Event ID 4001 in the SCOM Log
Hello,
I have few servers that the following error appear every 15 minutes in the Operations Manager log :
GetSQL2012SPNState.vbs : Unable to open WMI Namespace 'winmgmts:\\server.company.Corp.xxx.company.Corp\root\Microsoft\SqlServer\ComputerManagement11'. Check to see if the WMI service is enabled and running, and ensure this WMI namespace exists.. The remote
server machine does not exist or is unavailable.
The event ID is 4001 and the source of alert is Health Service Script
While xxx is a child domain of the company.corp forest. The server itself is located on the company.corp forest.
Does someone know this error message and can assist me how to solve it ?
Thanks,
Amit
Correct me if I'm wrong, but this looks like the script is trying to query WMI using a wrong server name (server.company.corp.subdomain.company.corp), right? So obviously it can't open it.
I think I've already faced this problem.
If I remember correctly, it is related to the method the script uses to find the server's fqdn :
First it uses the FQDN discovered by the SCOM Agent (server.company.corp)
Then it does an LDAP query on GC://RootDSE to find the defaultNamingContext
Then it compares both values, and if the defaultNamingContext is not contained in the FQDN, it considers that the FQDN is wrong and append it to the defaultNamingContext.
So, what happens is that the SCOM agent says "FQDN for this server is server.domain.com", but the LDAP request says "defaultNamingContext is xxx.company.corp".
Since xxx.company.corp is not contained in server.company.corp, the script "rebuilds" what it thinks would be the correct FQDN : server.company.corp.xxx.company.corp.
This happens when for some reason, the LDAP query to GC://RootDSE is targeted at a GC that is not in the same domain as the SQL server.
The thing is, I never had time to go further and work with a qualified AD/DNS admin on this, so I don't really know how a server chooses what GC it will target for a GC:// query and therefore I don't have a solution for this issue.
Hope these explanations helped, though!
Similar Messages
-
Hi,
Everytime, we restarted the SCOM services. It will took 50mins++ until event id 31410 is out then SCOM application will only start to pumping out alerts. anyway to speed it up?Hi,
When you restart the SCOM services, please also try to restart Microsoft Monitoring Agent.
@echo off
echo Restarting System Center Management Configuration…
net stop cshost
net start cshost
echo Restarting HealthService…
net stop HealthService
net start HealthService
echo done!
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Keep seeing Event ID 455 in the Application Log on my SQL Server
I keep seeing the the following error in the Application Log:
sqlservr (1556) Error -1032 (0xfffffbf8) occurred while opening logfile C:\Windows\system32\LogFiles\Sum\Api.log.
If someone can please help me resolve this, I would greatly appreciate it.
Thank you very muchPlease check this link https://connect.microsoft.com/SQLServer/feedback/details/781317/error-occurred-while-opening-logfile-c-windows-system32-logfiles-sum-api-log
-
Windows 2008 member server, repeating event 4625 in the security log
Hello,
I'm having an issue with a member server on our 2008 domain, security log is filling up with event 4625, here are the details:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 4/23/2014 2:04:42 PM
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: my.member.server
Description:
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name:
Account Domain:
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc000006a
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: -
Source Network Address: 10.0.0.115
Source Port: 51366
Detailed Authentication Information:
Logon Process: Kerberos
Authentication Package: Kerberos
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>4625</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12544</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2014-04-23T18:04:42.197Z" />
<EventRecordID>99893119</EventRecordID>
<Correlation />
<Execution ProcessID="744" ThreadID="844" />
<Channel>Security</Channel>
<Computer>KLINEWEB.kline.local</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-0-0</Data>
<Data Name="SubjectUserName">-</Data>
<Data Name="SubjectDomainName">-</Data>
<Data Name="SubjectLogonId">0x0</Data>
<Data Name="TargetUserSid">S-1-0-0</Data>
<Data Name="TargetUserName">
</Data>
<Data Name="TargetDomainName">
</Data>
<Data Name="Status">0xc000006d</Data>
<Data Name="FailureReason">%%2313</Data>
<Data Name="SubStatus">0xc000006a</Data>
<Data Name="LogonType">3</Data>
<Data Name="LogonProcessName">Kerberos</Data>
<Data Name="AuthenticationPackageName">Kerberos</Data>
<Data Name="WorkstationName">-</Data>
<Data Name="TransmittedServices">-</Data>
<Data Name="LmPackageName">-</Data>
<Data Name="KeyLength">0</Data>
<Data Name="ProcessId">0x0</Data>
<Data Name="ProcessName">-</Data>
<Data Name="IpAddress">10.0.0.115</Data>
<Data Name="IpPort">51366</Data>
</EventData>
</Event>
The IP address that appears in source network address all belong to VPN clients. And it looks like its only happening with 4-5 IPs, all of which are VPN clients. These clients shouldn't be connecting to anything on this server, which is why its puzzling.
Our DC is Windows 2008 and the VPN server is another member server on the domain. I suspect the issue is at the client PCs since there are many other VPN clients connected that don't generate the event ID.
Can anyone tell what the issue might be?
Thanks.Hi Rayminette,
There are multiple login sources that could possibly be generating the errors:
FTP logins - check your FTP log to see if login failures are showing up at the same time.
Logins via Basic Authentication over http or https (simple, but possibly dangerous, way to password-protect a web site).
ASP scripts.
This logon type 8 indicates a network logon like logon type 3 but where the password was sent over the network in the clear text. Windows server doesn’t allow connection to shared file or printers with clear text authentication. The only situation
I’m aware of are logons from within an ASP script using the ADVAPI or when a user logs on to IIS using IIS’s basic authentication mode. In both cases the logon process in the event’s description will list advapi. Basic authentication is only dangerous
if it isn’t wrapped inside an SSL session (i.e. https). As far as logons generated by an ASP, script remember that embedding passwords in source code is a bad practice for maintenance purposes as well as the risk that someone malicious will view the source
code and thereby gain the password.
Reference from:
What is the source of thousands of 4625 Logon Failure errors with Logon Type 8 (NetworkCleartext)?
I hope this helps. -
Does the SCOM 2012 agent "look back" in the logs before the service was started?
Does the SCOM 2012 agent "look back" in the logs before the service was started?<o:p></o:p>
We raised this question to our Microsoft rep back when we migrated to SCOM 2007. We wanted to know if SCOM would alert on errors generated before the Heath Service started. For example, errors
logged before the service is started on reboot (which is when some critical errors are logged). We also wondered what happens when the service is restarted...would errors during the same window be missed?
If I remember correctly the MS response was that the agent looks back on startup/restart based on a timestamp of some kind. We did some testing that seemed to confirm this information. I've
recently encountered several instances of errors generated while the service was stopped (primarily during boot up) where SCOM failed to alert on the error.
Can anyone confirm how the SCOM 2012 agent deals with errors generated before the service starts on boot and during service restarts?I would suspect it's with watermarks as it has been in the past. What you should look into is if these alerts you were expecting are event based, and if there are rules set to alert for these conditions. If so, and you don't get an alert,
then you can bring that up with your msft rep. However, they should be caught.
Regards, Blake Email: mengotto<at>hotmail.com Blog: http://discussitnow.wordpress.com/ If my response was helpful, please mark it as so, if it answered your question, then please also mark it accordingly. Thank you.
There is a watermark. If the agent has been down for a significant period of time, the watermark may not apply, as the log would have rolled - but the entire log will still be processed regardless of what has already been discarded in the log. This may cause
some problems if a monitor picks up an unhealthy state, and the healthy state log entry has already been flushed. In this case, you need to reset health on that particular monitor, or just flush the cache on the agent to start anew.
Jonathan Almquist | SCOMskills, LLC (http://scomskills.com) -
I am new to scripting (literally started reading/learning scripting a few hours ago), and I am stuck in trying to get my current script/command to filter a specific date range.
* Note: I am working with Server 2003 and 2008; because of the environment I am in, a lot of scripts (such as Powershell and VBScript) don't work; trying to stick with command line, as it appears to be the only thing that functions correctly in my environment
I am trying to search the System log in event viewer, for the most recent server reboot. Here is the command that I am currently running:
===========================================================
C:\Windows\System32\cscript C:\Windows\System32\eventquery.vbs /L System /FI "id eq 1074"
===========================================================
When run, the output looks like this:
===========================================================
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved
Listing the events in 'system' log of host 'xxxxxxxxxxxxxxx'
Type Event
Date Time Source
Information 1074
12/18/2013 2:48:06 AM USER32
Information 1074
11/20/2013 3:25:04 AM USER32
Information 1074
10/23/2013 2:06:09 AM USER32
===========================================================
What I would like it to do is only show events that have happened in the last seven days, as well as show the event details if it does find an event that matches the criteria.
Any help would be greatly appreciated. Thanks!
