Clear Event log

Similar Messages

• How to recover cleared event logs in windows server 2003 ?

  Hi All,
  i accidentally cleared all of event logs in my server, is there any solution or other thing that can recover it ?
  thank you
  Best Regard, Lim Siaw Liang

  pray hard that there will be no issues, and no one will look for the event logs.
  Once it's cleared, and that's it.
  Or if you have system restore checkpoints try it, shadow copy on your c drive could do something also.
  Every second counts..make use of it. Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  IT Stuff Quick Bytes

• Clearing Event log

  Shift LGLG does not seem to work on my 9105. Maybe this shortcut has changed since V6 of the os was installed? Or maybe I have to press these buttons from a particular screen?

  It's not the Shift key, but the Alt key, on other BlackBerry models.
  On the 9105, it is neither.
  View event logs on a BlackBerry® Pearl™ 9105 smartphone (14-key)
  Note: The BlackBerry® Pearl™ 9105 smartphone does not have an Alt key. The Alt function is activated using the Volume Up or Volume Down keys from the Home screen.
  To activate Alt, press the right side Volume keys in the following sequence: up, down, up, down, up.
  Note: the Alt icon should display in the top left corner of the screen.
  Type 55545554.
  Article ID: KB29215 How to view event logs on a BlackBerry smartphone
  1. If any post helps you please click the below the post(s) that helped you.
  2. Please resolve your thread by marking the post "Solution?" which solved it for you!
  3. Install free BlackBerry Protect today for backups of contacts and data.
  4. Guide to Unlocking your BlackBerry & Unlock Codes
  Join our BBM Channels (Beta)
  BlackBerry Support Forums Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• Version 6.84 produces many Event Logs

  I have just updated from 6.83 to 6.84 and, although the software appears to be working fine, I am getting several events logged in the Application Event Log when my 6131 synchronises.
  Event 1004
  User NT AUTHORITY\NETWORK SERVICE
  Detection of product '{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}', feature 'PCSuite', component '{9B373FD2-8E0A-4A76-80C7-63B6521FD237}' failed. The resource 'HKEY_CURRENT_USER\Software\Nokia\' does not exist.
  Event 1001
  User NT AUTHORITY\NETWORK SERVICE
  Detection of product '{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}', feature 'Platform' failed during request for component '{7BA39C00-ED40-417C-8C5C-3804B2DDD646}'
  Event 1004
  User JSSOLUTIONS\John Smith
  Detection of product '{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}', feature 'PCSuite', component '{9B373FD2-8E0A-4A76-80C7-63B6521FD237}' failed. The resource 'HKEY_CURRENT_USER\Software\Nokia\' does not exist.
  Event 1001
  User JSSOLUTIONS\John Smith
  Detection of product '{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}', feature 'Platform' failed during request for component '{7BA39C00-ED40-417C-8C5C-3804B2DDD646}'
  These 4 Event Log entries are repeated 3 more times.
  I have tried uninstalling and reinstalling but to no avail.
  I have checked the Registry and HKEY_CURRENT_USER\Software\Nokia\ does exist.
  I have tried adding premissions to this key for NETWORK SERVICE (John Smith already has full premissions) again to no avail.
  I am running version 6.84.10.3 of PC Suite and Windows XP Professional SP2.
  Whilst this is not a big issue as the software appears to be working fine, I do like to keep clear Event Logs so would appreciate any help in getting rid of these annoying entries.
  Many thanks.

  Hi,
  I tried to follow the post of miksu and patched with 6.84.10.4 but still the same problems...
  /discussions/board/message?board.id=pcsuite&message.id=19801
  So, like Jssolutions I reinstalled a previous version of Nokia PC Suite (v6.83.14.1). It works fine now... no more Event Logs
  This former version can be downloaded on http://nds1.nokia.com/files/support/global/phones/software/Nokia_PC_Suite_683_rel_14_1_eng_web.exeMessage Edited by rabbyn on 23-Sep-200706:44 PM

• File history stopped working after a warning message in the event log

  I have encountered this twice that File history stopped working, the event log says:
  Unusual condition was encountered during finalization of a backup cycle for configuration C:\Users\xxxx\AppData\Local\Microsoft\Windows\FileHistory\Configuration\Config
  If I re-run it, it consumes the backup disk space but still failed to backup.
  I have to manually delete all backup, turn off File History and re-configure it again to make it work.
  This happened twice already, so all my file history lost after re-config.
  Anyone encounter the same situation?

  MICROSOFT is plagued by idiots!!!!
  - Just turn it off
  - then click  "select drive"
  - and when it asks you the retarded question... just click >>>>>"NO"<<<<<<<    -_-
  Seriously... this is the answer.... frigging retards at microsoft... to think it takes an army of programmers and billions of dollars to create such idiocy!
  http://answers.microsoft.com/en-us/windows/forum/windows_8-performance/cannot-change-drive-in-file-history-windows-8/6dbeca54-d05e-4f93-9262-45a56d6a82d1?page=2&msgId=f1792c5e-c5d0-4163-b449-c7165d72f88d&tab=question&status=AllReplies&status=AllReplies%2CAllReplies
  I cant believe these morons put everyone through such hell and then don't even bother to follow up with the correct solution.
  To top it of the moron moderator marks this as an answer??!!!
  What a pathetic joke - I hope everyone reads this message before being punished by the miles of bullcrap in this thread -_-
  Microsoft = ridiculous
  Thanks! I guess the TL;DR version is "to change your file history drive you need to discard the current temp files."
  Exactly :)
  It's the bad wording in the messages.
  the first message (which I can only vaguely remember so can't quote exactly) that gives you the impression you can continue
  something but doesn't make clear that to so will need the "old drive" configured the way the "old drive" was.
  Then the next message is just confusing:
  “we can't copy files to this location.  Your current File History drive is disconnected.  Reconnect the drive and try again” 
  sounds like 
  “we can't copy files to this location. [because there's a problem with the new location]
  Your current File History drive is disconnected. [the new location is disconnected]
  Reconnect the drive and try again [reconnect your new location and try again]” 
  When it should be reworded to say something along the lines of (in more formal language):
  "You asked us to continue...give us the drive you were previously using...or if it's no longer available, click here to start from scratch"
  (I know that's all the opposite of tldr but I'm trying again to put into words what I think was happening).

