Search event logs for file system access

Similar Messages

• 888k Error in ULS Logs for File System Cache

  Hello,
  We have a SharePoint 2010 farm in a three-tier architecture with multiple WFEs and APP servers.
  Roughly once a week we will have a number of WFEs seize up and jump to 100% CPU usage. Usually they come in pairs; two servers will jump to 100% at the same time while all the other servers are fine in the 20% - 50% range.
  Corresponding to the 100% CPU spike, the following appear in the ULS logs:
  "File system cache monitor encoutered error, flushing in memory cache: System.IO.InternalBufferOverflowException: Too many changes at once in directory:C:\ProgramData\Microsoft\SharePoint\Config\<GUID>\."
  When these appear, the ULS logs will show hundreds back-to-back flooding the logs.
  I have yet to figure out how to stop these and bring the CPU usage down while the incident is happening, and how to prevent them in the future.
  While the incident is happening, I have tried clearing the configuration cache, shutting the timer jobs down on each server, deleting all the files but config.ini in the folder listed above, changing config.ini to 1, and restarting the timer. The CPU will
  drop momentarily during this process, but as soon as all the timer jobs are restarted the CPUs jump back to 100% on the same servers.
  This week as part of my weekly maintenance I thought I'd be proactive and clear the cache even though the behavior wasn't happening, and all CPUs were normal. As soon as I finished, the CPU on two servers that were previously fine jumped to 100% and wouldn't
  come down. Needless to say, users complain of latency when servers are at 100% CPU.
  So I am frustrated. The only thing I have found that works when the CPUs jump to 100% with these errors are a reboot. Nothing else, including IISReset and stopping/starting the admin and timer job services work. Being Production systems, reboots during the
  middle of the day are bad.
  Any ideas? I have scoured the Internet resources on this error and have come up relatively empty-handed. All the articles reference clearing the configuration cache, which, in my instance, does not get rid of these issues, and can even trigger them.
  Thanks,
  Joseph Irvine

  Take a look at http://support.microsoft.com/kb/952167 for the list of recommended exclusions per Microsoft.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Disallow for file system access

  Hi All,
  I would like to not permit to access to file system, how can i do that with permission object. I saw only examples how to set contraints on location where it can access.
  Regards

  I'm sorry but i dont understand the problem. (Maybe someone else will)
  So you have told me that when you pass null to an file permission object, that you find out the mask is "NONE"?
  You want to stop users accessing some files?
  You need to build code that will stop the user accessing certain files
  You want to know if you can put restrictions on the whole VM(What is VM?) or just the context?
  I believe this Link could be helpful for you.

• The Data Access service is either not running or not yet initialized. Check the event log for more information

  Hi,
  I have SCSM with remote SQL and the SCSM Management server give below error
  Message: Failed to connect to server ‘Name of Server’
  Microsoft.EnterpriseManagement.Common.ServiceNotRunningException: The Data Access service is either not running or not yet initialized. Check the event log for more information. —> System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://ServerName:5724/DispatcherService.
  The connection attempt lasted for a time span of 00:00:04.0070932. TCP error code 10061: No connection could be made because the target machine actively refused it IPAddress:5724.  —> System.Net.Sockets.SocketException: No connection could be made
  because the target machine actively refused it IPAddress:5724
  I had try to restart SQL & MS with same error,
  Also i had try the following
  https://social.technet.microsoft.com/Forums/systemcenter/en-US/c670d54d-3a92-481f-8dc9-55c475ad196f/problems-with-data-access-service-after-rebooting
  https://social.technet.microsoft.com/Forums/systemcenter/en-US/26dc1d5c-fa82-403f-8949-3073f3b82a60/the-data-access-service-is-either-not-running-or-not-yet-initialized
  Not help meRegards

  I had same error before 
  below steps to solve it
  Make sure SQL Server Running & ServiceManager Database not full
  Stop All SCSM Services,
             System Center Management Configuration
     Microsoft System Center Data Access Service.
     Microsoft Monitoring Agent
  Rename Health Service State to Health Service State_old --- @ "C:\Program Files\Microsoft System Center 2012 R2\Service Manager"
  Start SCSM Services
      Microsoft Monitoring Agent
             System Center Management Configuration
     Microsoft System Center Data Access Service.
  Wait 2 min...
  check Event Viewer... 
  hope this help you.
  Regards, Ibrahim Hamdy