NickI would prefer using Powershell , you can use below code
function Get-EventViewer
param(
[string[]]$ComputerName = $ENV:COMPUTERNAME,[string]$LogName,[int]$eventid
$Object =@()
foreach ($Computer in $ComputerName)
$ApplicationEvents = get-eventlog -logname $LogName -cn $computer -after (Get-Date).AddDays(-7) | ?{$_.eventid -eq "$eventid" }
foreach ($event in $ApplicationEvents) {
$Object += New-Object -Type PSObject -Property @{
ComputerName = $Computer.ToUpper();
TimeGenerated = $event.TimeGenerated;
EntryType = $event.EntryType;
Source = $event.Source;
Message = $event.Message;
$column1 = @{expression="ComputerName"; width=12; label="ComputerName"; alignment="left"}
$column2 = @{expression="TimeGenerated"; width=22; label="TimeGenerated"; alignment="left"}
$column3 = @{expression="EntryType"; width=10; label="EntryType"; alignment="left"}
$column4 = @{expression="Source"; width=15; label="Source"; alignment="left"}
$column5 = @{expression="Message"; width=100; label="Message"; alignment="left"}
$Object|format-table $column1, $column2, $column3 ,$column4 ,$column5
$Object.GetEnumerator() | Out-GridView -Title "Event Viewer"
You can do a function call like
Get-EventViewer -LogName system -ComputerName "computername" -eventid "2017" -
I don't know if this can be done with VI Logger or need to use Labview V7.1.
After browsing through the VI Logger User Manual, it looks like the triggering that you are hoping to accomplish is possible. However, incrementing the filename for the next logging event is not going to be possible. VI Logger does exactly what its name tells - logs data. I don't think the automation that you are hoping to accomplish is possible.
For help with setting up your application, if you do choose to stay with VI Logger, make sure to chek out the Getting Started with VI Logger Manual.
Best of luck.
Jared A -
"Event Viewer cannot open the event Log or Custom view. Verify that the Event log service is running or query is too long. The instance name passed was not recognized as valid by a WMI data provider(4201)"
This error keeps cropping up now and again on most of our domain controllers (OS-2008 AND 2008R2)...Usually a restart fixes the issue however the issue repeats and security logs don't generate.
Any advice on how to fix this issue permanently would be greatly appreciated.Please see this: https://social.technet.microsoft.com/Forums/windows/en-US/95987ca3-a1b2-4da6-95b7-d825d06cdac7/error-code-4201-the-instance-name-passed-was-not-recognized-as-valid-by-a-wmi-data-provider?forum=w7itprosecurity
You can also try rebuilding the WMI repository: http://blogs.technet.com/b/askperf/archive/2009/04/13/wmi-rebuilding-the-wmi-repository.aspx
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
OpenReportingWebServiceConnection in the windowsupdate.log sometimes points to Microsoft URL and sometimes to WSUS server.
Why is that? WSUS reports are never up-to-date. if this is by design it sucks
Also... it will take forever before clients are reporting to WSUS server..
Kind regards / Met vriendelijke groet, IS Group Rob Mulder Kantoorautomatiseerder Wielingenstraat 8 T 0299 476 185 1441 ZR Purmerend F 0299 476 288 www.is.nl / www.isenterprise.com KvK Hoorn 36049256Hi Lawrence,
I installed a new server (2012R2 standard), fully patched and only the WSUS role. Uninstalled the old one, used same database and moved the downloads. Installed a new PC (win 8.1 update 1), not in the domain so no policies. Changed the local update
policy and point to the WSUS server.
Still no luck...... WSUS Last Status Report keeps saying 'Not yet reported'.
Could it be a network problem (VLAN, Firewall)??
The log:
2014-05-23 08:15:18:475 804 a08 IdleTmr Decremented idle timer priority operation counter to 0
2014-05-23 08:15:18:872 804 7e4 Shutdwn Checking to see whether install at shutdown is appropriate
2014-05-23 08:15:18:888 804 7e4 Shutdwn user declined update at shutdown
2014-05-23 08:15:18:888 804 7e4 AU AU initiates service shutdown
2014-05-23 08:15:18:888 804 7e4 AU ########### AU: Uninitializing Automatic Updates ###########
2014-05-23 08:15:18:903 804 7e4 WuTask Uninit WU Task Manager
2014-05-23 08:15:18:903 804 7e4 WuTask ScheduledInstallTaskHandler, setting scheduled install attempt time to 2014-05-25 06:09:51, using automatic maintenance:True.
2014-05-23 08:15:19:169 804 7e4 Report CWERReporter finished handling 1 events. (00000000)
2014-05-23 08:15:19:185 804 7e4 AU Earliest future timer found:
2014-05-23 08:15:19:185 804 7e4 AU Timer: 117CAB2D-82B1-4B5A-A08C-4D62DBEE7782, Expires 2014-05-23 07:27:03, not idle-only, network-only
2014-05-23 08:15:19:278 804 7e4 AU Earliest future timer found:
2014-05-23 08:15:19:278 804 7e4 AU Timer: 31DA7559-FE27-4810-8FF6-987195B1FD98, Expires 2014-05-24 02:26:02, not idle-only, not network-only
2014-05-23 08:15:19:560 804 7e4 Service *********
2014-05-23 08:15:19:560 804 7e4 Service ** END ** Service: Service exit [Exit code = 0x240001]
2014-05-23 08:15:19:560 804 7e4 Service *************
2014-05-23 08:15:51:285 760 5d8 Misc =========== Logging initialized (build: 7.9.9600.17093, tz: +0200) ===========
2014-05-23 08:15:51:301 760 5d8 Misc = Process: C:\Windows\system32\svchost.exe
2014-05-23 08:15:51:301 760 5d8 Misc = Module: c:\windows\system32\wuaueng.dll
2014-05-23 08:15:51:254 760 5d8 Service *************
2014-05-23 08:15:51:301 760 5d8 Service ** START ** Service: Service startup
2014-05-23 08:15:51:301 760 5d8 Service *********
2014-05-23 08:15:51:832 760 5d8 IdleTmr Non-AoAc machine. Aoac operations will be ignored.
2014-05-23 08:15:51:879 760 5d8 Agent * WU client version 7.9.9600.17093
2014-05-23 08:15:51:910 760 5d8 Agent WARNING: SleepStudyTracker: Machine is non-AOAC. Sleep study tracker disabled.
2014-05-23 08:15:51:910 760 5d8 Agent * Base directory: C:\Windows\SoftwareDistribution
2014-05-23 08:15:51:910 760 5d8 Agent * Access type: No proxy
2014-05-23 08:15:51:910 760 5d8 Service UpdateNetworkState Ipv6, cNetworkInterfaces = 1.
2014-05-23 08:15:51:910 760 5d8 Service UpdateNetworkState Ipv4, cNetworkInterfaces = 1.
2014-05-23 08:15:51:910 760 5d8 Agent * Network state: Connected
2014-05-23 08:15:52:035 760 5d8 Service UpdateNetworkState Ipv6, cNetworkInterfaces = 1.
2014-05-23 08:15:52:035 760 5d8 Service UpdateNetworkState Ipv4, cNetworkInterfaces = 1.
2014-05-23 08:15:53:207 760 5d8 Agent *********** Agent: Initializing global settings cache ***********
2014-05-23 08:15:53:207 760 5d8 Agent * Endpoint Provider: 00000000-0000-0000-0000-000000000000
2014-05-23 08:15:53:207 760 5d8 Agent * WSUS server:
http://is-wsus-001:8530
2014-05-23 08:15:53:207 760 5d8 Agent * WSUS status server:
http://is-wsus-001:8530
2014-05-23 08:15:53:207 760 5d8 Agent * Target group: TEST
2014-05-23 08:15:53:207 760 5d8 Agent * Windows Update access disabled: No
2014-05-23 08:15:53:457 760 5d8 WuTask WuTaskManager delay initialize completed successfully..
2014-05-23 08:15:53:473 760 5d8 AU Timer: 117CAB2D-82B1-4B5A-A08C-4D62DBEE7782, Expires 2014-05-23 07:27:03, not idle-only, network-only
2014-05-23 08:15:53:473 760 5d8 AU Timer: 31DA7559-FE27-4810-8FF6-987195B1FD98, Expires 2014-05-24 02:26:02, not idle-only, not network-only
2014-05-23 08:15:53:473 760 5d8 AU Timer: CF1ABEC6-7887-4964-BB93-B2E21B31CEC1, Expires 2014-05-24 06:06:34, not idle-only, not network-only
2014-05-23 08:15:53:473 760 5d8 AU Timer: 29A863E7-8609-4D1E-B7CD-5668F857F1DB, Expires 2014-05-24 06:06:32, not idle-only, not network-only
2014-05-23 08:15:53:473 760 5d8 AU Timer: E25CADF6-86A6-4569-BCDF-89BE66B0CA66, Expires 2014-05-26 06:08:09, not idle-only, not network-only
2014-05-23 08:15:54:160 760 5d8 Report CWERReporter::Init succeeded
2014-05-23 08:15:54:160 760 5d8 Agent *********** Agent: Initializing Windows Update Agent ***********
2014-05-23 08:15:54:207 760 5d8 Agent * Found 11 persisted download calls to restore
2014-05-23 08:15:54:426 760 5d8 DnldMgr Download manager restoring 0 downloads
2014-05-23 08:15:54:426 760 5d8 Agent * Successfully loaded 11 persisted download calls.