• Script to Export Pervious Day Events Logs to CSV

  HI,
  I am trying to export all the previous day's application event logs to a CSV file. I found the following script on net. But for this script to work I need to enter in the Event ID's I wont to export. Does anyone have any idea how I can change thsi script
  to export all event ID's or have another script that can?
  'Description : This script queries the event log for...whatever you want it to! Just set the event 'log name and event ID's!
  'Initialization  Section
  Option Explicit
  Const ForReading   = 1
  Const ForWriting   = 2
  Const ForAppending = 8
  Dim objDictionary, objFSO, wshShell, wshNetwork
  Dim scriptBaseName, scriptPath, scriptLogPath
  Dim ipAddress, macAddress, item, messageType, message
  On Error Resume Next
     Set objDictionary = NewDictionary
     Set objFSO        = CreateObject("Scripting.FileSystemObject")
     Set wshShell      = CreateObject("Wscript.Shell")
     Set wshNetwork    = CreateObject("Wscript.Network")
     scriptBaseName    = objFSO.GetBaseName(Wscript.ScriptFullName)
     scriptPath        = objFSO.GetFile(Wscript.ScriptFullName).ParentFolder.Path
     scriptLogPath     = scriptPath & "\" & IsoDateString(Now)
     If Err.Number <> 0 Then
        Wscript.Quit
     End If
  On Error Goto 0
  'Main Processing Section
  On Error Resume Next
     PromptScriptStart
     ProcessScript
     If Err.Number <> 0 Then
        MsgBox BuildError("Processing Script"), vbCritical, scriptBaseName
        Wscript.Quit
     End If
     PromptScriptEnd
  On Error Goto 0
  'Functions Processing Section
  'Name       : ProcessScript -> Primary Function that controls all other script processing.
  'Parameters : None          ->
  'Return     : None          ->
  Function ProcessScript
     Dim hostName, logName, startDateTime, endDateTime
     Dim events, eventNumbers, i
     hostName      = wshNetwork.ComputerName
     logName       = "application"
     eventNumbers  = Array("1001","1")
     startDateTime = DateAdd("n", -21600, Now)
     'Query the event log for the eventID's within the specified event log name and date range.
     If Not QueryEventLog(events, hostName, logName, eventNumbers, startDateTime) Then
        Exit Function
     End If
     'Log the scripts results to the scripts
     For i = 0 To UBound(events)
        LogMessage events(i)
     Next
  End Function
  'Name       : QueryEventLog -> Primary Function that controls all other script processing.
  'Parameters : results       -> Input/Output : Variable assigned to an array of results from querying the event log.
  '           : hostName      -> String containing the hostName of the system to query the event log on.
  '           : logName       -> String containing the name of the Event Log to query on the system.
  '           : eventNumbers  -> Array containing the EventID's (eventCode) to search for within the event log.
  '           : startDateTime -> Date\Time containing the date to finish searching at.
  '           : minutes       -> Integer containing the number of minutes to subtract from the startDate to begin the search.
  'Return     : QueryEventLog -> Returns True if the event log was successfully queried otherwise returns False.
  Function QueryEventLog(results, hostName, logName, eventNumbers, startDateTime)
     Dim wmiDateTime, wmi, query, eventItems, eventItem
     Dim timeWritten, eventDate, eventTime, description
     Dim eventsDict, eventInfo, errorCount, i
     QueryEventLog = False
     errorCount    = 0
     If Not IsArray(eventNumbers) Then
        eventNumbers = Array(eventNumbers)
     End If
     'Construct part of the WMI Query to account for searching multiple eventID's
     query = "Select * from Win32_NTLogEvent Where Logfile = " & SQ(logName) & " And (EventCode = "
     For i = 0 To UBound(eventNumbers)
        query = query & SQ(eventNumbers(i)) & " Or EventCode = "
     Next
     On Error Resume Next
        Set eventsDict = NewDictionary
        If Err.Number <> 0 Then
           LogError "Creating Dictionary Object"
           Exit Function
        End If
        Set wmi = GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!\\" & hostName & "\root\cimv2")
        If Err.Number <> 0 Then
           LogError "Creating WMI Object to connect to " & DQ(hostName)
           Exit Function
        End If
        'Create the "SWbemDateTime" Object for converting WMI Date formats. Supported in Windows Server 2003 & Windows XP.
        Set wmiDateTime = CreateObject("WbemScripting.SWbemDateTime")
        If Err.Number <> 0 Then
           LogError "Creating " & DQ("WbemScripting.SWbemDateTime") & " object"
           Exit Function
        End If
        'Build the WQL query and execute it.
        wmiDateTime.SetVarDate startDateTime, True
        query          = Left(query, InStrRev(query, "'")) & ") And (TimeWritten >= " & SQ(wmiDateTime.Value) & ")"
        Set eventItems = wmi.ExecQuery(query)
        If Err.Number <> 0 Then
           LogError "Executing WMI Query " & DQ(query)
           Exit Function
        End If
        'Convert the property values of Each event found to a comma seperated string and add it to the dictionary.
        For Each eventItem In eventItems
           Do
              timeWritten = ""
              eventDate   = ""
              eventTime   = ""
              eventInfo   = ""
              timeWritten = ConvertWMIDateTime(eventItem.TimeWritten)
              eventDate   = FormatDateTime(timeWritten, vbShortDate)
              eventTime   = FormatDateTime(timeWritten, vbLongTime)
              eventInfo   = eventDate                          &
              eventInfo   = eventInfo & eventTime              & ","
              eventInfo   = eventInfo & eventItem.SourceName   & ","
              eventInfo   = eventInfo & eventItem.Type         & ","
              eventInfo   = eventInfo & eventItem.Category     & ","
              eventInfo   = eventInfo & eventItem.EventCode    & ","
              eventInfo   = eventInfo & eventItem.User         & ","
              eventInfo   = eventInfo & eventItem.ComputerName & ","
              description = eventItem.Message
              'Ensure the event description is not blank.
              If IsNull(description) Then
                 description = "The event description cannot be found."
              End If
              description = Replace(description, vbCrLf, " ")
              eventInfo   = eventInfo & description
              'Check if any errors occurred enumerating the event Information
              If Err.Number <> 0 Then
                 LogError "Enumerating Event Properties from the " & DQ(logName) & " event log on " & DQ(hostName)
                 errorCount = errorCount + 1
                 Err.Clear
                 Exit Do
              End If
              'Remove all Tabs and spaces.
              eventInfo = Trim(Replace(eventInfo, vbTab, " "))
              Do While InStr(1, eventInfo, "  ", vbTextCompare) <> 0
                 eventInfo = Replace(eventInfo, "  ", " ")
              Loop
              'Add the Event Information to the Dictionary object if it doesn't exist.
              If Not eventsDict.Exists(eventInfo) Then
                 eventsDict(eventsDict.Count) = eventInfo
              End If
           Loop Until True
        Next
     On Error Goto 0
     If errorCount <> 0 Then
        Exit Function