• Error starting the Planning application, review the event log for details

  We are using the Hyperion Demo and there was a problem suddenly cropped up.
  While rebooting the system error is displayed saying - Atleast one of the driver is not installed.
  VMware is used to access the Hyperion Demo and when Planning application is started it gives the following error:
  Error starting the Planning application, review the event log for details
  We were using this Demo from some weeks and was able to access the workspace and others but from few days this issue is faced.
  Immediate response is highly appreciated as we are planning for a user demo in the weekend.
  Thanks,
  Ravi Kanth

  Hi Nofog / Goodwin,
  OLDAP is not running.
  Following errors are displayed:
  When VMWare is restarted: At least one service or driver failed during system startup. Use Event viewer to examine the Event log for details.
  OpenLDAP: Windows could not start the hyperion S9 OpenLDAP on Local Computer. For more information review the system even log. If this is not the microsoft service contact the service vendor, and refer to service specific code 21.
  Event log: The Hyperion S9 OpenLDAP service terminated with service - specific - erro 21 (0x15).
  Please let me know your email ids so that to send the screen shots.
  Thanks,
  Ravi

• Is possible control tape library slot 1 - 10 for file system backup

  hi ..
  i am new to osb , i just install and setup osb , i have a question as below , hope expert can help me
  env: testing
  rhel 5.5
  tape library with 20 slot
  file system backup
  1. is possible osb only use slot 1 - 10 for file system backup ? amanda can control slot x - slot y for the configuration .
  2. how do i label the tape for slot 1 - slot 10 by obtool ? how to control osb auto load the tape for next backup ? where to check the log say that next tape is tape-02 ?
  thanks ..

  hi dcooksey
  how do i use list for a tape drive...for example, if you want tape drive A to only use slots 1-10 from obtool or webtool ?
  becoz i new to backup solution & osb ( i always use ghost or acronis to clone the image ) , my thinking as below , pls correct me if i am wrong
  slot 1 - 10 for daily backup
  slot 11-16 for full system backup
  slot 17 - 20 reserve ( this tape only use for full system backup before perform any application upgrade patches , )
  daily backup mon - fri ( 2 week ) ( no backup on saturday and sunday ) , server application offline
  full system backup friday ( 1 , 14 on calendar ) every 2 week perform full system backup after daily backup completed
  for upgrade application ,
  perform full system backup after daily backup , then release the server to application team to perform upgrading .
  so how to set my media family for the above setting ? the slot configuration is control by media family ?
  hope you can help ...

• URM Adapter for File System issue.

  Hi, I am just starting out on using the URM Adapter for File System and I have a few questions about issues I am facing.
  1.     When I try to create multiple searches and map them to Folders/Retention Categories in URM, it does not work. I am able to map one search via one URM source to one Folder/Retention Category (without my custom attribute from question 1). However in Adapter’s Search Preview I am able to perform a search on the documents successfully. Would different searches require different URM sources in Adapter?
  2.     Does the adapter work with other Custom Attributes? I have added an attribute in addition and in the same way as "URMCrawlTimeGMT" is added in Oracle Secure Enterprise Search (I created a custom Document Service and Pipeline to add a metadata value) and in the URM Adapter’s config.properties file and when I create a search in Adapter based on the custom attribute, it does not map the documents into URM. I am however able to search the documents in Adapter’s Search Preview window with the custom attribute displaying correctly.
  Any help with this topic would be really appreciated. Thank you.
  Regards,
  Amar

  Hi Srinath,
  Thanks for the response, as to your questions,
  1. I am not sure how to enable Records Manager in adapter mode. But I am able to login to the Records Manager web page after starting it up through StartManagedWebLogic.cmd URM_server1.
  2. The contents of the file system should be searchable in Records Manager, and should be able to apply retention policies to the documents in the file system, I do not need to have SES, but apparently the adapter needs to have SES as a pre requisite.
  Upon further investigation I found that in the AGENT_DATA table the values being inserted were "User ID"(UA_KEY) and NULL(UA_VALUE), so I just made the UA_VALUE column nullable and I was able to pass that step. Is this the wrong approach to fix the issue.
  Could you please let me know about enabling Records Manager in adapter mode, I am not able to find documentation online, I have been through the Adapter installation and administration guides. Thank you once again.
  Regards,
  Amar

