exists on the network and has an address assigned.  Network connectivity also drops if you try to renew the IP
  In the system event logs on the VM, I see TCPIP event 4199, exact message is - The system detected an address conflict for IP address 192.168.0.14 with the system having hardware address 9C-4E-36-AC-83-68.
  There are no errors in the event logs on the host.
  Deleting the NIC inside the VM and removing/re-adding it to the VM settings does not resolve it
  Deleting and recreating the virtual switch does not resolve it
  The option to allow the management OS to also use the wireless NIC is enabled on the virtual switch.
  The wired connection also worked in our office during the build and testing but he doesn't not have a cable at home for me to test the wired there.
  We have another machine which is configured the same way and is working correctly, both in the office and offsite.
  Why is the VM trying to use the host MAC to get an IP, shouldn't it be using the one assigned by Hyper-V?  Could this be an issue with his home office network or maybe specifically with his WAP?  What other items could cause this?
  I have asked my user to go connect to a wireless network in a different location and test it but I haven't heard back from him yet.
  Thanks in advance for any suggestions.

  Hi Milos,
  1 - Unfortunately I can't test this, the router is supplied by his ISP and is not one that we have any management capabilities on.
  2 - Any time I access network information in the VM (even just to run "ipconfig /all" at a command line), the network drops temporarily on the host and I loose access to it.
  3 - I've not used this before, I'll check it out.
  It seemed really odd to me that the VM showed the host MAC in the event logs when everything else in the VM shows the one assigned by Hyper-V.
  Do you know if the "Virtual Networking and Wireless network adapters" entry in Ben Armstrong's Virtualization blog still applies in Windows 8.1?  It won't let me post the link to it directly, sorry.
  I've seen it referred to recent posts but it's from 2005.
  It makes sense if it is since symptom #2 sounds like what I am seeing.

• Since applying Feb 2013 Sharepoint 2010 CUs - Critical event log entries for Blob cache and missing images

  Hi,
  Since applying the February 2013 SharePoint 2010 updates, we are getting lots of entries in our event logs along the following:
  Content Management     Publishing Cache         
  5538     Critical 
  An error occurred in the blob cache.  The exception message was 'The system cannot find the file specified. (Exception from HRESULT: 0x80070002)’
  In pretty much all of these cases the image/ file in question that is reported in the ULS logs as missing is not actually in the collaboration site, master page / html etc so the fix needs to go back to the site owner to make the correction to avoid
  the 404 (if they make it!). This has only started happening, I believe since feb 2013 sp2010 cumulative updates updates
  I didn’t see this mentioned as a change / in the Fix list of the February updates. i.e. it flags up a critical error in our event logs. So with a lot of sites and a lot of missing images your event log can quickly fill up.
  Obviously you can suppress them in the monitoring -> web content management ->publishing cache = none & none which is not ideal.
  So my question is... are others seeing this and was a change made by Microsoft to flag a 404 missing image / file up a critical error in event log when blob cache is enabled?
  If i log this with MS they will just say, you need to fix it up the missing files in the site but would be nice to know this had changed prior! I also deleted and recreated the blob cache and this made no diffference
  thanks
  Brad

  I'm facing the same error on our SharePoint 2013 farm. We are on Aug 2013 CU and if the Dec CU (which is supposed to be the latest) doesn't solve it then what else could be done.
  Some users started getting the message "Server is busy now try again later" with a corelation id. I looked up ULS with that corelation id and found these two errors in addition to hundreds of "Micro Trace Tags (none)" and "forced
  due to logging gap":
  "GetFileFromUrl: FileNotFoundException when attempting get file Url /favicon.ico The system cannot find the file specified. (Exception from HRESULT: 0x80070002)"
  "Error in blob cache. System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)"
  "Unable to cache URL /FAVICON.ICO.  File was not found" 
  Looks like this is a bug and MS hasn't fixed it in Dec CU..
  &quot;The opinions expressed here represent my own and not those of anybody else&quot;