     End If
     results       = eventsDict.Items
     QueryEventLog = True
  End Function
  'Name       : ConvertWMIDateTime -> Converts a WMI Date Time String into a String that can be formatted as a valid Date Time.
  'Parameters : wmiDateTimeString  -> String containing a WMI Date Time String.
  'Return     : ConvertWMIDateTime -> Returns a valid Date Time String otherwise returns a Blank String.
  Function ConvertWMIDateTime(wmiDateTimeString)
     Dim integerValues, i
     'Ensure the wmiDateTimeString contains a "+" or "-" character. If it doesn't it is not a valid WMI date time so exit.
     If InStr(1, wmiDateTimeString, "+", vbTextCompare) = 0 And _
        InStr(1, wmiDateTimeString, "-", vbTextCompare) = 0 Then
        ConvertWMIDateTime = ""
        Exit Function
     End If
     'Replace any "." or "+" or "-" characters in the wmiDateTimeString and check each character is a valid integer.
     integerValues = Replace(Replace(Replace(wmiDateTimeString, ".", ""), "+", ""), "-", "")
     For i = 1 To Len(integerValues)
        If Not IsNumeric(Mid(integerValues, i, 1)) Then
           ConvertWMIDateTime = ""
           Exit Function
        End If
     Next
     'Convert the WMI Date Time string to a String that can be formatted as a valid Date Time value.
     ConvertWMIDateTime = CDate(Mid(wmiDateTimeString, 5, 2)  & "/" & _
                                Mid(wmiDateTimeString, 7, 2)  & "/" & Left(wmiDateTimeString,
  4) & " " & _
                                Mid(wmiDateTimeString, 9, 2)  & ":" & _
                                Mid(wmiDateTimeString, 11, 2) & ":" & _
                                Mid(wmiDateTimeString, 13, 2))
  End Function
  'Name       : NewDictionary -> Creates a new dictionary object.
  'Parameters : None          ->
  'Return     : NewDictionary -> Returns a dictionary object.
  Function NewDictionary
     Dim dict
     Set dict          = CreateObject("scripting.Dictionary")
     dict.CompareMode  = vbTextCompare
     Set NewDictionary = dict
  End Function
  'Name       : SQ          -> Places single quotes around a string
  'Parameters : stringValue -> String containing the value to place single quotes around
  'Return     : SQ          -> Returns a single quoted string
  Function SQ(ByVal stringValue)
     If VarType(stringValue) = vbString Then
        SQ = "'" & stringValue & "'"
     End If
  End Function
  'Name       : DQ          -> Place double quotes around a string and replace double quotes
  '           :             -> within the string with pairs of double quotes.
  'Parameters : stringValue -> String value to be double quoted
  'Return     : DQ          -> Double quoted string.
  Function DQ (ByVal stringValue)
     If stringValue <> "" Then
        DQ = """" & Replace (stringValue, """", """""") & """"
     Else
        DQ = """"""
     End If
  End Function
  'Name       : IsoDateTimeString -> Generate an ISO date and time string from a date/time value.
  'Parameters : dateValue         -> Input date/time value.
  'Return     : IsoDateTimeString -> Date and time parts of the input value in "yyyy-mm-dd hh:mm:ss" format.
  Function IsoDateTimeString(dateValue)
     IsoDateTimeString = IsoDateString (dateValue) & " " & IsoTimeString (dateValue)
  End Function
  'Name       : IsoDateString -> Generate an ISO date string from a date/time value.
  'Parameters : dateValue     -> Input date/time value.
  'Return     : IsoDateString -> Date part of the input value in "yyyy-mm-dd" format.
  Function IsoDateString(dateValue)
     If IsDate(dateValue) Then
        IsoDateString = Right ("000" &  Year (dateValue), 4) & "-" & _
                        Right (  "0" & Month (dateValue), 2) & "-" & _
                        Right (  "0" &   Day (dateValue), 2)
     Else
        IsoDateString = "0000-00-00"
     End If
  End Function
  'Name       : IsoTimeString -> Generate an ISO time string from a date/time value.
  'Parameters : dateValue     -> Input date/time value.
  'Return     : IsoTimeString -> Time part of the input value in "hh:mm:ss" format.
  Function IsoTimeString(dateValue)
     If IsDate(dateValue) Then
        IsoTimeString = Right ("0" &   Hour (dateValue), 2) & ":" & _
                        Right ("0" & Minute (dateValue), 2) & ":" & _
                        Right ("0" & Second (dateValue), 2)
     Else
        IsoTimeString = "00:00:00"
     End If
  End Function
  'Name       : LogMessage -> Writes a message to a log file.
  'Parameters : logPath    -> String containing the full folder path and file name of the Log file without with file extension.
  '           : message    -> String containing the message to include in the log message.
  'Return     : None       ->
  Function LogMessage(message)
     If Not LogToCentralFile(scriptLogPath & ".csv", IsoDateTimeString(Now) & "," & message) Then
        Exit Function
     End If
  End Function
  'Name       : LogError -> Writes an error message to a log file.
  'Parameters : logPath  -> String containing the full folder path and file name of the Log file without with file extension.
  '           : message  -> String containing a description of the event that caused the error to occur.
  'Return     : None       ->
  Function LogError(message)
     If Not LogToCentralFile(scriptLogPath & ".err", IsoDateTimeString(Now) & "," & BuildError(message)) Then
        Exit Function
     End If
  End Function
  'Name      : BuildError -> Builds a string of information relating to the error object.
  'Parameters: message    -> String containnig the message that relates to the process that caused the error.
  'Return    : BuildError -> Returns a string relating to error object.  
  Function BuildError(message)
     BuildError = "Error " & Err.Number & " (Hex " & Hex(Err.Number) & ") " & message & ". " & Err.Description
  End Function
  'Name       : LogToCentralFile -> Attempts to Appends information to a central file.
  'Parameters : logSpec          -> Folder path, file name and extension of the central log file to append to.
  '           : message          -> String to include in the central log file
  'Return     : LogToCentralFile -> Returns True if Successfull otherwise False.
  Function LogToCentralFile(logSpec, message)
     Dim attempts, objLogFile
     LogToCentralFile = False
     'Attempt to append to the central log file up to 10 times, as it may be locked by some other system.
     attempts = 0
     Do
        On Error Resume Next
           Set objLogFile = objFSO.OpenTextFile(logSpec, ForAppending, True)
           If Err.Number = 0 Then
              objLogFile.WriteLine message
              objLogFile.Close
              LogToCentralFile = True
              Exit Function
           End If
        On Error Goto 0
        Randomize
        Wscript.sleep 1000 + Rnd * 100
        attempts = attempts + 1
     Loop Until attempts >= 10
  End Function
  'Name       : PromptScriptStart -> Prompt when script starts.
  'Parameters : None
  'Return     : None
  Function PromptScriptStart
     MsgBox "Now processing the " & DQ(Wscript.ScriptName) & " script.", vbInformation, scriptBaseName
  End Function
  'Name       : PromptScriptEnd -> Prompt when script has completed.
  'Parameters : None
  'Return     : None
  Function PromptScriptEnd
     MsgBox "The " & DQ(Wscript.ScriptName) & " script has completed successfully.", vbInformation, scriptBaseName
  End Function
  Thanks

