Event Log - explanation needed

Hi
Can anyone explain why I see the following entries in the event log - these happen every 5 mins whether or not I have a wireless connection to my HH3. Over the past couple of weeks I have seen my wireless speeds drop from 56 mbits to 5 or 6 mbits (having had stable connections for the past couple of years around the 56 mbits mark). Tried a factory reset of the hub yesterday. Not sure if the undernoted could be causing my speed drop (which I can resolve by resetting the hub but the speed drops off again after a few hours or a day)
08:11:47,23 Jan.
CWMP:session start now, server:https://pbthdm.bt.mo, Event code:, 4 VALUE CHANGE
08:06:47,23 Jan.
CWMP:session completed successfully

Hi Arunesh,
Thank you for posting in Windows Server Forum.
By default, auditing for WFP is disabled.
Auditing can be enabled on a per-category basis through either the Group Policy Object Editor MMC snap-in, the Local Security Policy MMC snap-in, or the auditpol.exe command.
For example, to enable the auditing of Policy Change events you may:
- Use the Group Policy Object Editor
- Use the Local Security Policy
Please check below article might useful for your case.
Auditing
http://msdn.microsoft.com/en-us/library/bb309058(VS.85).aspx
Hope it helps!
Thanks.
Dharmesh Solanki

Similar Messages

Interpreting Crash Logs: Explanations Needed

Hi Everyone,
Allan Doyle just posted a crash report because Logic crashed on his system (sorry to hear about it Allan). Link is here:
http://discussions.apple.com/thread.jspa?threadID=432758&tstart=0
But the whole notion of a crash report... few if any of us are knowledgeable enough to understand the significance of any one part of it. Wondering if anyone here (Justin C. perhaps?) can help us make heads/tails of one of these reports. Maybe with a little information we can even understand if there's ANYTHING at all meaningful to be gleaned from them.
For example, from Allan's crash report:
Exception: EXCBADACCESS (0x0001)
Codes: KERNPROTECTIONFAILURE (0x0002) at 0x000007bc
I know what "Exception" means, but maybe there are some of us who don't. And I think that the second line refers to a "kernel panic" which, while I've heard the term, I really don't know what this means exactly.
Also, from Thread 0 (crashed) of Allan's report, I noticed a file called "com.apple.HIToolbox"
So can someone please shed some light on what these things mean?

I'm no expert at deciphering crash reports, but what is interesting [for the developer] is which thread crashed and what it was trying to achieve at that time. So all we can safely say here is a Logic thread branched somewhere in the CoreFoundation code while looping some audio soundbits: since you don't have the source code, you won't know why it crashed, although from the type of error, you can tell it attempted to read or write in a RAM area that wasn't owned by the process. Period.
From then on, you might extrapolate, but it's no use, since you have definitely no way to check, debug, or change the code to assign an uninitialized pointer, or whatever — this is intended for the developer only... The register values won't tell you anything, the other threads running should have kept running, and the Binary Images Description only tells you which other processes were also involved at that point.
Agreed, sometimes the report would give you a clue about which part of the code was wrong — caller or callee — when one of them is, for instance, a plug-in or a driver, so you may disable it, or merely avoid using it, and test whether Logic still crashes. But here, all you can do — as a user — is try and not recreate the specific conditions that lead to that crash...

Hub3 Event Log - erroneous entries need explainati...

My first post so please be gentle.
My BB went off today and when it came back it was very slow and I couldn't connect to any web page (which is not like my service which is usually top notch).
I looked in the Event Log and there were a couple of entries around the time of the disconnection which made me very suspicious.
19:42:15, 20 Nov. (5875284.760000) Server URL: https://pbthdm.bt.motive.com; Connecting as user: ACS username
19:42:13, 20 Nov. (5875282.470000) Initializing transaction for event code 2 PERIODIC
I started a Chat with someone & needless to say (unfortunately) they were about as much use as a chocolate fire guard. Disconnect this, check that - oh no not the 'take the face plate off & use the test socket' lark - can you not explain what's happened? NO
Ever since then my service is extremely slow and connection is intermittent. Can anyone explain what these message mean? Even if they have nothing to do with my current situation it would still be nice to know what they mean.
Thanks

"https://pbthdm.bt.motive.com;" that is the link BT use for provisioning servers incase your Hub is going to be upgraded, the Hub will check sometimes to see if there is a newer version.
As for your slow speed problems would you mind doing the following?
Can you please post your ADSL stats by following this direct link; http://192.168.1.254/ and go to A-Z (top right) and then ADSL Settings and post everything including Line Attenuation, Noise Margin, Connection Speed, Errors etc...
Also we need a speedtest just to have a look and make sure everything's okay? Use this link http://bit.ly/uViAXN and post all the required info Throughput, IP Profile etc..). If that one doesn't work then try this work around link http://bit.ly/uV4DdK .
Run a line test to determine if or not it is an external problem: http://goo.gl/J25w8
Can you also confirm if you're connected at the master socket or an extension? And what your type your master socket is according to this picture
Lastly for now, call 17070 and Press Option 2 for the Quiet Line test and where possible use a corded phone as DECT handsets can pick up electrical interference?
Regards Edd
Check your Line
BT Speedtester

Need Help to extract information from Windows Security Event log

Hi Everyone,
My challenge is to create a script that queries the Security event log for event id 4624 , logon type 2 and 10, then export the result to file, hopefully tab limited.
I need the time - date - User Account - Workstation - IP address - Logon Type.
I have had a go, checking out other advice from other questions, but i'm just not getting what I want.
Kind regards,
Andrew

A good point to start is get-eventlog with where clauses.
For example:
get-eventlog -log security | where {$_.eventID -eq 4624}
So you want to get the entire security log, and then filter it client side? (Some of these logs can be massive).
I would recommend Get-WinEvent with -FilterHashTable (Filter on the left) which will filter against the log directly.
http://blogs.technet.com/b/heyscriptingguy/archive/2011/01/24/use-powershell-cmdlet-to-filter-event-log-for-easy-parsing.aspx
You might have admin rights issues accessing the security logs.
You're right - my answer was only a first step to try "get-command *event" and eventually get-help.....