2014-05-23 08:15:54:457 760 5d8 AU ########### AU: Initializing Automatic Updates ###########
2014-05-23 08:15:54:457 760 5d8 AU Additional Service {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} with Approval type {Scheduled} added to AU services list
2014-05-23 08:15:54:457 760 5d8 AU AIR Mode is disabled
2014-05-23 08:15:54:457 760 5d8 AU # Policy Driven Provider:
http://is-wsus-001:8530
2014-05-23 08:15:54:457 760 5d8 AU # Detection frequency: 22
2014-05-23 08:15:54:457 760 5d8 AU # Target group: TEST
2014-05-23 08:15:54:457 760 5d8 AU # Approval type: Pre-install notify (Policy)
2014-05-23 08:15:54:457 760 5d8 AU # Auto-install minor updates: No (User preference)
2014-05-23 08:15:54:457 760 5d8 AU # ServiceTypeDefault: Service 117CAB2D-82B1-4B5A-A08C-4D62DBEE7782 Approval type: (Scheduled)
2014-05-23 08:15:54:457 760 5d8 AU # Will interact with non-admins (Non-admins are elevated (User preference))
2014-05-23 08:15:54:770 760 5d8 AU WARNING: Failed to get Wu Exemption info from NLM, assuming not exempt, error = 0x80070032
2014-05-23 08:15:55:254 760 5d8 AU AU finished delayed initialization
2014-05-23 08:15:55:254 760 5d8 AU Processing post-reboot results now.
2014-05-23 08:15:55:270 760 5d8 AU Obtained Post reboot hr from Agent:8024000c
2014-05-23 08:15:55:348 760 5d8 AU Additional Service {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} with Approval type {Scheduled} added to AU services list
2014-05-23 08:15:55:348 760 5d8 AU Triggering Offline detection (non-interactive)
2014-05-23 08:15:55:348 760 5d8 AU Adding timer:
2014-05-23 08:15:55:348 760 5d8 AU Timer: 31DA7559-FE27-4810-8FF6-987195B1FD98, Expires 2014-05-23 06:15:55, not idle-only, not network-only
2014-05-23 08:15:55:394 760 5d8 AU Adding timer:
2014-05-23 08:15:55:394 760 5d8 AU Timer: 31DA7559-FE27-4810-8FF6-987195B1FD98, Expires 2014-05-23 06:15:55, not idle-only, not network-only
2014-05-23 08:15:55:394 760 5d8 AU #############
2014-05-23 08:15:55:394 760 5d8 AU ## START ## AU: Search for updates
2014-05-23 08:15:55:394 760 5d8 AU #########
2014-05-23 08:15:55:394 760 5d8 IdleTmr WU operation (CSearchCall::Init ID 12) started; operation # 73; does not use network; is at background priority
2014-05-23 08:15:55:394 760 780 DnldMgr Asking handlers to reconcile their sandboxes
2014-05-23 08:15:56:379 760 5d8 Report *********** Report: Initializing static reporting data ***********
2014-05-23 08:15:56:379 760 5d8 Report * OS Version = 6.3.9600.0.0.65792
2014-05-23 08:15:56:379 760 5d8 Report * OS Product Type = 0x00000004
2014-05-23 08:15:56:394 760 5d8 Report * Computer Brand = Hewlett-Packard
2014-05-23 08:15:56:394 760 5d8 Report * Computer Model = HP Compaq 8000 Elite SFF PC
2014-05-23 08:15:56:394 760 5d8 Report * Platform Role = 1
2014-05-23 08:15:56:394 760 5d8 Report * AlwaysOn/AlwaysConnected (AOAC) = 0
2014-05-23 08:15:56:394 760 5d8 Report * Bios Revision = 786G7 v01.02
2014-05-23 08:15:56:394 760 5d8 Report * Bios Name = Default System BIOS
2014-05-23 08:15:56:394 760 5d8 Report * Bios Release Date = 2009-10-22T00:00:00
2014-05-23 08:15:56:394 760 5d8 Report * Bios Sku Number = AU247AV
2014-05-23 08:15:56:394 760 5d8 Report * Bios Vendor = Hewlett-Packard
2014-05-23 08:15:56:394 760 5d8 Report * Bios Family = 103C_53307F
2014-05-23 08:15:56:394 760 5d8 Report * Bios Major Release = 1
2014-05-23 08:15:56:394 760 5d8 Report * Bios Minor Release = 2
2014-05-23 08:15:56:394 760 5d8 Report * Locale ID = 1033
2014-05-23 08:15:56:754 760 5d8 Agent *** START *** Queueing Finding updates [CallerId = AutomaticUpdates Id = 12]
2014-05-23 08:15:56:769 760 5d8 AU <<## SUBMITTED ## AU: Search for updates [CallId = {0EA90D1A-5EFD-46BD-89A5-5BA637FD2BAB} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2014-05-23 08:15:56:769 760 5d8 Agent SkipSelfUpdateCheck search flag set for serverId: 117CAB2D-82B1-4B5A-A08C-4D62DBEE7782
2014-05-23 08:15:56:769 760 5d8 IdleTmr WU operation (CSearchCall::Init ID 13) started; operation # 75; does not use network; is at background priority
2014-05-23 08:15:56:769 760 5d8 Agent *** START *** Queueing Finding updates [CallerId = AutomaticUpdates Id = 13]
2014-05-23 08:15:56:769 760 5d8 AU <<## SUBMITTED ## AU: Search for updates [CallId = {4BA76BFE-3776-4A2A-8F8F-046C551FC154} ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}]
2014-05-23 08:15:56:769 760 438 Agent *** END *** Queueing Finding updates [CallerId = AutomaticUpdates Id = 12]
2014-05-23 08:15:56:769 760 444 Agent *** END *** Queueing Finding updates [CallerId = AutomaticUpdates Id = 13]
2014-05-23 08:15:56:895 760 438 Agent *************
2014-05-23 08:15:56:895 760 444 Agent *************
2014-05-23 08:15:56:895 760 438 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates Id = 12]
2014-05-23 08:15:56:895 760 444 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates Id = 13]
2014-05-23 08:15:56:895 760 438 Agent *********
2014-05-23 08:15:56:895 760 444 Agent *********
2014-05-23 08:15:56:895 760 438 Agent * Online = No; Ignore download priority = No
2014-05-23 08:15:56:895 760 444 Agent * Online = No; Ignore download priority = No
2014-05-23 08:15:56:988 760 438 Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1
or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2014-05-23 08:15:56:988 760 444 Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1
or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2014-05-23 08:15:56:988 760 438 Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2014-05-23 08:15:56:988 760 444 Agent * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
2014-05-23 08:15:56:988 760 438 Agent * Search Scope = {Machine & All Users}
2014-05-23 08:15:56:988 760 444 Agent * Search Scope = {Machine & All Users}
2014-05-23 08:15:56:988 760 438 Agent * Caller SID for Applicability: S-1-5-18
2014-05-23 08:15:57:066 760 444 Agent * Caller SID for Applicability: S-1-5-18
2014-05-23 08:16:00:691 760 444 Agent * Added update {B8041E56-C00A-45F8-81FB-D73AFA411347}.1 to search result
2014-05-23 08:16:00:754 760 444 Agent * Added update {00563009-B9BF-43A4-8B4E-5ACE3172912B}.2 to search result
2014-05-23 08:16:00:754 760 444 Agent * Added update {10ABC605-BFEB-4C77-86F6-3E4B128DB8CE}.1 to search result
2014-05-23 08:16:00:754 760 444 Agent * Added update {5FFBBD0B-FE88-4891-A8AC-079773A2293C}.1 to search result
2014-05-23 08:16:00:770 760 444 Agent * Added update {7808BE23-84F0-4A32-8733-E7C007F163F3}.1 to search result
2014-05-23 08:16:00:770 760 444 Agent * Added update {5844AE0C-7736-4D29-A625-BE4C5B8F8913}.1 to search result
2014-05-23 08:16:00:770 760 444 Agent Update {EE38AC4D-7401-43C8-99E3-6A29B5D40125}.1 is pruned out due to potential supersedence
2014-05-23 08:16:00:770 760 444 Agent * Added update {F9158DB5-472A-42E4-9011-8755FFD0E881}.1 to search result
2014-05-23 08:16:00:770 760 444 Agent * Added update {B668ABF0-E6EA-4A46-8295-F0B3EA7A2280}.1 to search result
2014-05-23 08:16:00:770 760 444 Agent * Added update {384F16CE-2C01-40C5-B4DF-77494AF5101B}.1 to search result
2014-05-23 08:16:00:770 760 444 Agent * Added update {622DDF33-E2CC-4001-8F24-58CF7DCA850C}.1 to search result
2014-05-23 08:16:00:770 760 444 Agent * Added update {27F89739-5050-4ED7-BB07-1B34FAD4A662}.1 to search result
2014-05-23 08:16:00:770 760 444 Agent * Added update {9A0D7060-5FF4-4842-AAC2-6B7F3EC4FAC3}.1 to search result
2014-05-23 08:16:00:785 760 444 Agent * Found 12 updates and 37 categories in search; evaluated appl. rules of 81 out of 122 deployed entities
2014-05-23 08:16:00:785 760 444 Agent *********