  Here is a script that will copy the previous days events and save them to "C:\". The file name be yesterdays date ex "04-18-2010-Events.csv"
  Const strComputer = "."
  Dim objFSO, objWMIService, colEvents, objEvent, outFile
  Dim dtmStartDate, dtmEndDate, DateToCheck, fileDate
  Set objFSO = CreateObject("Scripting.FileSystemObject")
  Set dtmStartDate = CreateObject("WbemScripting.SWbemDateTime")
  Set dtmEndDate = CreateObject("WbemScripting.SWbemDateTime")
  'change the date form "/" to "-" so it can be used in the file name
  fileDate = Replace(Date - 1,"/","-")
  Set outFile = objFSO.CreateTextFile("C:\" & fileDate & "-Events.csv",True)
  DateToCheck = Date - 1
  dtmEndDate.SetVarDate Date, True
  dtmStartDate.SetVarDate DateToCheck, True
  Set objWMIService = GetObject("winmgmts:" _
  & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
  Set colEvents = objWMIService.ExecQuery _
  ("Select * from Win32_NTLogEvent Where TimeWritten >= '" _
  & dtmStartDate & "' and TimeWritten < '" & dtmEndDate & "'")
  For each objEvent in colEvents
  outFile.WriteLine String(100,"-")
  outFile.WriteLine "Category = " & objEvent.Category
  outFile.WriteLine "ComputerName = " & objEvent.ComputerName
  outFile.WriteLine "EventCode = " & objEvent.EventCode
  outFile.WriteLine "Message = " & objEvent.Message
  outFile.WriteLine "RecordNumber = " & objEvent.RecordNumber
  outFile.WriteLine "SourceName = " & objEvent.SourceName
  outFile.WriteLine "TimeWritten = " & objEvent.TimeWritten
  outFile.WriteLine "Type = " & objEvent.Type
  outFile.WriteLine "User = " & objEvent.User
  outFile.WriteLine String(100,"-")
  Next
  outFile.Close
  MsgBox "Finished!"
  v/r LikeToCode....Mark the best replies as answers.

• Home Hub 3. Constant connectivity loss. Event log ...