• SAP File System Access - SLD Naming Convention/Suggestions

  I would like to access our ECC file system to pick up files we will use to create Idocs.   
  I'm wondering the best way to describe the file system access in the SLD.   
  I have a business system for the main client on the ECC  system (BS_ED1CLNT010) for example but the OS isn't client specific.    I could use this as the Business System in the scenario and define a file adapter that connects to the unix server.
  Any thoughts?

  Maybe I didn't frame my question properly.  
  In the ECC system we have multiple clients (20,30,40, etc).  If I am going to post an Idoc to a client in this system I need to define each as a business system in the SLD and import this to the Integration Directory.    So I would have BS_XXXCLNT010, BS_XXXCLNT020, etc, one for each client.   These all share the same Technical System.    If I want to post an Idoc to a client on the ECC system I have to define a Business System and interface to that and every client that will receive an Idoc. (as well as the ALE settings on the ECC)
  Each of these reside on the same SAP server (sap00001 for example) and there is a directory (/public for example)  on this server.     This isn't client specific.  
  I wish to pick up a file from the ECC file system and post a client on the ECC system (maybe different ones based on the data in the file).   
  I don't want to define the file adapter under BS_XXXCLNT020 since it isn't specifc to client 020 although that would work.  
  Do I create a new TS in the SLD as third party, stand alone java, and a BS for that?    TS_XXX_FILESYSTE (3rd party).  BS_XXX_FILESYSTEM for the TS?
  I'm really looking for clarity in the definition of the SLD.

• Direct File System access problems from JAWS application

  Hello,
  I have built a Web Start application that consists of a Webserver (Jetty) ,
  a WAR file and a Java (main) class that deploys the web application on
  the server and starts the server. It all works fine, apart from the fact
  that I am getting java.security.AccessControlExceptions when I try to
  access the local filesystem or system variables like the java.io.tmpdir.
  I have signed all the jar files and I included the<security> <allpermissions />
  </security> tag in the jnlp file. Still, I can't seem to get out
  of the sandbox.
  I have read in this article (http://mindprod.com/jgloss/javawebstart.html)
  that direct file system access from a Web Start application is impossible
  (Quote: "There is still no way for even a signed JAWS app to
  find some persistent disk space in an easy way. It pretty well
  has to ask the user for the name of some directory to use.")
  Is this true?
  Thank you,
  Peter

  Hi Guys,
  I found a way to access the local filesystem...
  Besides signing all the jar files and including the<security><allpermissions /></security> tag in the jnlp file I have to include this line in the code I execute on the client machine:
  System.setSecurityManager(null);
  Regards,
  Peter

• Whether will falsh player support  Unrestricted File System Access in Full Trust ?if it will , when?

      I am doing a software based on Flash , to provide my customer to edit pictures online.
      In some scenario, to get Full Acess Local File is necessary. I find SliverLight 5.0 had supported such features:
  Unrestricted File System Access in Full Trust
  Full Trust in-browser for enterprise scenarios
  Default Filename in SaveFileDialog and OpenFileDialog
     I really desire those features , so , I am wondering whether adobe will support it .If will, when?

  Please read the below flash player administrator guide
  http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/devnet/flashplayer/pdfs/flas h_player_11_7_admin_guide.pdf
  check the section "The User FlashPlayerTrust directory". It will help.

• [Server 2008R2] Filter event logs for logged in users from clients on domain

  Hi All,
  I am looking for a script which can be run on a domain controller to check which user accounts logged in on the domain. I am looking for both the username and client. Reason why I need this is to check where service accounts are used.
  Thanks.
  Kind regards,
  Bart
  Bart Timmermans | Consultant at inovativ
  Follow me @
  My Blog | Linkedin |
  Twitter
  Please mark as Answer, if my post answers your Question. Vote as Helpful, if it is helpful to you.