2014-05-23 08:16:00:785 760 444 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates Id = 13]
2014-05-23 08:16:00:785 760 444 Agent *************
2014-05-23 08:16:00:820 760 444 IdleTmr WU operation (CSearchCall::Init ID 14) started; operation # 76; does not use network; is at background priority
2014-05-23 08:16:00:898 760 444 Agent *************
2014-05-23 08:16:00:898 760 444 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates Id = 14]
2014-05-23 08:16:00:898 760 444 Agent *********
2014-05-23 08:16:00:898 760 444 Agent * Online = No; Ignore download priority = No
2014-05-23 08:16:00:913 760 444 Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1
or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2014-05-23 08:16:00:913 760 444 Agent * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
2014-05-23 08:16:00:913 760 444 Agent * Search Scope = {Current User}
2014-05-23 08:16:00:913 760 444 Agent * Caller SID for Applicability: S-1-5-21-3625400098-2596169022-3213286213-1003
2014-05-23 08:16:01:429 760 444 Agent * Added update {B8041E56-C00A-45F8-81FB-D73AFA411347}.1 to search result
2014-05-23 08:16:02:070 760 444 Agent * Added update {00563009-B9BF-43A4-8B4E-5ACE3172912B}.2 to search result
2014-05-23 08:16:02:070 760 444 Agent * Added update {10ABC605-BFEB-4C77-86F6-3E4B128DB8CE}.1 to search result
2014-05-23 08:16:02:070 760 444 Agent * Added update {5FFBBD0B-FE88-4891-A8AC-079773A2293C}.1 to search result
2014-05-23 08:16:02:070 760 444 Agent * Added update {7808BE23-84F0-4A32-8733-E7C007F163F3}.1 to search result
2014-05-23 08:16:02:070 760 444 Agent * Added update {5844AE0C-7736-4D29-A625-BE4C5B8F8913}.1 to search result
2014-05-23 08:16:02:070 760 444 Agent Update {EE38AC4D-7401-43C8-99E3-6A29B5D40125}.1 is pruned out due to potential supersedence
2014-05-23 08:16:02:070 760 444 Agent * Added update {F9158DB5-472A-42E4-9011-8755FFD0E881}.1 to search result
2014-05-23 08:16:02:070 760 444 Agent * Added update {B668ABF0-E6EA-4A46-8295-F0B3EA7A2280}.1 to search result
2014-05-23 08:16:02:070 760 444 Agent * Added update {384F16CE-2C01-40C5-B4DF-77494AF5101B}.1 to search result
2014-05-23 08:16:02:070 760 444 Agent * Added update {622DDF33-E2CC-4001-8F24-58CF7DCA850C}.1 to search result
2014-05-23 08:16:02:070 760 444 Agent * Added update {27F89739-5050-4ED7-BB07-1B34FAD4A662}.1 to search result
2014-05-23 08:16:02:070 760 444 Agent * Added update {9A0D7060-5FF4-4842-AAC2-6B7F3EC4FAC3}.1 to search result
2014-05-23 08:16:02:070 760 444 Agent * Found 12 updates and 37 categories in search; evaluated appl. rules of 81 out of 122 deployed entities
2014-05-23 08:16:02:070 760 444 Agent *********
2014-05-23 08:16:02:070 760 444 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates Id = 14]
2014-05-23 08:16:02:070 760 444 Agent *************
2014-05-23 08:16:02:070 760 444 IdleTmr WU operation (CSearchCall::Init ID 14, operation # 76) stopped; does not use network; is at background priority
2014-05-23 08:16:02:085 760 444 IdleTmr WU operation (CSearchCall::Init ID 15) started; operation # 77; does not use network; is at background priority
2014-05-23 08:16:02:085 760 444 Agent *************
2014-05-23 08:16:02:085 760 444 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates Id = 15]
2014-05-23 08:16:02:085 760 444 Agent *********
2014-05-23 08:16:02:085 760 444 Agent * Online = No; Ignore download priority = No
2014-05-23 08:16:02:085 760 444 Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1
or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2014-05-23 08:16:02:085 760 444 Agent * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
2014-05-23 08:16:02:085 760 444 Agent * Search Scope = {Current User}
2014-05-23 08:16:02:085 760 444 Agent * Caller SID for Applicability: S-1-5-21-3625400098-2596169022-3213286213-1001
2014-05-23 08:16:03:054 760 444 Agent * Added update {B8041E56-C00A-45F8-81FB-D73AFA411347}.1 to search result
2014-05-23 08:16:03:116 760 444 Agent * Added update {10ABC605-BFEB-4C77-86F6-3E4B128DB8CE}.1 to search result
2014-05-23 08:16:03:116 760 444 Agent * Added update {5FFBBD0B-FE88-4891-A8AC-079773A2293C}.1 to search result
2014-05-23 08:16:03:116 760 444 Agent * Added update {7808BE23-84F0-4A32-8733-E7C007F163F3}.1 to search result
2014-05-23 08:16:03:116 760 444 Agent * Added update {5844AE0C-7736-4D29-A625-BE4C5B8F8913}.1 to search result
2014-05-23 08:16:03:116 760 444 Agent Update {EE38AC4D-7401-43C8-99E3-6A29B5D40125}.1 is pruned out due to potential supersedence
2014-05-23 08:16:03:116 760 444 Agent * Added update {F9158DB5-472A-42E4-9011-8755FFD0E881}.1 to search result
2014-05-23 08:16:03:132 760 444 Agent * Added update {B668ABF0-E6EA-4A46-8295-F0B3EA7A2280}.1 to search result
2014-05-23 08:16:03:132 760 444 Agent * Added update {384F16CE-2C01-40C5-B4DF-77494AF5101B}.1 to search result
2014-05-23 08:16:03:132 760 444 Agent * Added update {622DDF33-E2CC-4001-8F24-58CF7DCA850C}.1 to search result
2014-05-23 08:16:03:132 760 444 Agent * Added update {27F89739-5050-4ED7-BB07-1B34FAD4A662}.1 to search result
2014-05-23 08:16:03:132 760 444 Agent * Added update {9A0D7060-5FF4-4842-AAC2-6B7F3EC4FAC3}.1 to search result
2014-05-23 08:16:03:132 760 444 Agent * Found 11 updates and 37 categories in search; evaluated appl. rules of 81 out of 122 deployed entities
2014-05-23 08:16:03:132 760 444 Agent *********
2014-05-23 08:16:03:132 760 444 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates Id = 15]
2014-05-23 08:16:03:132 760 444 Agent *************
2014-05-23 08:16:03:132 760 444 IdleTmr WU operation (CSearchCall::Init ID 15, operation # 77) stopped; does not use network; is at background priority
2014-05-23 08:16:03:132 760 444 IdleTmr WU operation (CSearchCall::Init ID 13, operation # 75) stopped; does not use network; is at background priority
2014-05-23 08:16:03:132 760 484 AU >>## RESUMED ## AU: Search for updates [CallId = {4BA76BFE-3776-4A2A-8F8F-046C551FC154} ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}]
2014-05-23 08:16:03:148 760 484 AU # 12 updates detected
2014-05-23 08:16:03:148 760 484 AU #########
2014-05-23 08:16:03:163 760 484 AU ## END ## AU: Search for updates [CallId = {4BA76BFE-3776-4A2A-8F8F-046C551FC154} ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}]
2014-05-23 08:16:03:163 760 484 AU #############
2014-05-23 08:16:08:679 760 438 Agent * Added update {8427071A-DA80-48C3-97DE-C9C528F73A2D}.1 to search result
2014-05-23 08:16:08:742 760 438 Agent * Found 1 updates and 74 categories in search; evaluated appl. rules of 1114 out of 1607 deployed entities
2014-05-23 08:16:08:742 760 438 Agent *********
2014-05-23 08:16:08:742 760 438 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates Id = 12]
2014-05-23 08:16:08:742 760 438 Agent *************
2014-05-23 08:16:08:742 760 438 IdleTmr WU operation (CSearchCall::Init ID 12, operation # 73) stopped; does not use network; is at background priority
2014-05-23 08:16:08:742 760 484 AU >>## RESUMED ## AU: Search for updates [CallId = {0EA90D1A-5EFD-46BD-89A5-5BA637FD2BAB} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2014-05-23 08:16:08:742 760 484 AU # 1 updates detected
2014-05-23 08:16:08:742 760 484 AU WARNING: AU ignoring update during offline scan:
2014-05-23 08:16:08:742 760 484 AU #########
2014-05-23 08:16:08:742 760 484 AU ## END ## AU: Search for updates [CallId = {0EA90D1A-5EFD-46BD-89A5-5BA637FD2BAB} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2014-05-23 08:16:08:742 760 484 AU #############
2014-05-23 08:16:08:742 760 484 AU All AU searches complete.