  Trying to get any kind of service out of my BT Infinity provision nowadays is like trying to arrange a tsunami in a desert.
  Time after time after time after time, the Internet is working normally but then a page refuses to refresh and attempts to open another website result only in 'page not found' even though the Internet-connection  icon is glowing steadily in the tray, and when I ask Windows to check on things, it reports that no problems have been found and the connection is working normally.
  Except, of course, it isn't.  I am not a technical expert and therefore haven't much of a clue where to start with this. My Vista OS runs with Panda Cloud AV and Malwarebytes PRO and Windows Firewall, all three of which have always played nicely. Prior to switching to BT Infinity, I had 'ordinary' BT broadband via a Netgear wireless router. The service was trouble-free.
  This morning, I decided to delve into BT Home Hub Manager to re-set to factory default. That in itself took some doing because clicking on the  Firefox bookmark got me nowhere at all: I had to sit here and wait for 10 minutes before the Hub page suddenly appeared as if out of nowhere.
  I found in the event logs a seemingly unending chain of firewall related reports. Rather than read 'em all, I just hit re-set and whoa-hey, after a 5 or 6 minute wait, everything was fine and dandy again. . .
  Until, 20 minutes later, it wasn't. Despite the re-set, Internet connectivity was shot to pieces. I'm on Amazon UK and click to open a new page in a new tab: Page Not Found. On the BBC News website, click on a link to open in a new tab: Page Not Found. Reload any of those exisdting, open pages and the reload circle just spins and spins until. . . Page Not Found.
  Unfortunately, I can't make head nor tail of the log reports in the Firewall section, but typically they read:
  IN: BLOCK [16] Remote administration
  BLOCKED  1 more packet [because of Remote Administration]
  IN: BLOCK [9] Packet invalid in connection
  BLOCKED  4 more packets (because of Packet invalid in connection)
  IN: BLOCK [9] Packet invalid in connection
  BLOCKED  20 more packets (because of Packet invalid in connection)
  BLOCKED 40 more packets (becuase of Packet invalid in connection)
  And so it goes on. . . and on. It's not even clear to me if the Home Hub is doing the blocking anyway, but if it is, then I can't begin to figure out why websites like Amazon UK, BBC News, Speedtest and even Google Maps should be BLOCKED.
  Help appreciated. . . always assuming, this post actually gets through -- I've no idea if this page has gone down or not, because though it's on-screen, that no longer means anything at all.

  Thanks, Ray. Just managed to get back on here, there's been virtually no connectivity at all. One odd thing has been that the Home Hub Manager has opened OK. But it is no longer in agreement with the computer about whether or not connectivity exists. For example:
  1) Click on disconnect in HH Manager, and it reports that the task has been achieved and the button changes to 'connect'.
  But no disconnection has occurred. The Internet icon is still in the tray in its 'connected' state. And it's possible to go on the Net and briefly open up a website that isn't in the FF cache.   But then everything fails again. Alternatively:
  2) Click 'disconnect' in the tray control and the icon changes shows a bid red x. But the HH Manager doesn't agree. It continues to report that the computer is connected to the Internet.
  I'm baffled and wearied. I'll have to relocate the Infinity set-up from downstairs to where this computer is; I'm assuming, I leave the modem in place (the new white flat thing the engineer brought when he installed Infinity)and just disconnect the black HH3 and brin g it upstairs and plug it into the PC?
  Thanks for your help, much appreciated.

• BizTalk 2006 Event Log Warnings - Cannot insert duplicate key row in object 'dta_MessageFieldValues' with unique index 'IX_MessageFieldValues'.

  We have been seeing the following 'warnings' in the event log of our BizTalk machine since upgrading to BTS 2006. They seem to occur randomly 6 or 8 times per day.
  Does anyone know what this means and what needs to be done to clear it up? we have only one BizTalk server which is running on only one machine.
  I am new to BizTalk, so I am unable to find how many tracking host instances running for BizTalk server. Also, can you please let me know that we can configure only one instance for one server/machine?
  Source: BAM EventBus Service
  Event: 5
  Warning Details: Execute batch error. Exception information: TDDS failed to batch execution of streams. SQLServer: bizprod, Database: BizTalkDTADb.Cannot insert duplicate key row in object 'dta_MessageFieldValues'
  with unique index 'IX_MessageFieldValues'. The statement has been terminated..

  Other than ensuring that there exists a separate and single tracking host instance, you're getting an error about duplicate keys.. which implies that you're trying to Create a BAM Activity twice with the same data.
  I suggest you have a in-depth examination of the BAM (TPE or API) associated with the orchestration. In TPE ensure that the first binding you select is the "Instance Id" or "Message Id" before going ahead to map the ports or others.
  Regards.

• 1100 Event Log Errors After Upgrade

  We've upgraded some Cisco Aironet 1100 access points to Firmware Version 12.3(8)JA2. Since the upgrade we've seen several connectivity problems with Dell Axims get cleared up however the event log for each of the access points shows this error message every three seconds: "System running-config write error; configuration failed" and this critical message every thirty seconds: "Memory allocation of 900000 bytes failed from 0x22DD2C, alignment 0".
  The access points appear to be working well, however, the fact that we're getting these kinds of error must mean something is going on in the devices.
  I can't find any information in the documentation about this...does anyone have any ideas what these messages are telling us?
  Thanks!
  ==Danny

  Oddly enough, this is the most stable AP we have! A PDA can connect to it and stay connnected, whereas our other 1100s (which have not been upgraded and generate the same error messages but only once or twice a day)will permit a device to connect then boot it off after a few seconds to several minutes. We thought the upgrade would make the AP connections more stable but were surprised to see the error messages being generated so rapidly.

• ESE - Event Log Warning: 906 - A significant portion of the database buffer cache has been written out to the system paging file...