  Hi Bart,
  To parse the event log, you can refer to the cmdlet "Get-WinEvent", and how to use this cmdlet to parse event log, please check this article, you can also add the "-computername" to query event log from remote computers:
  Use PowerShell Cmdlet to Filter Event Log for Easy Parsing
  To monitor the logon history, please check this function to start:
  function Get-Win7LogonHistory {
  $logons = Get-EventLog Security -AsBaseObject -InstanceId 4624,4647 |
  Where-Object { ($_.InstanceId -eq 4647) -or (($_.InstanceId -eq 4624) -and ($_.Message -match "Logon Type:\s+2")) -or (($_.InstanceId -eq 4624) -and ($_.Message -match "Logon Type:\s+10")) }
  $poweroffs = Get-EventLog System -AsBaseObject -InstanceId 41
  $events = $logons + $poweroffs | Sort-Object TimeGenerated
  if ($events) {
  foreach($event in $events) {
  # Parse logon data from the Event.
  if ($event.InstanceId -eq 4624) {
  # A user logged on.
  $action = 'logon'
  $event.Message -match "Logon Type:\s+(\d+)" | Out-Null
  $logonTypeNum = $matches[1]
  # Determine logon type.
  if ($logonTypeNum -eq 2) {
  $logonType = 'console'
  } elseif ($logonTypeNum -eq 10) {
  $logonType = 'remote'
  } else {
  $logonType = 'other'
  # Determine user.
  if ($event.message -match "New Logon:\s*Security ID:\s*.*\s*Account Name:\s*(\w+)") {
  $user = $matches[1]
  } else {
  $index = $event.index
  Write-Warning "Unable to parse Security log Event. Malformed entry? Index: $index"
  } elseif ($event.InstanceId -eq 4647) {
  # A user logged off.
  $action = 'logoff'
  $logonType = $null
  # Determine user.
  if ($event.message -match "Subject:\s*Security ID:\s*.*\s*Account Name:\s*(\w+)") {
  $user = $matches[1]
  } else {
  $index = $event.index
  Write-Warning "Unable to parse Security log Event. Malformed entry? Index: $index"
  } elseif ($event.InstanceId -eq 41) {
  # The computer crashed.
  $action = 'logoff'
  $logonType = $null
  $user = '*'
  # As long as we managed to parse the Event, print output.
  if ($user) {
  $timeStamp = Get-Date $event.TimeGenerated
  $output = New-Object -Type PSCustomObject
  Add-Member -MemberType NoteProperty -Name 'UserName' -Value $user -InputObject $output
  Add-Member -MemberType NoteProperty -Name 'ComputerName' -Value $env:computername -InputObject $output
  Add-Member -MemberType NoteProperty -Name 'Action' -Value $action -InputObject $output
  Add-Member -MemberType NoteProperty -Name 'LogonType' -Value $logonType -InputObject $output
  Add-Member -MemberType NoteProperty -Name 'TimeStamp' -Value $timeStamp -InputObject $output
  Write-Output $output
  } else {
  Write-Host "No recent logon/logoff events."
  Get-Win7LogonHistory
  Refer to:
  https://github.com/pdxcat/Get-LogonHistory/blob/master/Get-LogonHistory.ps1
  If there is anything else regarding this issue, please feel free to post back.
  If you have any feedback on our support, please click here.
  Best Regards,
  Anna Wang
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• Search for files by ACCESSED dates?

  Hi,
  I work in an art department that has a server full of advertisements, thousands of files, which are Illustrator and Photoshop files, TIFF and EPS files, and Freehand files. There hasn't been a good archive system in place here for years, so there's many needless files on the server that need to be archived.
  What I'm looking for is a way to search the ads folder on our server for files that haven't been accessed since a specified date (like two years). I don't mean last modified or created date, but accessed, because an ad in Illustrator may have a linked TIFF in it that was created or modified 5 years ago, but is still in use and accessed by Illustrator for ads currently running. I want to be able to archive the items that haven't been touched in a couple years without accidentally breaking links or having to do it manually through thousands of files.
  Is there no way in the Finder to do this?