Help Needed-bt home hub 2.0 event log messages

Hi, Please can someone have a look at the event log messages below. Is someone trying to hack me? there are loads more of these messages i've only copy and pasted a few of them.
many thanks in advance.
12:32:02 30 Sep
VOIP: [2.0A] [guest1] [-] REGISTER - SIP message received
12:32:02 30 Sep
VOIP: [2.0A] [guest] [] 501 Not Implemented - SIP message sent
12:32:02 30 Sep
VOIP: [2.0A] [guest] [-] REGISTER - SIP message received
12:32:02 30 Sep
VOIP: [2.0A] [office12345] [] 501 Not Implemented - SIP message sent
12:32:02 30 Sep
VOIP: [2.0A] [office12345] [-] REGISTER - SIP message received
12:32:02 30 Sep
VOIP: [2.0A] [office1234] [] 501 Not Implemented - SIP message sent
12:32:02 30 Sep
VOIP: [2.0A] [office1234] [-] REGISTER - SIP message received
12:32:02 30 Sep
VOIP: [2.0A] [office123] [] 501 Not Implemented - SIP message sent
12:32:02 30 Sep
VOIP: [2.0A] [office123] [-] REGISTER - SIP message received
12:32:02 30 Sep
VOIP: [2.0A] [office12] [] 501 Not Implemented - SIP message sent
12:32:02 30 Sep
VOIP: [2.0A] [office12] [-] REGISTER - SIP message received
12:32:02 30 Sep
VOIP: [2.0A] [office1] [] 501 Not Implemented - SIP message sent
12:32:02 30 Sep
VOIP: [2.0A] [office1] [-] REGISTER - SIP message received
12:32:02 30 Sep
VOIP: [2.0A] [office] [] 501 Not Implemented - SIP message sent
12:32:02 30 Sep
VOIP: [2.0A] [office] [-] REGISTER - SIP message received
12:32:02 30 Sep
VOIP: [2.0A] [admin12345] [] 501 Not Implemented - SIP message sent
12:32:02 30 Sep
VOIP: [2.0A] [admin12345] [-] REGISTER - SIP message received
12:32:02 30 Sep
VOIP: [2.0A] [admin1234] [] 501 Not Implemented - SIP message sent
12:32:02 30 Sep
VOIP: [2.0A] [admin1234] [-] REGISTER - SIP message received
12:32:02 30 Sep
VOIP: [2.0A] [admin123] [] 501 Not Implemented - SIP message sent
12:32:02 30 Sep
VOIP: [2.0A] [admin123] [-] REGISTER - SIP message received
12:32:02 30 Sep
VOIP: [2.0A] [admin12] [] 501 Not Implemented - SIP message sent
12:32:02 30 Sep
VOIP: [2.0A] [admin12] [-] REGISTER - SIP message received
12:32:02 30 Sep
VOIP: [2.0A] [admin1] [] 501 Not Implemented - SIP message sent
12:32:02 30 Sep
VOIP: [2.0A] [admin1] [-] REGISTER - SIP message received
12:32:02 30 Sep
VOIP: [2.0A] [admin] [] 501 Not Implemented - SIP message sent
12:32:02 30 Sep
VOIP: [2.0A] [admin] [-] REGISTER - SIP message received
12:32:02 30 Sep
VOIP: [2.0A] [administrator] [] 501 Not Implemented - SIP message sent
12:32:02 30 Sep
VOIP: [2.0A] [administrator] [-] REGISTER - SIP message received
12:32:02 30 Sep
VOIP: [2.0A] [4260011834] [] 501 Not Implemented - SIP message sent
12:32:02 30 Sep
VOIP: [2.0A] [4260011834] [-] REGISTER - SIP message received
12:32:02 30 Sep
VOIP: [2.0A] [Administrator] [] 501 Not Implemented - SIP message sent
12:32:02 30 Sep
VOIP: [2.0A] [Administrator] [-] REGISTER - SIP message received
12:32:02 30 Sep
VOIP: [2.0A] [3942121793] [] 501 Not Implemented - SIP message sent
12:32:02 30 Sep
VOIP: [2.0A] [3942121793] [-] REGISTER - SIP message received
12:32:02 30 Sep
VOIP: [2.0A] [100] [] 404 Not Found - SIP message sent
12:32:02 30 Sep
VOIP: [2.0A] [100] [-] OPTIONS - SIP message received
12:32:01 30 Sep
SNTP Synchronised to server: 213.123.26.170
11:45:07 30 Sep
VOIP: [2.0A] [100] [] 404 Not Found - SIP message sent
11:45:07 30 Sep
VOIP: [2.0A] [100] [-] OPTIONS - SIP message received
11:32:01 30 Sep
SNTP Synchronised to server: 213.123.20.170
11:28:34 30 Sep
VOIP: [2.0A] [100] [] 404 Not Found - SIP message sent
11:28:34 30 Sep
VOIP: [2.0A] [100] [-] OPTIONS - SIP message received
Solved!
Go to Solution.

Hi JM7HUB and welcome,
No, you're not being hacked. It's to do with BTHub phone (Broadband Talk - BBT) and the hub, in your case the hub 2A.
It's a test that BT seem to carry out, normally (IIRC) after a reboot of the hub or possibly at random times - it's been a long time since I used BBT. I'll guess there are some random names mentioned on some of the other VOIP events?
If you don't use a BBT, you can turn this off by entering the hub manager - type bthomehub.home or 192.164.1.254 in to your browser, click settings, advanced settings, continue to adavnced settings, telephony - there should be an option there to turn it off. This should then stop the events.
edit. The telephone light on the hub will go out, but any registered hub phone should still operate as a 'normal' phone using your landline number.
-+-No longer a forum member-+-

How do "you" monitor event logs in SCOM 2012? Need opinions.