  Hello -
  We have 3 x EX2010 SP3 RU5 nodes in a cross-site DAG.
  Multi-role servers with 18 GB RAM [increased from 16 GB in an attempt to clear this warning without success].
  We run nightly backups on both nodes at the Primary Site.
  Node 1 backup covers all mailbox databases [active & passive].
  Node 2 backup covers the Public Folders database.
  The backups for each database are timed so they do not overlap.
  During each backup we get several of these event log warnings:
   Log Name:      Application
   Source:        ESE
   Date:          23/04/2014 00:47:22
   Event ID:      906
   Task Category: Performance
   Level:         Warning
   Keywords:      Classic
   User:          N/A
   Computer:      EX1.xxx.com
   Description:
   Information Store (5012) A significant portion of the database buffer cache has been written out to the system paging file.  This may result  in severe performance degradation.
   See help link for complete details of possible causes.
   Resident cache has fallen by 42523 buffers (or 27%) in the last 903 seconds.
   Current Total Percent Resident: 26% (110122 of 421303 buffers)
  We've rescheduled the backups and the warning message occurences just move with the backup schedules.
  We're not aware of perceived end-user performance degradation, overnight backups in this time zone coincide with the business day for mailbox users in SEA.
  I raised a call with the Microsoft Enterprise Support folks, they had a look at BPA output and from their diagnostics tool. We have enough RAM and no major issues detected.
  They suggested McAfee AV could be the root of our problems, but we have v8.8 with EX2010 exceptions configured.
  Backup software is Asigra V12.2 with latest hotfixes.
  We're trying to clear up these warnings as they're throwing SCOM alerts and making a mess of availability reporting.
  Any suggestions please?
  Thanks in advance

  Having said all that, a colleague has suggested we just limit the amount of RAM available for the EX2010 DB cache
  Then it won't have to start releasing RAM when the backup runs, and won't throw SCOM alerts
  This attribute should do it...
  msExchESEParamCacheSizeMax
  http://technet.microsoft.com/en-us/library/ee832793.aspx
  Give me a shout if this is a bad idea
  Thanks

• NetBT 4321 Errors in Member Server's System Event Logs

  Hi,
  I've searched high and low and can't find a resolution to this issue.  We have approximately 30 windows server 2003 servers, most R2, all SP2.  We have 2 domain controllers - 10.0.0.10 & 10.0.0.11 (the first one holds the PDC role).
  In the System event log of nearly all the member servers is the NetBT 4321 error, with the following text:
  "The name "OURDOMAIN :1d" could not be registered on the Interface with IP address 10.0.0.43. The machine with the IP address 10.0.0.10 did not allow the name to be claimed by this machine."
  On each machine the first IP mentioned is always that machine's IP (10.0.0.43 in this case), with the second one (the one not allowing 1d to be registered) being the PDC emulator's IP (10.0.0.10).  Now I can understand why this is failing - these machines are all on the same subnet and I would guess that the domain (1d) should only be registered by the PDC emulator anyway.  What I can't work out is why these errors started appearing about 3 months ago - we can't work out what, if any, change occured at that time.
  We run a DNS-only environment (no WINS), 2k3 Native domain.  We're looking to upgrade to a 2k8 Native domain (ie upgrading our DCs) but are wanting to get this niggling issue sorted first.
  Any help would be much appreciated.
  Regards,
  Ben N.

  Hi,
  At some stage I've not been clear - no we most certainly don't have two IPs per server - the two IPs together above are the two domain controllers.
  Here's the IPconfig:
  DOMAIN CONTROLLER:
  Windows IP Configuration
  Host Name . . . . . . . . . . . . : svrdomain1
  Primary Dns Suffix . . . . . . . : us.local
  Node Type . . . . . . . . . . . . : Unknown
  IP Routing Enabled. . . . . . . . : No
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . : us.local
  Ethernet adapter Local Area Connection 3:
  Connection-specific DNS Suffix . :
  Description . . . . . . . . . . . : HP Network Team #1
  Physical Address. . . . . . . . . : 00-0B-CD-23-12-F9
  DHCP Enabled. . . . . . . . . . . : No
  IP Address. . . . . . . . . . . . : 10.0.0.10
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 10.0.0.1
  DNS Servers . . . . . . . . . . . : 10.0.0.10
  10.0.0.11
  PROBLEMATIC SERVER:
  Windows IP Configuration
  Host Name . . . . . . . . . . . . : svrfile1
  Primary Dns Suffix . . . . . . . : us.local
  Node Type . . . . . . . . . . . . : Broadcast
  IP Routing Enabled. . . . . . . . : No
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . : us.local
  Ethernet adapter Local Area Connection:
  Connection-specific DNS Suffix . :
  Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
  Physical Address. . . . . . . . . : 00-50-56-89-14-79
  DHCP Enabled. . . . . . . . . . . : No
  IP Address. . . . . . . . . . . . : 10.0.0.43
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 10.0.0.1
  DNS Servers . . . . . . . . . . . : 10.0.0.10
  10.0.0.11
  Thanks,
  Ben.

• WLSE2.13 event log

  I have upgraded WLSE to version 2.13.
  After upgrading, "Unable to verify MFP configuration","MFP Timebase Invalid (bad SNTP), Device was not reachable via SNMP" these messages are logging so many on WLSE fault status. What are these mean and How to solve this problems.
  and "Client MAC Spoofing Detected on 004096ae4f8f , and on AP" this message also show up too many.What is this mean and what should i do clear this fault event log?