2014-05-23 08:16:08:742 760 484 AU Adding timer:
2014-05-23 08:16:08:742 760 484 AU Timer: 31DA7559-FE27-4810-8FF6-987195B1FD98, Expires 2014-05-24 02:26:02, not idle-only, not network-only
2014-05-23 08:16:08:742 760 484 AU # Publishing WNF Per user update count event Count: 11 SID {S-1-5-21-3625400098-2596169022-3213286213-1003} Service {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}
2014-05-23 08:16:08:804 760 484 AU # Publishing WNF Per user update count event Count: 11 SID {S-1-5-21-3625400098-2596169022-3213286213-1001} Service {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}
2014-05-23 08:24:06:607 760 5d8 AU ReAttemptDownloadsAsUserIfNecessary, No calls in download progress.
2014-05-23 08:24:06:623 760 5d8 AU IsPerUserUpdateInstallableForAnyLoggedOnUser, found at least 1 logged on user for which the update 10ABC605-BFEB-4C77-86F6-3E4B128DB8CE, revision 1 is applicable
2014-05-23 08:24:06:623 760 5d8 AU SchedulePerUserUpdateInstallOnUserLogonIfNeeded, per user update install scheduled for logged on user.
Kind regards / Met vriendelijke groet, IS Group Rob Mulder Kantoorautomatiseerder Wielingenstraat 8 T 0299 476 185 1441 ZR Purmerend F 0299 476 288 www.is.nl / www.isenterprise.com KvK Hoorn 36049256 -
The system failed to flush data to the transaction log. Corruption may occur.
We have a windows server 2008 R2 Virtual machine and we are getting the following Warning Event.
Event 51 Volmgr
The system failed to flush data to the transaction log. Corruption may occur.
Any idea what is wrong with this server? Why this event is occurring?Hi Jitender KT,
Before going further, would you please let me know the complete error message that you can find (such as a
screenshot if you can provide)? Please check and confirm in Event Viewer if there other related event you can find, such as Event 57 and so on. Meanwhile, can you remember what operations you have done before the warning occurred?
Based on current message that you provided, please run
Chkdsk command to check if you can find error. The issue seems to be related to the storage device. Please refer to the following similar question.
http://social.technet.microsoft.com/Forums/windowsserver/en-US/044b10af-c253-46de-b40d-ce9d128b83d7/event-id-57-source-volmgr?forum=winservergen
In addition, please also refer to the following link. It should be helpful.
http://www.eventid.net/display-eventid-57-source-volmgr-eventno-8865-phase-1.htm
Hope this helps.
Best regards,
Justin Gu -
Hi,
A WebLogic 10.3.2.0 server is hanging at startup. There are no error messages. The last command in the startup window is:
"The server log file <log file dest> is opened. All server side log events will be written to this file."
I think the next line should be:
"Security initializing using security realm realm."
Any ideas on what could be the issue? For instance what resources should be accessed at that point of time? There is sufficient space left on the (virtual machine) disk. The VM configured with 8GB memory. Could it be performance related still?
Following is written to the log file:
####<12.aug.2010 kl 09.47 CEST> <Info> <WebLogicServer> <oim> <> <Main Thread> <> <> <> <1281599254656> <BEA-000214> <WebLogic Server "AdminServer" version:
WebLogic Server 10.3.2.0 Tue Oct 20 12:16:15 PDT 2009 1267925 Copyright (c) 1995, 2009, Oracle and/or its affiliates. All rights reserved.> ####<12.aug.2010 kl 09.47 CEST> <Notice> <Log Management> <oim> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1281599255312> <BEA-170019> <The server log file ....logs\AdminServer.log is opened. All server side log events will be written to this file.> ####<12.aug.2010 kl 09.47 CEST> <Info> <Log Management> <oim> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1281599255390> <BEA-170023> <The Server Logging is initialized with Java Logging API implementation.> ####<12.aug.2010 kl 09.47 CEST> <Info> <Diagnostics> <oim> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1281599255671> <BEA-320001> <The ServerDebug service initialized successfully.> ####<12.aug.2010 kl 09.47 CEST> <Info> <Store> <oim> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1281599256515> <BEA-280050> <Persistent store "WLS_DIAGNOSTICS" opened: directory="....s\domains\oim\servers\AdminServer\data\store\diagnostics" writePolicy="Disabled" blockSize=512 directIO=false driver="wlfileio2"> ####<12.aug.2010 kl 09.47 CEST> <Info> <Server> <oim> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1281599257140> <BEA-002622> <The protocol "t3" is now configured.> ####<12.aug.2010 kl 09.47 CEST> <Info> <Server> <oim> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1281599257140> <BEA-002622> <The protocol "t3s" is now configured.> ####<12.aug.2010 kl 09.47 CEST> <Info> <Server> <oim> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1281599257140> <BEA-002622> <The protocol "http" is now configured.> ####<12.aug.2010 kl 09.47 CEST> <Info> <Server> <oim> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1281599257140> <BEA-002622> <The protocol "https" is now configured.> ####<12.aug.2010 kl 09.47 CEST> <Info> <Server> <oim> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1281599257140> <BEA-002622> <The protocol "iiop" is now configured.> ####<12.aug.2010 kl 09.47 CEST> <Info> <Server> <oim> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1281599257156> <BEA-002622> <The protocol "iiops" is now configured.> ####<12.aug.2010 kl 09.47 CEST> <Info> <Server> <oim> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1281599257156> <BEA-002622> <The protocol "ldap" is now configured.> ####<12.aug.2010 kl 09.47 CEST> <Info> <Server> <oim> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1281599257156> <BEA-002622> <The protocol "ldaps" is now configured.> ####<12.aug.2010 kl 09.47 CEST> <Info> <Server> <oim> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1281599257187> <BEA-002622> <The protocol "cluster" is now configured.> ####<12.aug.2010 kl 09.47 CEST> <Info> <Server> <oim> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1281599257187> <BEA-002622> <The protocol "clusters" is now configured.> ####<12.aug.2010 kl 09.47 CEST> <Info> <Server> <oim> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1281599257218> <BEA-002622> <The protocol "snmp" is now configured.> ####<12.aug.2010 kl 09.47 CEST> <Info> <Server> <oim> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1281599257218> <BEA-002622> <The protocol "admin" is now configured.> ####<12.aug.2010 kl 09.47 CEST> <Info> <Server> <oim> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1281599257218> <BEA-002624> <The administration protocol is "t3s" and is now configured.> ####<12.aug.2010 kl 09.47 CEST> <Info> <RJVM> <oim> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1281599257468> <BEA-000570> <Network Configuration for Channel "AdminServer"
Listen Address :7001
Public Address N/A
Http Enabled true
Tunneling Enabled false
Outbound Enabled false
Admin Traffic Enabled true>
####<12.aug.2010 kl 09.47 CEST> <Info> <Server> <oim> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1281599257687> <BEA-002609> <Channel Service initialized.> ####<12.aug.2010 kl 09.47 CEST> <Info> <Socket> <oim> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1281599258000> <BEA-000406> <NTSocketMuxer was built on Jan 13 2005 17:47:03
####<12.aug.2010 kl 09.47 CEST> <Info> <Socket> <oim> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1281599258078> <BEA-000436> <Allocating 3 reader threads.> ####<12.aug.2010 kl 09.47 CEST> <Info> <Socket> <oim> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1281599258078> <BEA-000446> <Native IO Enabled.> ####<12.aug.2010 kl 09.47 CEST> <Info> <IIOP> <oim> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1281599259500> <BEA-002014> <IIOP subsystem enabled.>
Thanks!!tried both of these, still having same error as below:
<Sep 8, 2010 1:32:37 PM IST> <Critical> <Security> <BEA-090402> <Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.>
<Sep 8, 2010 1:32:37 PM IST> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:959)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:875)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User weblogic2 javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User weblogic2 denied
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:250)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at java.security.AccessController.doPrivileged(Native Method)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Truncated. see log file for complete stacktrace
>
<Sep 8, 2010 1:32:37 PM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Sep 8, 2010 1:32:37 PM IST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Sep 8, 2010 1:32:37 PM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
Pls help me out ASAP... -
Can DISABLE preProcess Event Handler add to the Orchestration parameters?
I have a DISABLE pre-process event handler defined on the User object. I need to set the current date on a USR UDF attribute whenever the user is disabled or enabled or created. The CREATE handler works and the date value shows up on the user profile. However, when I try to set this attribute on the pre-process DISABLE or ENABLE event handlers, the new date does not show up. Here is the code I am using in my DISABLE/ENABLE event handler:
Date currentTime = new Date(System.currentTimeMillis());
orchestration.addParameter(USER_STATUS_DATETIME_ATTR_NAME, currentTime);
Where the orchestration object is from the execute() parameter list.
Any ideas as to why this is not working? Is adding to the orchestration not allowed for DISABLE or ENABLE event handlers? I know my handler is getting calls as I am logging the orchestration.getOperation() value.
Thanks for any suggestions.
-Dave
Edited by: user552098 on Nov 12, 2012 1:56 PMWhen you update the field, make sure you are using the field label name, and not the UDF value.
-Kevin -
Server shutdown with the following log file -?
