Missing Information in Security Event Detail Description (120380)

CAUSE

There are two possible causes:

Incomplete or damaged dynamic link library files have been used to create event details in the security event log.
Registry entries referencing the library are incorrect or missing.

RESOLUTION

Check for the existence of \%systemroot%\system32\msaudite.dll
Expand msaudite.dl_ from the appropriate platform directory on the CD-ROM or from disk 15 of the 3.5" installation disks.
Find and verify the three registry values below:

WARNING: Using Registry Editor incorrectly can cause serious, system-wide problems that may require you to reinstall Windows NT to correct them. Microsoft cannot guarantee that any problems resulting from the use of Registry Editor can be solved. Use this tool at your own risk.

HKEY_LOCAL_MACHINE on local machine at:
\System\CurrentControlSet\Services\Eventlog\Security\Security
CategoryMessageFile:REG_EXPAND_SZ:%SystemRoot%\System32\MsAuditE.dll
EventMessageFile:REG_EXPAND_SZ:%SystemRoot%\System32\MsAuditE.dll

MORE INFORMATION

Example: Successful Logon

   User Name:               joeb
   Domain:                  UNIVERSAL
   Logon ID:                [0x0,0x13B8]
   Logon Type:              2
   Logon Process:           User32
   Authentication Package:

MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

Example: Incomplete Description

The description for Event ID [528] in Source [Security] could not be found. It contains the following insertion string(s): joeb, UNIVERSAL,[0x0,0x13B8],2,User32, MICROSOFT_AUTHENTICATION_PACKAGE_V1_0.