  For both faults, refer to Table 2-3 in Fault FAQ: http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cwparent/cw_1105/wlse/2_13/ts_gd/faults.htm for details on Fault Description, Explanation, Related Setting and Recommended Action

• Essential event viewer bugs with "Forwarded Events" log in Windows Server 2008 R2 and Windows 7

  To my general experience, Windows event viewer is one of the most problematic, faulty management tools in the case of extensive use of its more sophisticated capabilities. The sole description as well as reproduction of some entangled failures would require
  remarkable effort.
  With the "Forwarded Events" log however, the situation becomes particularly worse in that even simple functionality fails and workarounds are difficult to find. That’s what I’ll describe here in order to share my experience with interested users.
  For precision: I’ve extensively used event viewer on a German Windows Server 2008 R2 SP1 (Windows SBS 2011 Standard SP1). The bugs I found on that system, I could reproduce on a German Windows 7 Professional 64-Bit SP1, too.
  Problem 1: Failure of even simple event filtering
  To reproduce this problem, execute these steps on a test machine with any of the two OS mentioned above:
  (i) To prepare log contents, do either of the following:
  (a) populate some events to your local "Forwarded Events" log (most simply by subscribing events from other logs of the same machine; stop subscription if you have collected some events)
  Or
  (b) copy a non-empty log file "ForwardedEvents.evtx" from another machine (with any of the two OS mentioned above) to your test machine and open the file in event viewer.
  (ii) Navigate to your "Forwarded Events" test log and open the filtering dialog. In the "Includes/Excludes Event IDs" field, type: 1-9000. Click OK.
  (iii) Look at the results pane: Surprise, 0 Events! Do you really have no event IDs between 1 and 9000 in your test log?
  (iv) Another example, if you have forwarded security events in your test log: Clear filter, if any previous filter is in place. Open the filtering dialog. In "Keywords" sub-dialog, choose "Audit Success". Click OK.
  (v) Look at the results pane: Surprise, 0 Events! Do you really have no successful security monitoring events in your test log?
  I’ll finish here. If you have a rich variety of events in your test log available, let your imagination run wild to test around. Finally include some simple manually created or modified XPath filters on the XML tab of the filtering dialog. I promise, you’ll
  find a lot of additional strange results.
  Problem 2: Cannot save manually selected events to .evtx file
  Navigate to your "Forwarded Events" test log. In the results pane, select one or more events by highlighting them by mouse clicks. In context menu, choose "Save selected events". In the "save as" dialog, choose file type *.evtx
  and save your file. Open the newly created file in event viewer. Result: Surprise, no events inside the new file!
  Have more fun with forwarded events
  Helmut

  Did you mean that right click Forwarded Event and select "Filter Current Log..."? Since I can filter correct event vai the "Filter Current Log..." in my Lab environment.
  Hi Justin,
  yes, I mean "Filter Current Log ... " (in my German systems: "Aktuelles Protokoll filtern ... ").
  What do you mean with "my Lab environment" exactly?
  In the meantime, I performed additional tests. I copied the "ForwardedEvents.evtx" test file from Server 2008 R2 resp. Windows 7 to
  (i) German Windows 8 Pro 64-Bit RTM
  (ii) German Windows 8.1 Pro 64-Bit, up-to-date
  in order to view and filter the file there.
  Results: Same event viewer problem on Windows 8 RTM, but correct behavior on Windows 8.1!
  Best regards, Helmut

• Methods for Remote Event Log Collection (WMI vs RPC vs WinRM)

  Hi,
  I'm currently evaluating several 3rd party tools (SIEMs) to help me with log management in a large (mostly) Windows domain environment. Each tool uses a different approach to collecting the event log from remote systems, and I'd like help understanding the
  pros and cons of each approach. I've dropped this in the scripting forum as the tools are essentially running different scripts and it's this part I would like to understand.
  WMI: An agent installed on a windows server connects to each monitored box and grabs their event logs via WMI. Our legacy SIEM already collects from over 2000 servers using this method.
  RPC: As above, but using RPC. No changes required on the remote machines.
  WinRM: An appliance integrates with AD and collects event logs remotely using WinRM. This is reasonably new to me (i'm a security guy, not a sys admin) but I seem to have to enable an additional remote management tool, and open a new listening port on every
  single machine I want to collect the event log from.
  I read the following blog entry, which seemed to indicate that RPC was the best choice for performance, considering I'm going to be making high frequency connections to over 2000 targets:
  http://blogs.technet.com/b/josebda/archive/2010/04/02/comparing-rpc-wmi-and-winrm-for-remote-server-management-with-powershell-v2.aspx 
  However, everything I have found on the subject of remote event collection seems to suggest that WinRM is the "approved" method for event log collection. The vendor using the WinRM approach is also suggesting that it is the only official MS supported
  way of doing this.
  So I would like to ask, is there a reason that WMI and RPC should not be used for this purpose, since they clearly work and don't require any changes to my environment? Is there some advantage to WinRM that justifies touching my entire estate and opening
  an additional port (increasing my attack surface)?
  Thanks in advance,

  Hi,
  I'm aware of the push method, and may indeed move to it in time, although I'm just as likely to install a 3rd party agent on the machines to perform this role with greater functionality and manageability for the same effort. I've only seen organisations
  using commercial agents (snare, splunk, etc) or WMI for log collection in practice, so I don't think I'm the only one with reservations about it.
  Anything that involves making configuration changes to a large and very varied estate is not something to do lightly. Particularly if alternatives exist that don't require this change to be carried out immediately. That is why I'm looking to properly understand
  the pros and cons of these "legacy" approaches for use as an interim solution if nothing more.
  Pulling probably is more resource intensive, although I've not seen an actual comparison, but it's not really that fragile in my experience. If a single pull fails, you just collect the logs you missed at the next pull cycle in a few seconds/minutes.
  All logs are pulled directly into a SIEM for analysis, so that part is covered.
  Anyway, I appreciate the input, but I'm still holding out for concrete reasons to move away from WMI/RPC or to embrace WinRM. Bear in mind I'm considering fixing something that doesn't look broken to me!
  Cheers,