JAVA Memory arguments: -Xms256m -Xmx512m -XX:MaxPermSize=128m
WLS Start Mode=Production
CLASSPATH=:/home3/bea9/patch_weblogic922/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/home3/bea9/jdk150_07/lib/tools.jar:/home3/bea9/weblogic92/server/lib/weblogic_sp.jar:/home3/bea9/weblogic92/server/lib/weblogic.jar:/home3/bea9/weblogic92/server/lib/webservices.jar::/home3/bea9/weblogic92/common/eval/pointbase/lib/pbclient51.jar:/home3/bea9/weblogic92/server/lib/xqrl.jar::
PATH=/home3/bea9/weblogic92/server/bin:/home3/bea9/jdk150_07/jre/bin:/home3/bea9/jdk150_07/bin:/usr/bin:/usr/ccs/bin:/usr/contrib/bin:/opt/nettladm/bin:/opt/fc/bin:/opt/fcms/bin:/opt/upgrade/bin:/opt/pd/bin:/usr/bin/X11:/usr/contrib/bin/X11:/opt/hparray/bin:/opt/langtools/bin:/opt/imake/bin:/opt/perf/bin:/opt/ignite/bin:/opt/OV/bin/OpC:/opt/hpnp//bin:/opt/resmon/bin:/usr/sbin/diag/contrib:/opt/pred/bin:/opt/sec_mgmt/spc/bin:/opt/graphics/common/bin:/opt/OV/bin:/opt/ssh/bin:/opt/sec_mgmt/bastille/bin:.
* To start WebLogic Server, use a username and *
* password assigned to an admin-level user. For *
* server administration, use the WebLogic Server *
* console at http://hostname:port/console *
starting weblogic with Java version:
java version "1.5.0.07"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0.07-_20_mar_2007_05_31)
Java HotSpot(TM) Server VM (build 1.5.0.07 jinteg:03.20.07-04:39 PA2.0 (aCC_AP), mixed mode)
Starting WLS with line:
/home3/bea9/jdk150_07/bin/java -server -Xms256m -Xmx512m -XX:MaxPermSize=128m -da -Dplatform.home=/home3/bea9/weblogic92 -Dwls.home=/home3/bea9/weblogic92/server -Dwli.home=/home3/bea9/weblogic92/integration -Dweblogic.management.discover=true -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole= -Dweblogic.ext.dirs=/home3/bea9/patch_weblogic922/profiles/default/sysext_manifest_classpath -Dweblogic.Name=Admin -Djava.security.policy=/home3/bea9/weblogic92/server/lib/weblogic.policy weblogic.Server
<May 13, 2009 10:36:22 AM EDT> <Notice> <WebLogicServer> <BEA-000395> <Following extensions directory contents added to the end of the classpath:
/home3/bea9/weblogic92/platform/lib/p13n/p13n-schemas.jar:/home3/bea9/weblogic92/platform/lib/p13n/p13n_common.jar:/home3/bea9/weblogic92/platform/lib/p13n/p13n_system.jar:/home3/bea9/weblogic92/platform/lib/wlp/netuix_common.jar:/home3/bea9/weblogic92/platform/lib/wlp/netuix_schemas.jar:/home3/bea9/weblogic92/platform/lib/wlp/netuix_system.jar:/home3/bea9/weblogic92/platform/lib/wlp/wsrp-common.jar>
<May 13, 2009 10:36:24 AM EDT> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Java HotSpot(TM) Server VM Version 1.5.0.07 jinteg:03.20.07-04:39 PA2.0 (aCC_AP) from Hewlett-Packard Company>
<May 13, 2009 10:36:29 AM EDT> <Info> <Management> <BEA-141107> <Version: WebLogic Server 9.2 MP2 Mon Jun 25 01:32:01 EDT 2007 952826 >
<May 13, 2009 10:37:03 AM EDT> <Info> <WebLogicServer> <BEA-000215> <Loaded License : /home3/bea9/license.bea>
<May 13, 2009 10:37:03 AM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<May 13, 2009 10:37:03 AM EDT> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<May 13, 2009 10:37:04 AM EDT> <Notice> <Log Management> <BEA-170019> <The server log file /home3/bea9/user_projects/domains/Production/servers/Admin/logs/Admin.log is opened. All server side log events will be written to this file.>
<May 13, 2009 10:37:08 AM EDT> <Alert> <Socket> <BEA-000414> <Could not initialize POSIX Performance Pack.>
<May 13, 2009 10:37:08 AM EDT> <Warning> <Socket> <BEA-000444> <Could not load the performance pack that can take advantage of /dev/(e)poll device due to:
weblogic.utils.NestedError: Could not initialize /dev/poll Performance Pack. Ensure that /dev/poll device exists and is initialized..
Will attempt to use the performance pack that does not depend on /dev/(e)poll device.>
<May 13, 2009 10:37:18 AM EDT> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
<May 13, 2009 10:37:35 AM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY>
<May 13, 2009 10:37:35 AM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<May 13, 2009 10:37:52 AM EDT> <Notice> <Log Management> <BEA-170027> <The server initialized the domain log broadcaster successfully. Log messages will now be broadcasted to the domain log.>
<May 13, 2009 10:37:53 AM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<May 13, 2009 10:37:53 AM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<May 13, 2009 10:37:54 AM EDT> <Warning> <Server> <BEA-002611> <Hostname "ncsci015", maps to multiple IP addresses: 10.45.8.61, 127.0.0.1>
<May 13, 2009 10:37:54 AM EDT> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on 127.0.0.1:9001 for protocols iiop, t3, ldap, http.>
<May 13, 2009 10:37:54 AM EDT> <Warning> <Server> <BEA-002611> <Hostname "localhost", maps to multiple IP addresses: 10.45.8.61, 127.0.0.1>
<May 13, 2009 10:37:54 AM EDT> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.45.8.61:9001 for protocols iiop, t3, ldap, http.>
<May 13, 2009 10:37:54 AM EDT> <Notice> <WebLogicServer> <BEA-000329> <Started WebLogic Admin Server "Admin" for domain "Production" running in Production Mode>
<May 13, 2009 10:37:54 AM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
<May 13, 2009 10:37:54 AM EDT> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
<May 13, 2009 10:39:55 AM EDT> <Warning> <netuix> <BEA-423420> <Redirect is executed in begin or refresh action. Redirect url is /console/console.portal?_nfpb=true&_pageLabel=HomePage1.>
<May 13, 2009 10:43:47 AM EDT> <Warning> <netuix> <BEA-423420> <Redirect is executed in begin or refresh action. Redirect url is /console/console.portal?_nfpb=true&_pageLabel=ServerConfigGeneralTabPage&handle=com.bea.console.handles.JMXHandle%28%22com.bea%3AName%3DTCSE%2CType%3DServer%22%29.>
<May 13, 2009 10:44:08 AM EDT> <Warning> <netuix> <BEA-423420> <Redirect is executed in begin or refresh action. Redirect url is /console/console.portal?_nfpb=true&_pageLabel=WebAppApplicationOverviewPage&WebAppApplicationOverviewPortlethandle=com.bea.console.handles.AppDeploymentHandle%28%22com.bea%3AName%3Dtcr%2CType%3DAppDeployment%22%29.>
<May 13, 2009 10:44:12 AM EDT> <Warning> <J2EE Deployment SPI> <BEA-260128> <Changes not allowed to DTD based descriptors. The attempt to modify property 'ServletName' in WEB-INF/weblogic.xml for module 'tcr.war' will be vetoed if possible. The change will not be persisted in either case.>
<May 13, 2009 10:44:12 AM EDT> <Warning> <J2EE Deployment SPI> <BEA-260128> <Changes not allowed to DTD based descriptors. The attempt to modify property 'ServletName' in WEB-INF/weblogic.xml for module 'tcr.war' will be vetoed if possible. The change will not be persisted in either case.>
<May 13, 2009 10:44:12 AM EDT> <Warning> <J2EE Deployment SPI> <BEA-260128> <Changes not allowed to DTD based descriptors. The attempt to modify property 'ServletName' in WEB-INF/weblogic.xml for module 'tcr.war' will be vetoed if possible. The change will not be persisted in either case.>
<May 13, 2009 10:44:12 AM EDT> <Warning> <J2EE Deployment SPI> <BEA-260128> <Changes not allowed to DTD based descriptors. The attempt to modify property 'ServletName' in WEB-INF/weblogic.xml for module 'tcr.war' will be vetoed if possible. The change will not be persisted in either case.>
<May 13, 2009 10:44:12 AM EDT> <Warning> <J2EE Deployment SPI> <BEA-260128> <Changes not allowed to DTD based descriptors. The attempt to modify property 'ServletName' in WEB-INF/weblogic.xml for module 'tcr.war' will be vetoed if possible. The change will not be persisted in either case.>
<May 13, 2009 12:34:44 PM EDT> <Warning> <netuix> <BEA-423420> <Redirect is executed in begin or refresh action. Redirect url is /console/console.portal?_nfpb=true&_pageLabel=HomePage1.>
<May 13, 2009 12:43:36 PM EDT> <Warning> <netuix> <BEA-423420> <Redirect is executed in begin or refresh action. Redirect url is /console/console.portal?_nfpb=true&_pageLabel=HomePage1.>
<May 13, 2009 1:12:29 PM EDT> <Warning> <netuix> <BEA-423420> <Redirect is executed in begin or refresh action. Redirect url is /console/console.portal?_nfpb=true&_pageLabel=HomePage1.>
<May 14, 2009 12:27:16 PM EDT> <Warning> <netuix> <BEA-423420> <Redirect is executed in begin or refresh action. Redirect url is /console/console.portal?_nfpb=true&_pageLabel=HomePage1.>
<May 14, 2009 12:27:29 PM EDT> <Warning> <netuix> <BEA-423420> <Redirect is executed in begin or refresh action. Redirect url is /console/console.portal?_nfpb=true&_pageLabel=ServerConfigGeneralTabPage&handle=com.bea.console.handles.JMXHandle%28%22com.bea%3AName%3DTCSE%2CType%3DServer%22%29.>
<May 14, 2009 12:29:21 PM EDT> <Warning> <netuix> <BEA-423420> <Redirect is executed in begin or refresh action. Redirect url is /console/console.portal?_nfpb=true&_pageLabel=HomePage1.>
<May 14, 2009 12:29:30 PM EDT> <Warning> <netuix> <BEA-423420> <Redirect is executed in begin or refresh action. Redirect url is /console/console.portal?_nfpb=true&_pageLabel=ServerConfigGeneralTabPage&handle=com.bea.console.handles.JMXHandle%28%22com.bea%3AName%3DTCSE%2CType%3DServer%22%29.>
<May 14, 2009 12:29:44 PM EDT> <Error> <netuix> <BEA-423405> <An exception [Broken pipe (errno:32)] was thrown while rendering the content at [jsp/contentheader/ContentMenu.jsp].