Fairly new to SCOM. Do you monitor all event logs? Just warnings and critical? How do you filter out things you don't want to see?
Looking for opinions here not just a "how-to".
Thanks,

Steps in creating a Event based Alerting Rule.
1. Open the Operations Manager Console.
2. Go to Authoring.
3. Under Authoring - Management Pack Objects - Select Rules
4. Right click on Rules and select - Create a new rule
5. Select Alert Generating Rules - Event Based - NT Event Log (Alert)
6. On the same screen select your destination management pack and click Next
7. Give a name to your Rule and optionally give it a Description.
8. Rule Category can be anything you like.
9. Select the Rule Target as the class of your choice, normally it can be Windows Computer.
10. Make sure the Rule is Enabled and select Next.
11. Select the Event log name from where event will be monitored and click Next. (for example Application or System
or Security)
12. Build the Expression to filter the events with the below details:
     a. Parameter Name = Event ID, Operator = Equals and Value = (any event id of your choice)
     b. Parameter Name = Event Source, Operator = Equals and Value = (any source of your choice) (you
may delete this filter if you want)
     c. Click on Insert button at Top and it will put the cursor at Parameter Name, click square button
with 3 dots [...] and it will popup another screen.
     d. In that box, select the 3rd radio button named 'Use parameter name not specified above' and there
manually type 'EventDescription' (without quotes) and click OK.
     e. Then come back to filter screen, now here you will see Parameter Name = EventDescription, and
for Operator select Contains and then for Value you can type any word you want to key on from the Event description.
13. After building the desired Expression, click Next.
14. Configure Alerts as you like and click the Create button.
To get the Alerting event details. Go to Start menu and in Run window type eventvwr.
And put the details on the wizard as per the below screenshot.
Refer: http://blogs.technet.com/b/operationsmgr/archive/2008/11/12/opsmgr-2007-how-to-create-an-alert-rule-based-on-an-event-description.aspx
Gautam.75801

How to write to windows event logs from determinations-server under IIS

This is just an FYI technical bit of information I wish someone had shared with me before I started trying to write OPA errors to the windows event log... Most problems writing to the windows event log from log4net occur because of permissions. Some problems are because determinations-server does not have permissions to create some registry entries. Some problems cannot be resolved unless specific registry entry permissions are actually changed. We had very little consistency with the needed changes across our servers, but some combination of the following would always get the logging to the windows event log working.
To see log4net errors as log4net attempts to utilize the windows event log, temporarily add the following to the web.config:
<appSettings>

<add key="log4net.Internal.Debug" value="true"/>
</appSettings>
<system.diagnostics>
<trace autoflush="true">
<listeners>
<add
name="textWriterTraceListener"
type="System.Diagnostics.TextWriterTraceListener"
initializeData="logs/InfoDSLog.txt" />
</listeners>
</trace>
</system.diagnostics>
To add an appender for the windows event viewer, try the following in the log4net.xml:
<appender name="EventLogAppender" type="log4net.Appender.EventLogAppender" >
<param name="ApplicationName" value="OPA" />
<param name="LogName" value="OPA" />
<param name="Threshold" value="all" />
<layout type="log4net.Layout.PatternLayout">
<conversionPattern value="%date [%thread] %-5level %logger [%property{NDC}] - %message%newline" />
</layout>
<filter type="log4net.Filter.LevelRangeFilter">
<levelMin value="WARN" />
<levelMax value="FATAL" />
</filter>
</appender>
<root>
<level value="warn"/>
<appender-ref ref="EventLogAppender"/>
</root>
To put the OPA logs under the Application Event Log group, try this:
Create an event source under the Application event log in Registry Editor. To do this, follow these steps:
1.     Click Start, and then click Run.
2.     In the Open text box, type regedit.
3.     Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application
4.     Right-click the Application subkey, point to New, and then click Key.
5.     Type OPA for the key name.
6.     Close Registry Editor.
To put the OPA logs under a custom OPA Event Log group (as in the demo appender above), try this:
Create an event log in Registry Editor. To do this, follow these steps:
1.     Click Start, and then click Run.
2.     In the Open text box, type regedit.
3.     Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
4.     Right-click the eventlog subkey, point to New, and then click Key.
5.     Type OPA for the key name.
6.     Right-click the new OPA key and add a new DWORD called "MaxSize" and set it to "1400000" which is about 20 Meg in order to keep the log file from getting too large.
7.     The next steps either help or sometimes cause an error, but you can try these next few steps... If you get an error about a source already existing, then you can delete the key.
8.     Right-click the OPA subkey, point to New, and then click Key.
9.     Type OPA for the key name.
10.     Close Registry Editor.
You might need to change permissions so OPA can write to the event log in Registry Editor. If you get permission errors, try following these steps:
1.     Click Start, and then click Run.
2.     In the Open text box, type regedit.
3.     Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
4.     Right-click the EventLog key, select Permissions.
5.     In the dialog that pops up, click Add...
6.     Click Advanced...
7.     Click Locations... and select the current machine by name.
8.     Click Find Now
9.     Select both the Network user and IIS_IUSERS user and click OK and OK again. (We never did figure out which of those two users was the one that fixed our permission problem.)
10.     Change the Network user to have Full Control
11.     Click Apply and OK
To verify OPA Logging to the windows event logs from Determinations-Server:
Go to the IIS determinations-server application within Server Manager.
Under Manage Application -> Browse Application click the http link to pull up the local "Available Services" web page that show the wsdl endpoints.
Select the /determinations-server/server/soap.asmx?wsdl link
Go to the URL and remove the "?wsdl" from the end of the url and refresh. This will throw the following error into the logs:
ERROR Oracle.Determinations.Server.DSServlet [(null)] - Invalid get request: /determinations-server/server/soap.asmx
That error should show up in the windows event log, OR you can get a message explaining why security stopped you in "logs/InfoDSLog.txt" if you used the web.config settings from above.
http://msdn.microsoft.com/en-us/library/windows/desktop/aa363648(v=vs.85).aspx
Edited by: Paul Fowler on Feb 21, 2013 9:45 AM

Thanks for sharing this information Paul.

Questions about BT Home Hub 4A event log - WIFI c...