  I don't have that many old files to play with it, but you can use the Finder's "Find…" to do a raw query of Spotlight's metadata. In the search terms, add a *Raw Query* type with something like *kMDItemLastUsedDate < $time.this_year(-2)* - this example will search for items with a last used date less than year 2005. The time and query syntax is explained a bit in [this developer document|http://developer.apple.com/documentation/Carbon/Conceptual/SpotlightQu ery/Concepts/QueryFormat.html#//apple_ref/doc/uid/TP40001849-CJBEJBHH].

• Intermedia text search error for file system

  I would like to search a text from a file. store in the file system. I have done the following procedures but when i create i get error.
  BEGIN
  CTX_DDL.CREATE_PREFERENCE('search_docroot_pref','FILE_DATASTORE');
  CTX_DDL.SET_ATTRIBUTE('search_docroot_pref','path','c:/temp/abc');
  END;
  Now when i create INDEX with following syntex
  CREATE INDEX mysearch_ind ON mytable(mycolumn) INDEXTYPE IS
  CTXSYS.context parameters('datastore search_docroot_pref');
  I get the following errors.
  ERROR at line 1:
  ORA-29855: error occurred in the execution of ODCIINDEXCREATE routine
  ORA-20000: interMedia Text error:
  DRG-50704: Net8 listener is not running or cannot start external procedures
  ORA-28575: unable to open RPC connection to external procedure agent
  ORA-06512: at "CTXSYS.DRUE", line 126
  ORA-06512: at "CTXSYS.TEXTINDEXMETHODS", line 54
  ORA-06512: at line 1
  Can any body tell me where i am wrong.
  Thanks,

  Hi
  I was aslo facing same problem.My net8 connection and listner is aslo ok. but getting same errors.
  Raju

• Home Hub 3 - no event log for a month

  I tried and failed to access the Hub Manager home page yesterday.
  I tried several PCs / operating systems / browsers without success.
  Eventually, I rebooted the router and managed to access the page.
  Having logged in I found that no entries had been added to the event log since the early hours of November 18th (just over a month ago) although the broadband has been working fine.
  Has anybody else had similar experiences? As a generally paranoid individual I am not too happy that there are missing event log items!!
  Thanks
  Brian

  Hi oldbak,
  Is this issue still apparent? Have you tried resetting the hub?
  Chris
  BT Mod team
  If you like a post, or want to say thanks for a helpful answer, please click on the Ratings star on the left-hand side of the post.
  If someone answers your question correctly please let other members know by clicking on ’Mark as Accepted Solution’.

• What is the minimum file system access needed to run ODI 10.1.3.4.0 client?

  Hi ODI discussion folks,
  I have a couple of questions from an Oracle partner that I'm trying to find a definitive answer for if possible. The partner is setting up ODI 10.1.3.4.0 for a customer who insists that the absolute minimum amount of access to the file system is granted due to corporate security policies.
  I have checked the bundled ODI documentation but couldn't really find anything about file system permissions needed to run the ODI client. I was pointed towards the "Setting Up Security for an Integration Project — What to Consider" document but this does not mention a great deal about how much access to the file system is needed for the ODI client to function.
  What the partner is asking is the following:
  "1. What are the minimum file/folder permissions needed for the ODI client installation? I'm installing at xxxxx
  and their machines have to be locked down as much as possible.
  2. Say you have 3 users all wanting to run integrations etc and the Master and Work
  repositories have been set up. An admin installs the ODI client but doesn't
  create the connection to the Master repository. What are the minimum
  file/folder permissions required on the client machine to:
  a) create the connection to the repository
  b) run any subsequent integrations?"
  If anyone can advise on this then that would be much appreciated.
  Regards
  Craig Huggans
  Oracle Hyperion Support
  Message was edited by:
  user648991

  Hi Craig,
  How are you?
  Let me try to contribute a little....
  1) The minimum requirement is for its own installation directory, there is no reason to have access to other directories unless if it is necessary to read files from some other directory at the client
  2) Again only to its own install directory. The connection setting is recorded at \bin install directory. After that, all information are recorded at repository, there is no client work.
  Be free to contact me by email or phone if you have any new doubt. You can get my email from my profile.
  Does it respond your doubts?
  Cezar Santos