java.net.SocketException: Broken pipe (errno:32)
at java.net.SocketOutputStream.socketWrite0(Native Method)
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:97)
at java.net.SocketOutputStream.write(SocketOutputStream.java:141)
at weblogic.servlet.internal.ChunkOutput.writeChunkTransfer(ChunkOutput.java:525)
at weblogic.servlet.internal.ChunkOutput.writeChunks(ChunkOutput.java:504)
Truncated. see log file for complete stacktrace
>
<May 14, 2009 1:47:36 PM EDT> <Warning> <netuix> <BEA-423420> <Redirect is executed in begin or refresh action. Redirect url is /console/console.portal?_nfpb=true&_pageLabel=HomePage1.>
<May 14, 2009 1:47:48 PM EDT> <Warning> <netuix> <BEA-423420> <Redirect is executed in begin or refresh action. Redirect url is /console/console.portal?_nfpb=true&_pageLabel=ServerConfigGeneralTabPage&handle=com.bea.console.handles.JMXHandle%28%22com.bea%3AName%3DTCSE%2CType%3DServer%22%29.>
<May 14, 2009 1:57:17 PM EDT> <Warning> <netuix> <BEA-423420> <Redirect is executed in begin or refresh action. Redirect url is /console/console.portal?_nfpb=true&_pageLabel=HomePage1.>
<May 14, 2009 1:57:27 PM EDT> <Warning> <netuix> <BEA-423420> <Redirect is executed in begin or refresh action. Redirect url is /console/console.portal?_nfpb=true&_pageLabel=ServerConfigGeneralTabPage&handle=com.bea.console.handles.JMXHandle%28%22com.bea%3AName%3DTCSE%2CType%3DServer%22%29.>
<May 15, 2009 9:15:48 AM EDT> <Warning> <netuix> <BEA-423420> <Redirect is executed in begin or refresh action. Redirect url is /console/console.portal?_nfpb=true&_pageLabel=HomePage1.>
<May 15, 2009 12:07:05 PM EDT> <Warning> <netuix> <BEA-423420> <Redirect is executed in begin or refresh action. Redirect url is /console/console.portal?_nfpb=true&_pageLabel=HomePage1.>
<May 15, 2009 12:07:14 PM EDT> <Warning> <netuix> <BEA-423420> <Redirect is executed in begin or refresh action. Redirect url is /console/console.portal?_nfpb=true&_pageLabel=WebAppApplicationOverviewPage&WebAppApplicationOverviewPortlethandle=com.bea.console.handles.AppDeploymentHandle%28%22com.bea%3AName%3Dtcr%2CType%3DAppDeployment%22%29.>
<May 15, 2009 12:07:15 PM EDT> <Warning> <J2EE Deployment SPI> <BEA-260128> <Changes not allowed to DTD based descriptors. The attempt to modify property 'ServletName' in WEB-INF/weblogic.xml for module 'tcr.war' will be vetoed if possible. The change will not be persisted in either case.>
<May 15, 2009 12:07:15 PM EDT> <Warning> <J2EE Deployment SPI> <BEA-260128> <Changes not allowed to DTD based descriptors. The attempt to modify property 'ServletName' in WEB-INF/weblogic.xml for module 'tcr.war' will be vetoed if possible. The change will not be persisted in either case.>
<May 15, 2009 12:07:15 PM EDT> <Warning> <J2EE Deployment SPI> <BEA-260128> <Changes not allowed to DTD based descriptors. The attempt to modify property 'ServletName' in WEB-INF/weblogic.xml for module 'tcr.war' will be vetoed if possible. The change will not be persisted in either case.>
<May 15, 2009 12:07:15 PM EDT> <Warning> <J2EE Deployment SPI> <BEA-260128> <Changes not allowed to DTD based descriptors. The attempt to modify property 'ServletName' in WEB-INF/weblogic.xml for module 'tcr.war' will be vetoed if possible. The change will not be persisted in either case.>
<May 15, 2009 12:07:15 PM EDT> <Warning> <J2EE Deployment SPI> <BEA-260128> <Changes not allowed to DTD based descriptors. The attempt to modify property 'ServletName' in WEB-INF/weblogic.xml for module 'tcr.war' will be vetoed if possible. The change will not be persisted in either case.>
<May 19, 2009 2:29:26 PM EDT> <Warning> <netuix> <BEA-423420> <Redirect is executed in begin or refresh action. Redirect url is /console/console.portal?_nfpb=true&_pageLabel=HomePage1.>
<May 31, 2009 10:27:32 PM EDT> <Notice> <WebLogicServer> <BEA-000388> <JVM called WLS shutdown hook. The server will force shutdown now>
<May 31, 2009 10:27:32 PM EDT> <Alert> <WebLogicServer> <BEA-000396> <Server shutdown has been requested by <WLS Kernel>>
<May 31, 2009 10:27:32 PM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SUSPENDING>
<May 31, 2009 10:27:32 PM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<May 31, 2009 10:27:32 PM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
<May 31, 2009 10:27:32 PM EDT> <Notice> <Server> <BEA-002607> <Channel "Default" listening on 10.45.8.61:9001 was shutdown.>
<May 31, 2009 10:27:32 PM EDT> <Notice> <Server> <BEA-002607> <Channel "Default[1]" listening on 127.0.0.1:9001 was shutdown.>
The server shutdown with the above output in the log file, can you please let me know why this happened and any solution for it?
Thanks.Have you see that in your posted log:
<May 13, 2009 10:37:08 AM EDT> <Alert> <Socket> <BEA-000414> <Could not initialize POSIX Performance Pack.>
<May 13, 2009 10:37:08 AM EDT> <Warning> <Socket> <BEA-000444> <Could not load the performance pack that can take advantage of /dev/(e)poll device due to:
weblogic.utils.NestedError: Could not initialize /dev/poll Performance Pack. Ensure that /dev/poll device exists and is initialized
Will attempt to use the performance pack that does not depend on /dev/(e)poll device.>
it seems to be a trouble with server performance pack. Try to DISABLE performance pack on your server and restart (unckeck "Native IO Enabled" on your domain"). You can also found some suggestions on http://edocs.bea.com/wls/docs92/messages/Socket.html (check for "BEA-000414" message).
Regards
Nat. -
How to get the print logs to appear in the application logs folder of windows server 2008 r2
Dear All,
I am a SIEM professional at an IT firm. i am facing a problem. My SIEM solution has an agent for windows. this agent reads only logs from the application, security and system folder of windows event viewer. In server 2008 r2 the printer logs are clustered
in and application and services/microsoft/windows/print services folder. The requirement of my management is that the siem solution should also be able to montior compliance of print policies. that can only be done once the the print logs are viewable in any
of the three event vieweer folders i.e application, system.security. how can i configure windows to make its print logs visible in any of these three folders ?this may be helpful...
http://social.technet.microsoft.com/Forums/windowsserver/en-US/fe8892cc-fb6d-49c7-8b2d-c1f17df8e085/2008-r2-use-advanced-security-audit-policy-to-log-print-jobs?forum=winserverprint
or post here...
http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverprint
Best,
Howtoto -
I'm replicating between two servers in two sites (Server A - Server 2012 R2 STD, Server B - Server 2008 R2) over a VPN (Sonicwall Firewall). Though the initial replication seems to be
happening it is very slow (the folder in question is less than 3GB). I'm seeing these in the event viewer every few minutes:
The DFS Replication service is stopping communication with partner PPIFTC for replication group FTC due to an error. The service will retry the connection periodically.
Additional Information:
Error: 1726 (The remote procedure call failed.)
and then....
The DFS Replication service successfully established an inbound connection with partner PPIFTC for replication group FTC.