Hope someone can help please ?
I had BT inifinity installed 2 weeks ago with the HH 4 (type A) and everything has worked - connection found, no problem.
This week, my ipod touch was unable to join the network but the iphone 5, another ipod and a tablet could connect without a problem. The ipod touch managed to connect to another WIFI used at the property and my work wifi without a problem.
I thought it maybe the ipod touch as it was quite old but that doesn't make sense since it connects fine to other networks. I restored network settings and other options suggested by Apple but to no avail.
I have turned my attention to the Hub. My laptop (older than the ipod touch) gets the connection no problem along with the other devices. I went into the hub management page but I am not smart enough to decifer the event log so would like some help so I can fix this because I thought BT infinity was the better more reliable option?
The ipod touch Wifi IP address is 00:25:00:b7:35:f6.
On the event log, it shows STA before the address - but it shows STA before all the device IP addresses. Should I change this to DCHP ? or is this (Static ? alright)
The Lease on all the devices on the event log is set to 1440 min. (1 day) is that alright too, what does it mean ?
Do I have to keep renewing the lease ? How do I do that ? I read it can be set to 21 days ?
Going back to the IP address on the ipod it shows the Hostname as 00:25:00:B7:35:f6-2 this is different to the IP address with the -2. Could that be a cause of the unable to join network or is it because I attempted to recreate the network on the ipod so its the second version of that host name ?
Is there any setting I can change to fix this because I am concerned the same this will happen to the other devices and then the laptop....
What do I need to do to be able to get my ipod touch to connect to the BT network setting ?
I think its the hub 4A causing the 'block' on the ipod touch not the device and I think its maybe a matter of changing a setting - but then why was it all fine before when Infinity was first installed ?
Lastly my laptop (7 Years old) seems to be attached to the 5GHZ Wireless channel - is that alright ? The other more recent devices are on the 2.4ghz channel (except the ipod touch which isn't on any !!)
Is it alright to turn the hub on / off ? -I am resisting that because I don't want to make the situation worse.
Sorry but what does client disassociated mean and all the BLOCKS - do they relate to firewall ?
Please can you review the event log and my questions ?
Many thanks
angie 2601
The time frame is 3.55am 8/8/2013 - 7.16 am 8/8/2013
(Latest (7.16am) at the top
Message
07:16:39, 08AUG
(1224785.050000) Admin login successful by 192.168.1.64 on HTTP (1224766.610000) Admin login FAILED by 192.168.1.64 on HTTP (1224648.050000) New GUIsession from IP 192.168.1.64
(1224466.770000) Device disconnected: Hostname: Unknown-d8:dl:cb:ec:a6:fe
IP: 192.168.1.65 MAC: d8:d1:cb:ec:a6:fe
wlan1: STA d8:d1:cb:ec:a6:fe IEEE 802.11: Client disassociated
(1224362.750000) lease for IP 192.168.1.65 renewed by host Unknown d8:d1:cb:ec:a6:fe (MAC d8:d1:cb:ec:a6:fe).lease duration:1440 min (1224362.750000) Device connected: Hostname:Unknown-d8:d1:cb:ec:a6:feiP:
192.168.1.65 MAC:d8:dl:cb:ec:a6:fe lease time: 1440 min. link rate:90.0 Mbps
(1224362.690000) Lease requested
wlan1: STA d8:d1:cb:ec:a6:fe IEEE 802.11:Client associated
(1224241.150000) lease for IP 192.168.1.64 renewed by host FAMILY (MAC
00:13:02:de:6d:e6). Lease duration:1440 min
(1224241.150000) Device connected: Hostname: FAMii.Y IP:192.168.1.64 MAC:
00:13:02:de:6d:e6 Lease time: 1440 min. link rate: 54.0 Mbps
(1224241.090Cl00) Lease requested
wlan1TA 00:13:02:de:6d:e6 IEEE 802.11:Client associated
OUT: BLOCK [9] Packet invalid in connection (TCP
192.168.1.66:34905->31.13.72.38:443 on ppp1)
(1223644.770000) Device disconnected: Hostname: Unknown-d8:dl:cb:ec:a6:fe
IP: 192.168.1.65 MAC: d8:d1:cb:ec:a6:fe
wlanl: STA d8:d1:cb:ec:a6:-fe IEEE 802.11:CHent diSassociated
(1223489.390000) Lease for IP 192.168.1.65 renewed by host Unknown d8:d1:cb:ec:a6:fe (MAC d8:d1:cb:ec:a6:fe).lease duration:1440 min (1223489.380000) Device connected:Hostname:Unknown-d8:dl:cb:ec:a6:fe IP:
192.168.1.65 MAC: d kd1:cb ec:-a6-:fe Lease time: 1440 min. Link rare: 90.0 Mbps
(1223489.330000) Lease requested
wlan1: STA d8:d1:cb:ec:a6:fe IEEE 802.11: Client associated wlan1TA d8:d1:cb:ec:a6:fe IEEE 802.11: Client disasSociated
wlan1TA d8:d1:cb:ec:a6:fe IEEE 802.11:Client associated
OUT;BLOCK [9] Packet i valid in connection (TCP
192.168.1.66:34375->31.13.72.38:443 on pppl)
l'N':BLOCK [16-} Remote administration {ICMP type 8 code 0
117.1.42.94->86.182.228.205 on ppp1)
