Applies to:

Every single product that we (Microsoft) shipped, such as:
Windows Server 2012
Windows 8
Windows Server 2008 R2
Windows 7
Windows Server 2008
Windows Vista
Windows Server 2003
Windows XP
Windows Server 2000
Windows 2000
Windows NT 4.0 Server
Windows NT 4.0 Workstation
Exchange
SQL
Sharepoint
Lync
Communicator
Office
Internet Explorer
and so on.

Have you ever wondered what 0x00000005 or 0x80070005 meant?

We have the tool named ERR.exe which has the Win32 headers and privates for products that we ship.
We used to ship the ERR.exe tool in “Windows Server 2003 Resource Kit”
If you are a developer or use Visual Studio, in the Visual Studio Tools, there is a GUI version of the tool called ERRLOOKUP.exe.

You could download it here:
Microsoft Exchange Server Error Code Look-up
http://www.microsoft.com/en-us/download/details.aspx?id=985


Note: It should really be called “Microsoft Win32 Error Code Look-up”

To install:

clip_image002

Just click on “Run”

clip_image003

Type a location such as “c:\temp”

Click on “Ok”

clip_image004

 

clip_image006

There will be a folder called “Err” and inside of it, the err.exe tool.

I personally, like to copy the err.exe tool to c:\windows\system32, so that I won’t have to enter the path from the command line, since c:\windows\system32 is in the Path of the “Environment Variable”.

What type of information can I get out of this tool?

clip_image008

You are able to see which NTStatus header files the tool looks thru, and the components, which are the base Windows O.S. components, used by any application that has to run on top.

Usage:

For example, let’s find out what a 0x00000005 is actually.

Open a command prompt (cmd.exe) and type:

Err.exe 0x00000005

clip_image010

So you end up with 39 matches.

Ok, so which one applies to you? Depending on the component you are troubleshooting, you will choose that particular component.

For example, for most Windows administrators, we are going to be looking for winerror.h or ntstatus.h

In Windows XP and Windows Server 2003, what I noticed is that admin’s will click on the “For more information, see Help and Support Center at …” which leads to nowhere… =) and disregard the “Data:” section, since it shows values in “Bytes” which looks like just some hex numbers:

clip_image011

clip_image012

If you click on “Words”, we could see a hex value of “c0001066”

clip_image014

In this example, we get an error message that we already knew, but really, the information contained here is a gold mine, when you are troubleshooting a problem.

Here is an example of Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2, in the event log, one of my VM’s was getting the following error message:

Log Name: System

Source: Server

Date: 10/6/2012 7:03:03 AM

Event ID: 2505

Level: Error

Description:

The server could not bind to the transport \Device\NetBT_Tcpip_{6AB7579E-2A1E-41C5-8AF4-E028EF4D3D20} because another computer on the network has the same name. The server could not start.

If I click on the “Details” tab, I’m able to go to the “Binary data:” and look at the “Words” value.

clip_image015

In this case 0000034 which is 0x0000034

Typing “err.exe 34”, I’m able to get the following info:

clip_image017

Looking at the “winerror.h, I’m able to see multiple winerror.h, so I need to gauge what applies to the issue that I’m troubleshooting.

In this case, I knew the event log error was regarding “duplicate name exists on the network”.