Here are all my troubleshooting steps (keep in mind that our VPN is going through a SonicWall <--I increased the TCP timeout to 24 hours):
-Increased TCP Timeout to 24 hours
-Added the following values on both sending and receiving members and rebooted server
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Value =DisableTaskOffload
Type = DWORD
Data = 1
Value =EnableTCPChimney
Type = DWORD
Data = 0
Value =EnableTCPA
Type = DWORD
Data = 0
Value =EnableRSS
Type = DWORD
Data = 0
---------------------------------more troubleshooting--------------------------
-Disabled AntiVirus on both members
-Made sure DFSR TCP ports 135 & 5722 are open
-Installed all hotfixes for 2008 R2 (http://support.microsoft.com/kb/968429) and rebooted
-Ran NETSTAT –ANOBP TCP and the DFS executable results are listed below:
Sending Member:
[DFSRs.exe]
TCP 10.x.x.x:53 0.0.0.0:0
LISTENING 1692
[DFSRs.exe]
TCP 10.x.x.x:54669
10.x.x.x:5722 TIME_WAIT 0
TCP 10.x.x.x:54673
10.x.x.x:5722 ESTABLISHED 1656
[DFSRs.exe]
TCP 10.x.x.x:64773
10.x.x.x:389 ESTABLISHED 1692
[DFSRs.exe]
TCP 10.x.x.x:64787
10.x.x.x:389 ESTABLISHED 1656
[DFSRs.exe]
TCP 10.x.x.x:64795
10.x.x.x:389 ESTABLISHED 2104
Receiving Member:
[DFSRs.exe]
TCP 10.x.x.x:56683
10.x.x.x:389 ESTABLISHED 7472
[DFSRs.exe]
TCP 10.x.x.x:57625
10.x.x.x:54886 ESTABLISHED 2808
[DFSRs.exe]
TCP 10.x.x.x:61759
10.x.x.x:57625 TIME_WAIT 0
TCP 10.x.x.x:61760
10.x.x.x:57625 TIME_WAIT 0
TCP 10.x.x.x:61763
10.x.x.x:57625 TIME_WAIT 0
TCP 10.x.x.x:61764
10.x.x.x:57625 TIME_WAIT 0
TCP 10.x.x.x:61770
10.x.x.x:57625 TIME_WAIT 0
TCP 10.x.x.x:61771
10.x.x.x:57625 TIME_WAIT 0
TCP 10.x.x.x:61774
10.x.x.x:57625 TIME_WAIT 0
TCP 10.x.x.x:61775
10.x.x.x:57625 TIME_WAIT 0
TCP 10.x.x.x:61776
10.x.x.x:57625 TIME_WAIT 0
TCP 10.x.x.x:61777
10.x.x.x:57625 TIME_WAIT 0
TCP 10.x.x.x:61778
10.x.x.x:57625 TIME_WAIT 0
TCP 10.x.x.x:61779
10.x.x.x:57625 TIME_WAIT 0
TCP 10.x.x.x:61784
10.x.x.x:52757 ESTABLISHED 7472
[DFSRs.exe]
TCP 10.x.x.x:63661
10.x.x.x:63781 ESTABLISHED 4880
------------------------------more troubleshooting--------------------------
-Increased Staging to 32GB
-Opened the ADSIedit.msc console to verify the "Authenticated Users" is set with the default READ permission on the following object:
a. The computer object of the DFS server
b. The DFSR-LocalSettings object under the DFS server computer object
-Ran
ping <var>10.x.x.x</var> -f -l 1472 and got replies back from both servers
-AD replication is successful on all partners
-Nslookup is working so DNS is working
-Updated NIC drivers on both servers
- I ran the following to set the Primary Member:
dfsradmin Membership Set /RGName:<replication group name> /RFName:<replicated folder name> /MemName:<primary member> /IsPrimary:True
Then Dfsrdiag Pollad /Member:<member name>
I'm seeing these errors in the dfsr logs:
20141014 19:28:17.746 9116 SRTR 957 [WARN] SERVER_EstablishSession Failed to establish a replicated folder session. connId:{45C8C309-4EDD-459A-A0BB-4C5FACD97D44} csId:{7AC7917F-F96F-411B-A4D8-6BB303B3C813}
Error:
+ [Error:9051(0x235b) UpstreamTransport::EstablishSession upstreamtransport.cpp:808 9116 C The content set is not ready]
+ [Error:9051(0x235b) OutConnection::EstablishSession outconnection.cpp:532 9116 C The content set is not ready]
+ [Error:9051(0x235b) OutConnection::EstablishSession outconnection.cpp:471 9116 C The content set is not ready]
---------------------------------------more troubleshooting-----------------------------
I've done a lot of research on the Internet and most of it is pointing to the same stuff I've tried. Does anyone have any other suggestions? Maybe I need to look somewhere
else on the server side or firewall side?
I tried replicating from a 2012 R2 server to another 2012 server and am getting the same events in the event log so maybe it's not a server issue.
Some other things I'm wondering:
-Could it be the speed of the NICs? Server A is a 2012 Server that has Hyper-V installed. NIC teaming was initially setup and since Hyper-V is installed the NIC is a "vEthernet
(Microsoft Network Adapter Multiplexor Driver Virtual Switch) running at a speed of 10.0Gbps whereas Server B is running a single NIC at 1.0Gbps
-Could occasional ping timeout's cause the issue? From time to time I get a timeout but it's not as often as the events I'm seeing. I'm getting 53ms pings. The folder
is only 3 GB so it shouldn't take that long to replicate but it's been days. The schedule I have set for replication is mostly all day except for our backup times which start at 11pm-5am. Throughout the rest of the time I have it set anywhere from
4Mbps to 64 Kbps. Server A is on a 5mb circuit and Server B is on a 10mb circuit.I'm seeing the same errors, all servers are running 2008 R2 x64. Across multiple sites, VPN is steady and reliably.
185 events from 12:28:21 to 12:49:25
Events are for all five servers (one per office, five total offices, no two in the same city, across three states).
Events are not limited to one replication group. I have quite a few replication groups, so I don't know for sure but I'm running under the reasonable assumption that none are spared.
Reminder from original post (and also, yes, same for me), the error is: Error: 1726 (The remote procedure call failed.)
Some way to figure out what code triggers an Event ID 5014, and what code therein specifies an Error 1726, would extremely helpful. Trying random command line/registry changes on live servers is exceptionally unappealing.
Side note, 1726 is referenced here:
https://support.microsoft.com/kb/976442?wa=wsignin1.0
But it says, "This RPC connection problem may be caused by an unstable WAN connection." I don't believe this is the case for my system.
It also says...
For most RPC connection problems, the DFS Replication service will try to obtain the files again without logging a warning or an error in the DFS Replication log. You can capture the network trace to determine whether the cause of the problem is at the network
layer. To examine the TCP ports that the DFS Replication service is using on replication partners, run the following command in a
Command Prompt window:
NETSTAT –ANOBP TCP
This returns all open TCP connections. The connections in question are "DFSRs.exe", which the command won't let you filter for.
Instead, I used the NETSTAT command as advertised, dumping output to info.txt:
NETSTAT -ANOBP TCP >> X:\info.txt
Then I opened Excel and manually opened the .TXT for the open wizard. I chose fixed-width fields based on the first row for each result, and then added a column:
=IF(A3="Can not", "Can not obtain ownership information", IF(LEFT(A3,1) = "[", A3&B3&C3, ""))
Dragging this down through the entire file let me see that row (Row F) as the file name. Some anomalies were present but none impacted DFSrs.exe results.
Finally, you can sort/filter (I sorted because I like being able to see everything, should I choose to) to get just the results you need, with the partial rows removed from the result set, or bumped to the end.
My server had 125 connections open.
That is a staggering number of connections to review, and I feel like I'm looking for a needle in a haystack.
I'll see if I can find anything useful out, but a better solution would be most wonderful.
Maybe you are looking for
-
How to make text part of object
I have a square box that I created that is black. I have a white letter placed on the box(2D by the way). I want the letter to be part of the box, not just a croup, but merge the two. On a similar note, how do I merge two objects? Thanks
-
I am being told I need a wpa2 password to login to wifi. .
I am being told I need a wpa2 password to login to wifi. The business where I am has a strong wifi And I'm using the correct password. Others here are able to log on. Why can't I? Brand new MacBook Air/snow Leopard. Any ideas? Thanks.
-
Support for Multiple Hierarchies defined for the same GL Segment
Hi, In our eBS setup, we have multiple hierarchies defined for a GL Segment. OOTB, BI Apps 7.9.6.3 provides support for 10 Segments, and it's corresponding Hierarchies (1 Hierarchy for each Segment). My question here is whether OOTB BI Apps 7.9.6.3 s
-
Remote command execution via ssh on ips sensor...
I am attempting to execute a command remotely via ssh so that I can collect the information on another host. ex: ssh -t username@sensor show tech-support Instead of the output I expect, I receive an error message: Error: Received invalid command line
-
App Store denies that iTunes 11.1 is available.
iTunes keeps telling me 11.1 is available, but when I try to download it, App Store says there are no available updates. Any guidance?