IN: BLOCK [9] Packet invalid in connection (TCP
31.13.72.33:443->86.182.228.205:44156 on ppp1) IN: BLOCK [9] Packet invalid in connection (TCP
31.13.72.33:443->86.182.228.205:36615 on ppp1)
OUT: BLOCK [9] Packet invalid in connection (TCP
192.1-68.1.68:49476->173.252.103.16:443 OR ppp1)
BLOCKED 5 more packets (because of Packet invalid in connection) OUT: BLOCK [9] Packet invalid in connection (TCP
192.168.1.68:49443->95.100.195.205:443 on ppp1)
OUT:BLOCK {9] PaCket invalid in connection (TCP
192.168.1.68:49438->95.100.194.217:443 on ppp1)
IN:BLOCK [9] Packet invalid in connection (TCP
95.100.194.217:443->86.182.228.205:49444 on ppp1)
(1222111.810000) Lease for IP 192.168.1.68 renewed by host Unknown-
70:56:81:46:bf:d9 (MAC 70:56:81:46:bf:d9).Lease duration:1440 min
(1222111.810000) Device connected:Hostname:Unknown-70:56:81:46:bf:d9 IP:,
192.168.1.68 MAC:70:56:8:t:46:bf:d9lease time:1440 min. Link rate:52.0 Mbps
(1222111.750000) Lease requested .-
wlanO: STA 70:56:81:46:bf:d9 IEEE 802.11: Client associated • (1222093.690000) Device dlsconn: Hostname:Unknown-
00:25:00:b7:35:f6-2 IP: 192.168. MAC: 00:25:00:b7:35:f6 wlanoTA 00:25:00:b7:35:f6 IEEE 802.11:Client disassociated
OUT:BLOCK [9] Packet invalid in connection (TCP
192.168.1.66-:43272->31.13.72.33:443 on ppp1)
221969.130000) lease for IP 192.168.1.67 renewed by host Unknown-
00:25:00:b7:35:f6-2 (MAC 00:25:00:b7:35:f6). lease duration:1440 min
(1221969.130000} Devicconnected: Hostname·:Unknowwoo·:25:00:b7 35:f6-2
IP: 192.168.1.67 MAC: 00:25:00:b7:35:f6 Lease time: 1440 min. Unk rate: 54.0
Mbps
(1221969.070000) Lease requested
wlanO: STA 00:25:00:b7:35:f6 IEEE 802.11:Client associated
(1220365.290000) Device disconnected: Hostname:Unknown-
00:25:00:b7:35:f6-2 IP: 192.168.1.67 MAC: 00:25:00:b7:35:f6 wlanOTA 00:25:00:b7:35:f6 IEEE 802.11:Client disassociated
(1220348.230000) Lease for IP 192.168.1.67 renewed by host Unlmown-
00:25:00:b7:35:f6-2 (MAC 00:25:00:b7:35:f6).lease duration: 1440 min
(1220348.230000) Device connected: Hostname:Unknown-00:25:00:b7:35:f6-2
IP: 192.168.1.67 MAC: 00:25:00:b7:35:f6 Lease time: 1440 min. Unk rate: 54.0
Mbps
(1220348.170000) lease requested
wlanOTA 00:25:00:b7:35:f6 IEEE 802.11:Client associated
IN: BLOCK f16] Remote administration (TCP
123.151.42.61:12233->86.182.228.205:8080 on ppp1) OUT: BLOCK [9] Packet invalid in connection (TCP
:t92.Hi8.1.66:53813->31.13.72.33:443 on ppp1)
OUT:BLOCK [9] Packet invalid in connection (TCP
192.168.1.66:43989->31.13.72.33:443 on ppp1)
IN: BLOCK [16] Remote administration (ICMP type 8 rode 0
2.7.251.109.227->86.182.228.205 on pppl)
(1216770.650000) Device disconnected:Hostname:Unknown-
00:25:00:b7:35:f6-2 IP: 192.168.1.67 MAC: 00:25:00:b7:35:f6
OUT:BLOCK [9j Packet invalid in connection (TCF
192.168.1.67:49180->74.125.136.109:993 on ppp1)
wlanOTA 00:25:00:b7:35:f6 IEEE 802.11:Client disassociated
(1216753.280000) Lease for IP 192.168.1.67 renewed by host Unknown-
00:25:00:b7:35:f6-2 (MAC 00:25:00:b7:35:f6). lease duration:1440 min
(1216753.270000) Device connected: Hostname: Unknown-00:25:00:b7:35:f6-2
IP: 192.168.1.67 MAC: 00:25.:00-:.b7.:35:f6 Lease time: 1440 min. Unk rate: 54.0
Mbps
(1216753.220000) lease requested
wlanO: STA 00:25:00:b7:35:f6 IEEE 802.11:Client assodat
OUT: BLOCK [9] Packet invalid in connection (TCP
192.168.1.66:55944->23.21.78.229:443 on ppp1)
OUT: BLOCK [9J Packet invafid in connection (TCP
192.168.1.66:34794->31.13.72.33:443 on ppp1)
OUT:BLOCK [9] Packet invalid in connection (TCP
192.168.1.66:41441->31.13.72.33:443 on ppp1)
{1213176.020000) Device disconnected:.Hostname:Unknown-
00:25:00:b7:35:f6-2 IP: 192.168.1.67 MAC:00:25:00:b7:35:f6 wlanO: STA 00:25:00:b7:35:f6 IEEE 802.11: Client disassociated
(1213158.410000) Lease for IP 192.168.1.67 renewed by host Unknown-
00:25:00:b7:35:f6-2 (MAC 00:25:00:b7:35:f6). lease duration:1440 min _./:\ (1213158.400000) Device connected:Hostname:Unknown-00:25:00:b7:35:ftt.Y IP: 192.168.1.67 MAC: 00:25:00:b7:35:f6 Lease time: 1440 min.Unk rate: 54.0
Mbps
(1213158.340000) Lease requested
wlanO: STA 00:25:00:b7:35:f6 IEEE 802.11: Client associated
OUT:BLOCK (9] Packet invalid in connection (TCP
192.168.1.66:59767->176.34.180.243:443 on ppp1) OUT;BLOCK [9] P.acket invalid in connection {TCP
192.168.1.66:56075->31.13.72.33:443 on ppp1) OUT: BLOCK [9] Packet invalid in connection (TCP
192.168.1.66 581:1:0->31.13.72.33:443 on ppp1)
BL.OCKED 2 more packets (because of Packet invalid in connection) OUT:BLOCK [9] Packet invalid in connection (TCP
192.168.1.66:56251->31.13.72.33:443 on ppp1)
OUT:BLOCK [9] Packet invalid in connection (TCP
192.168.1.66:36959->31.13.72.33:443 on ppp1)
BlOCKED 1more packets (because of Packet invalid in connection)