• Problems with using System.Diagnostics.EventLog to retrieve event log messages

  Hi
  In my app I am retrieving error and critical events from application and system log - but for some reason what it is returning doesn't tally with what I see in event viewer
  For example:-
  1) Source is SideBySide and shows in event viewer with Event ID of 33 - but in my app it is returning an event ID of 3238068257 - all other details such as message are correct - other event sources show fine
  2) A lot of the system event log messages are showing wrong error message - in event log it shows correctly but in my app it is retrieving messages like this "The description for Event ID '41' in Source 'Microsoft-Windows-Kernel-Power' cannot be
  found. The local computer may not have the necessary registry information or message DLL files to display message, or you may not have permission to access them" - I am running the app with admin rights?, so not sure why not showing same message as it
  shows in event viewer i.e "The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly."
  Darren Rose

  Private Sub btnCheckEventLog_Click(sender As Object, e As EventArgs) Handles btnCheckEventLogs.Click
  ' get event logs
  ' APPLICATION LOG
  ' variables for adding to the listview application log
  Dim ListEventlogApp As ListViewItem
  Dim arrayEventlogApp(5) As String
  ' Clear existing items from list
  lvwEventLogApp.Clear()
  ' Create columns and set width
  lvwEventLogApp.Columns.Add("Date/Time", 120)
  lvwEventLogApp.Columns.Add("Type", 50)
  lvwEventLogApp.Columns.Add("Source", 150)
  lvwEventLogApp.Columns.Add("ID", 100)
  lvwEventLogApp.Columns.Add("Message", 1000)
  ' get event log (application) error entries
  Dim eventLogAppError As New System.Diagnostics.EventLog("Application")
  Dim eventCntr1 As Integer = 1
  Dim numberofeventstoshow1 As Integer = 1
  For i As Integer = eventLogAppError.Entries.Count - 1 To 0 Step -1
  Dim eventLogAppErrorEntry As EventLogEntry = eventLogAppError.Entries(i)
  If eventLogAppErrorEntry.EntryType.ToString = ("Error") Then
  arrayEventlogApp(0) = (eventLogAppErrorEntry.TimeGenerated)
  arrayEventlogApp(1) = (eventLogAppErrorEntry.EntryType.ToString)
  arrayEventlogApp(2) = (eventLogAppErrorEntry.Source)
  arrayEventlogApp(3) = (eventLogAppErrorEntry.InstanceId)
  arrayEventlogApp(4) = (eventLogAppErrorEntry.Message)
  ListEventlogApp = New ListViewItem(arrayEventlogApp)
  lvwEventLogApp.Items.Add(ListEventlogApp)
  eventCntr1 = eventCntr1 + 1
  If numberofeventstoshow1 = 10 Then Exit For ' amend if you want to show more than 10 events
  numberofeventstoshow1 = numberofeventstoshow1 + 1
  End If
  Next
  ' SYSTEM LOG
  ' variables for adding to the listview application log
  Dim ListEventlogSys As ListViewItem
  Dim arrayEventlogSys(5) As String
  ' Clear existing items from list
  lvwEventLogSys.Clear()
  ' Create columns and set width
  lvwEventLogSys.Columns.Add("Date/Time", 120)
  lvwEventLogSys.Columns.Add("Type", 50)
  lvwEventLogSys.Columns.Add("Source", 150)
  lvwEventLogSys.Columns.Add("ID", 100)
  lvwEventLogSys.Columns.Add("Message", 1000)
  ' get event log (system) critical entries
  Dim eventLogSystemCritical As New System.Diagnostics.EventLog("System")
  Dim eventCntr2 As Integer = 1
  Dim numberofeventstoshow2 As Integer = 1
  For i As Integer = eventLogSystemCritical.Entries.Count - 1 To 0 Step -1
  Dim eventLogSysCriticalEntry As EventLogEntry = eventLogSystemCritical.Entries(i)
  If eventLogSysCriticalEntry.EntryType.ToString = ("0") Then
  arrayEventlogSys(0) = (eventLogSysCriticalEntry.TimeGenerated)
  arrayEventlogSys(1) = ("Critical")
  arrayEventlogSys(2) = (eventLogSysCriticalEntry.Source)
  arrayEventlogSys(3) = (eventLogSysCriticalEntry.InstanceId)
  arrayEventlogSys(4) = (eventLogSysCriticalEntry.Message)
  ListEventlogSys = New ListViewItem(arrayEventlogSys)
  lvwEventLogSys.Items.Add(ListEventlogSys)
  eventCntr2 = eventCntr2 + 1
  If numberofeventstoshow2 = 10 Then Exit For ' amend if you want to show more than 10 events
  numberofeventstoshow2 = numberofeventstoshow2 + 1
  End If
  Next
  ' get event log (system) error entries
  Dim eventLogSystemError As New System.Diagnostics.EventLog("System")
  Dim eventCntr3 As Integer = 1
  Dim numberofeventstoshow3 As Integer = 1
  For i As Integer = eventLogSystemError.Entries.Count - 1 To 0 Step -1
  Dim eventLogSysErrorEntry As EventLogEntry = eventLogSystemError.Entries(i)
  If eventLogSysErrorEntry.EntryType.ToString = ("Error") Then
  arrayEventlogSys(0) = (eventLogSysErrorEntry.TimeGenerated)
  arrayEventlogSys(1) = (eventLogSysErrorEntry.EntryType.ToString)
  arrayEventlogSys(2) = (eventLogSysErrorEntry.Source)
  arrayEventlogSys(3) = (eventLogSysErrorEntry.InstanceId)
  arrayEventlogSys(4) = (eventLogSysErrorEntry.Message)
  ListEventlogSys = New ListViewItem(arrayEventlogSys)
  lvwEventLogSys.Items.Add(ListEventlogSys)
  eventCntr3 = eventCntr3 + 1
  If numberofeventstoshow3 = 10 Then Exit For ' amend if you want to show more than 10 events
  numberofeventstoshow3 = numberofeventstoshow3 + 1
  End If
  Next
  End Sub
  Darren Rose