It could be that the Ipod touch is having problems with both the 2.4GHz and 5GHz frequencies being named the same. If you give them separate SSids it may help. ie add a 5 to the 5GHz SSid.
If you do this you will need to re-connect all your devices that can see both frequencies to both SSids so that they will swap between the frequencies seamlessly when ever they need to
See link how to change SSid.
http://bt.custhelp.com/app/answers/detail/a_id/44504/related/1/session/L2F2LzEvdGltZS8xMzc1OTY2ODIxL...
Once you have changed the SSid I would delete the network connection on the Ipod touch and start again.

Event Log stopped working - Error 1747 : The Authentication Service is Unknown

I reccently noticed that my scheduled tasks were no longer running. I tried to bring up the task scheduler and it said the service was not running. I checked the service and sure enough, it was not running. I tried to start it and it failed because the windows event log service, which is a dependency, was also not running. I tried to start the event log service, and gave the error above in the subject line.
The event log service uses a log on of "Local Service". There are other services that use the same log on and they start up with no problem. I have searched the internet for a solution to this and have tried several things I found with no luck. One was to run SFC, another was to delete the Windows/Logs and Windows/System32/Logfiles folders so they would be re-created on startup. I also tried subinacl to reset the ACLs on registry branches and the subfolders of %SystemDrive% as recommeded in another forum.
I am running Vista Home Premium and all the latest updates have neen applied. Anyone have any further ideas? (short of re-installing Vista).
Thanks.

Hi there Robin. I am an IT Technician & felt that I needed to begin communication with you regarding this issue. I recently made a post in this thread detailing my issues & found resolution. I just wanted to share my post with you & hope that the information is useful to others that need to resolve these issues without re-installing their operating systems. Please find my post below:
Hi all. I am an IT technician & have recently been troubleshooting a customer's Windows Vista Home Premium laptop in a wireless home network.
In a nutshell the laptop suddenly stopped connecting to the wireless router; upon investigation I found lots of windows services were not starting; this sent me on a bit of a wild goose chase as this showed all signs of some kind of trojan / malware infection hogging the system. Here are some of the things I saw:
1). Norton 360 wasn't even running correctly & I was unable to view it's firewall status.
2). Windows firewall was disabled & I was unable to start it (service failed error message).
3). I was unable to view windows event logs & received "Error 1747 : The Authentication Service is Unknown"
4). Windows Side Bar was all blanked out & not showing any gadgets
5). I attempted a system restore but that failed (I saw references in system restore that the Bonjour service had been un-installed)
I did loads of further investigation & found this thread. It would appear that removing, or even trying to remove / un-install the Bonjour service may cause the above mentioned issues in windows Vista. I have not seen this kind of errata in windows XP.
I have heard of people pulling their hair out & re-installing the operating system possibly due to experiencing these issues.
Please Read On....
Resolution that worked for me:
I ran the Winsock corruption fix that is mentioned in previous threads as per microsoft's instructions found at the following URL: http://support.microsoft.com/kb/811259
Manual steps to recover from Winsock2 corruption for Windows Vista users
Winsock corruption can cause connectivity problems. To resolve this issue by using Network Diagnostics in Windows Vista, follow these steps:
1.
Click , and then click Network.
2.
Click Network and Sharing Center.
3.
In the Network and Sharing Center box, click Diagnose and Repair.
Note You may also access the Network and Sharing Center in Control Panel.
If the Network and Diagnostic tool was unable to find a problem, you can manually repair or reset Winsock.
Manual steps to repair or to reset Winsock for Windows Vista users
1.
Click , type cmd in the Start Search box, right-click cmd.exe, click Run as administrator, and then press Continue.
2.
Type netsh winsock reset at the command prompt, and then press ENTER.
Note If the command is typed incorrectly, you will receive an error message. Type the command again. When the command is completed successfully, a confirmation appears, followed by a new command prompt. Then, go to step 3.
3.
Type exit, and then press ENTER
Hey Presto!!!! After re-booting everything is back online & all necessary windows services & norton 360 are starting as normal.
Further Information on Bonjour Service:
http://en.wikipedia.org/wiki/Bonjour_(software)
As I understand & in my experience the Bonjour service is installed as a sub-aplet with certain 3rd party software applications including Apples itunes & Adobe newest Creative Suite 3 installs Apple’s Bonjour service even if you don’t install Version Cue. Its main goal is to provide zero-configuration connectivity between Version Cue server and the suite’s applications.
A bit more CSi & i've established how to un-install Bonjour service; there is a great topic on this subject at the following URL: http://www.raymond.cc/blog/archives/2008/02/10/how-to-uninstall-or-remove-bonjour-mdnsresponderexe/
Thanks to all for your post & input...it has really helped to get this issue resolved (well for me anyway) & has of course save a re-install!!!!
I will keep an eye on this thread...please post your resolutions / experiences to help others.
Kind regards

File history stopped working after a warning message in the event log

I have encountered this twice that File history stopped working, the event log says:
Unusual condition was encountered during finalization of a backup cycle for configuration C:\Users\xxxx\AppData\Local\Microsoft\Windows\FileHistory\Configuration\Config
If I re-run it, it consumes the backup disk space but still failed to backup.
I have to manually delete all backup, turn off File History and re-configure it again to make it work.
This happened twice already, so all my file history lost after re-config.
Anyone encounter the same situation?

MICROSOFT is plagued by idiots!!!!
- Just turn it off
- then click "select drive"
- and when it asks you the retarded question... just click >>>>>"NO"<<<<<<< -_-
Seriously... this is the answer.... frigging retards at microsoft... to think it takes an army of programmers and billions of dollars to create such idiocy!
http://answers.microsoft.com/en-us/windows/forum/windows_8-performance/cannot-change-drive-in-file-history-windows-8/6dbeca54-d05e-4f93-9262-45a56d6a82d1?page=2&msgId=f1792c5e-c5d0-4163-b449-c7165d72f88d&tab=question&status=AllReplies&status=AllReplies%2CAllReplies
I cant believe these morons put everyone through such hell and then don't even bother to follow up with the correct solution.
To top it of the moron moderator marks this as an answer??!!!
What a pathetic joke - I hope everyone reads this message before being punished by the miles of bullcrap in this thread -_-
Microsoft = ridiculous
Thanks! I guess the TL;DR version is "to change your file history drive you need to discard the current temp files."
Exactly :)
It's the bad wording in the messages.
the first message (which I can only vaguely remember so can't quote exactly) that gives you the impression you can continue
something but doesn't make clear that to so will need the "old drive" configured the way the "old drive" was.
Then the next message is just confusing:
“we can't copy files to this location. Your current File History drive is disconnected. Reconnect the drive and try again”
sounds like
“we can't copy files to this location. [because there's a problem with the new location]
Your current File History drive is disconnected. [the new location is disconnected]
Reconnect the drive and try again [reconnect your new location and try again]”
When it should be reworded to say something along the lines of (in more formal language):
"You asked us to continue...give us the drive you were previously using...or if it's no longer available, click here to start from scratch"
(I know that's all the opposite of tldr but I'm trying again to put into words what I think was happening).

Script to Export Pervious Day Events Logs to CSV

HI,
I am trying to export all the previous day's application event logs to a CSV file. I found the following script on net. But for this script to work I need to enter in the Event ID's I wont to export. Does anyone have any idea how I can change thsi script
to export all event ID's or have another script that can?
'Description : This script queries the event log for...whatever you want it to! Just set the event 'log name and event ID's!
'Initialization Section
Option Explicit
Const ForReading   = 1
Const ForWriting   = 2
Const ForAppending = 8
Dim objDictionary, objFSO, wshShell, wshNetwork
Dim scriptBaseName, scriptPath, scriptLogPath
Dim ipAddress, macAddress, item, messageType, message
On Error Resume Next
   Set objDictionary = NewDictionary
   Set objFSO        = CreateObject("Scripting.FileSystemObject")
   Set wshShell      = CreateObject("Wscript.Shell")
   Set wshNetwork    = CreateObject("Wscript.Network")
   scriptBaseName    = objFSO.GetBaseName(Wscript.ScriptFullName)
   scriptPath        = objFSO.GetFile(Wscript.ScriptFullName).ParentFolder.Path
   scriptLogPath     = scriptPath & "\" & IsoDateString(Now)
   If Err.Number <> 0 Then
      Wscript.Quit
   End If
On Error Goto 0
'Main Processing Section
On Error Resume Next
   PromptScriptStart
   ProcessScript
   If Err.Number <> 0 Then
      MsgBox BuildError("Processing Script"), vbCritical, scriptBaseName
      Wscript.Quit
   End If
   PromptScriptEnd
On Error Goto 0
'Functions Processing Section
'Name       : ProcessScript -> Primary Function that controls all other script processing.
'Parameters : None          ->
'Return     : None          ->
Function ProcessScript
   Dim hostName, logName, startDateTime, endDateTime
   Dim events, eventNumbers, i
   hostName      = wshNetwork.ComputerName
   logName       = "application"
   eventNumbers = Array("1001","1")
   startDateTime = DateAdd("n", -21600, Now)
   'Query the event log for the eventID's within the specified event log name and date range.
   If Not QueryEventLog(events, hostName, logName, eventNumbers, startDateTime) Then
      Exit Function
   End If
   'Log the scripts results to the scripts
   For i = 0 To UBound(events)
      LogMessage events(i)
   Next
End Function
'Name       : QueryEventLog -> Primary Function that controls all other script processing.
'Parameters : results       -> Input/Output : Variable assigned to an array of results from querying the event log.
'           : hostName      -> String containing the hostName of the system to query the event log on.
'           : logName       -> String containing the name of the Event Log to query on the system.
'           : eventNumbers -> Array containing the EventID's (eventCode) to search for within the event log.
'           : startDateTime -> Date\Time containing the date to finish searching at.
'           : minutes       -> Integer containing the number of minutes to subtract from the startDate to begin the search.
'Return     : QueryEventLog -> Returns True if the event log was successfully queried otherwise returns False.
Function QueryEventLog(results, hostName, logName, eventNumbers, startDateTime)
   Dim wmiDateTime, wmi, query, eventItems, eventItem
   Dim timeWritten, eventDate, eventTime, description
   Dim eventsDict, eventInfo, errorCount, i
   QueryEventLog = False
   errorCount    = 0
   If Not IsArray(eventNumbers) Then
      eventNumbers = Array(eventNumbers)
   End If
   'Construct part of the WMI Query to account for searching multiple eventID's
   query = "Select * from Win32_NTLogEvent Where Logfile = " & SQ(logName) & " And (EventCode = "
   For i = 0 To UBound(eventNumbers)
      query = query & SQ(eventNumbers(i)) & " Or EventCode = "
   Next
   On Error Resume Next
      Set eventsDict = NewDictionary
      If Err.Number <> 0 Then
         LogError "Creating Dictionary Object"
         Exit Function
      End If
      Set wmi = GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!\\" & hostName & "\root\cimv2")
      If Err.Number <> 0 Then
         LogError "Creating WMI Object to connect to " & DQ(hostName)
         Exit Function
      End If
      'Create the "SWbemDateTime" Object for converting WMI Date formats. Supported in Windows Server 2003 & Windows XP.
      Set wmiDateTime = CreateObject("WbemScripting.SWbemDateTime")
      If Err.Number <> 0 Then
         LogError "Creating " & DQ("WbemScripting.SWbemDateTime") & " object"
         Exit Function
      End If
      'Build the WQL query and execute it.
      wmiDateTime.SetVarDate startDateTime, True
      query          = Left(query, InStrRev(query, "'")) & ") And (TimeWritten >= " & SQ(wmiDateTime.Value) & ")"
      Set eventItems = wmi.ExecQuery(query)
      If Err.Number <> 0 Then
         LogError "Executing WMI Query " & DQ(query)
         Exit Function
      End If
      'Convert the property values of Each event found to a comma seperated string and add it to the dictionary.
      For Each eventItem In eventItems
         Do
            timeWritten = ""
            eventDate   = ""
            eventTime   = ""
            eventInfo   = ""
            timeWritten = ConvertWMIDateTime(eventItem.TimeWritten)
            eventDate   = FormatDateTime(timeWritten, vbShortDate)
            eventTime   = FormatDateTime(timeWritten, vbLongTime)
            eventInfo   = eventDate                          &
            eventInfo   = eventInfo & eventTime              & ","
            eventInfo   = eventInfo & eventItem.SourceName   & ","
            eventInfo   = eventInfo & eventItem.Type         & ","
            eventInfo   = eventInfo & eventItem.Category     & ","
            eventInfo   = eventInfo & eventItem.EventCode    & ","
            eventInfo   = eventInfo & eventItem.User         & ","
            eventInfo   = eventInfo & eventItem.ComputerName & ","
            description = eventItem.Message
            'Ensure the event description is not blank.
            If IsNull(description) Then
               description = "The event description cannot be found."
            End If
            description = Replace(description, vbCrLf, " ")
            eventInfo   = eventInfo & description
            'Check if any errors occurred enumerating the event Information
            If Err.Number <> 0 Then
               LogError "Enumerating Event Properties from the " & DQ(logName) & " event log on " & DQ(hostName)
               errorCount = errorCount + 1
               Err.Clear
               Exit Do
            End If
            'Remove all Tabs and spaces.
            eventInfo = Trim(Replace(eventInfo, vbTab, " "))
            Do While InStr(1, eventInfo, " ", vbTextCompare) <> 0
               eventInfo = Replace(eventInfo, " ", " ")
            Loop
            'Add the Event Information to the Dictionary object if it doesn't exist.
            If Not eventsDict.Exists(eventInfo) Then
               eventsDict(eventsDict.Count) = eventInfo
            End If
         Loop Until True
      Next
   On Error Goto 0
   If errorCount <> 0 Then
      Exit Function
   End If
   results       = eventsDict.Items
   QueryEventLog = True
End Function
'Name       : ConvertWMIDateTime -> Converts a WMI Date Time String into a String that can be formatted as a valid Date Time.
'Parameters : wmiDateTimeString -> String containing a WMI Date Time String.
'Return     : ConvertWMIDateTime -> Returns a valid Date Time String otherwise returns a Blank String.
Function ConvertWMIDateTime(wmiDateTimeString)
   Dim integerValues, i
   'Ensure the wmiDateTimeString contains a "+" or "-" character. If it doesn't it is not a valid WMI date time so exit.
   If InStr(1, wmiDateTimeString, "+", vbTextCompare) = 0 And _
      InStr(1, wmiDateTimeString, "-", vbTextCompare) = 0 Then
      ConvertWMIDateTime = ""
      Exit Function
   End If
   'Replace any "." or "+" or "-" characters in the wmiDateTimeString and check each character is a valid integer.
   integerValues = Replace(Replace(Replace(wmiDateTimeString, ".", ""), "+", ""), "-", "")
   For i = 1 To Len(integerValues)
      If Not IsNumeric(Mid(integerValues, i, 1)) Then
         ConvertWMIDateTime = ""
         Exit Function
      End If
   Next
   'Convert the WMI Date Time string to a String that can be formatted as a valid Date Time value.
   ConvertWMIDateTime = CDate(Mid(wmiDateTimeString, 5, 2) & "/" & _
                              Mid(wmiDateTimeString, 7, 2) & "/" & Left(wmiDateTimeString,
4) & " " & _
                              Mid(wmiDateTimeString, 9, 2) & ":" & _
                              Mid(wmiDateTimeString, 11, 2) & ":" & _
                              Mid(wmiDateTimeString, 13, 2))
End Function
'Name       : NewDictionary -> Creates a new dictionary object.
'Parameters : None          ->
'Return     : NewDictionary -> Returns a dictionary object.
Function NewDictionary
   Dim dict
   Set dict          = CreateObject("scripting.Dictionary")
   dict.CompareMode = vbTextCompare
   Set NewDictionary = dict
End Function
'Name       : SQ          -> Places single quotes around a string
'Parameters : stringValue -> String containing the value to place single quotes around
'Return     : SQ          -> Returns a single quoted string
Function SQ(ByVal stringValue)
   If VarType(stringValue) = vbString Then
      SQ = "'" & stringValue & "'"
   End If
End Function
'Name       : DQ          -> Place double quotes around a string and replace double quotes
'           :             -> within the string with pairs of double quotes.
'Parameters : stringValue -> String value to be double quoted
'Return     : DQ          -> Double quoted string.
Function DQ (ByVal stringValue)
   If stringValue <> "" Then
      DQ = """" & Replace (stringValue, """", """""") & """"
   Else
      DQ = """"""
   End If
End Function
'Name       : IsoDateTimeString -> Generate an ISO date and time string from a date/time value.
'Parameters : dateValue         -> Input date/time value.
'Return     : IsoDateTimeString -> Date and time parts of the input value in "yyyy-mm-dd hh:mm:ss" format.
Function IsoDateTimeString(dateValue)
   IsoDateTimeString = IsoDateString (dateValue) & " " & IsoTimeString (dateValue)
End Function
'Name       : IsoDateString -> Generate an ISO date string from a date/time value.
'Parameters : dateValue     -> Input date/time value.
'Return     : IsoDateString -> Date part of the input value in "yyyy-mm-dd" format.
Function IsoDateString(dateValue)
   If IsDate(dateValue) Then
      IsoDateString = Right ("000" & Year (dateValue), 4) & "-" & _
                      Right ( "0" & Month (dateValue), 2) & "-" & _
                      Right ( "0" &   Day (dateValue), 2)
   Else
      IsoDateString = "0000-00-00"
   End If
End Function
'Name       : IsoTimeString -> Generate an ISO time string from a date/time value.
'Parameters : dateValue     -> Input date/time value.
'Return     : IsoTimeString -> Time part of the input value in "hh:mm:ss" format.
Function IsoTimeString(dateValue)
   If IsDate(dateValue) Then
      IsoTimeString = Right ("0" &   Hour (dateValue), 2) & ":" & _
                      Right ("0" & Minute (dateValue), 2) & ":" & _
                      Right ("0" & Second (dateValue), 2)
   Else
      IsoTimeString = "00:00:00"
   End If
End Function
'Name       : LogMessage -> Writes a message to a log file.
'Parameters : logPath    -> String containing the full folder path and file name of the Log file without with file extension.
'           : message    -> String containing the message to include in the log message.
'Return     : None       ->
Function LogMessage(message)
   If Not LogToCentralFile(scriptLogPath & ".csv", IsoDateTimeString(Now) & "," & message) Then
      Exit Function
   End If
End Function
'Name       : LogError -> Writes an error message to a log file.
'Parameters : logPath -> String containing the full folder path and file name of the Log file without with file extension.
'           : message -> String containing a description of the event that caused the error to occur.
'Return     : None       ->
Function LogError(message)
   If Not LogToCentralFile(scriptLogPath & ".err", IsoDateTimeString(Now) & "," & BuildError(message)) Then
      Exit Function
   End If
End Function
'Name      : BuildError -> Builds a string of information relating to the error object.
'Parameters: message    -> String containnig the message that relates to the process that caused the error.
'Return    : BuildError -> Returns a string relating to error object.
Function BuildError(message)
   BuildError = "Error " & Err.Number & " (Hex " & Hex(Err.Number) & ") " & message & ". " & Err.Description
End Function
'Name       : LogToCentralFile -> Attempts to Appends information to a central file.
'Parameters : logSpec          -> Folder path, file name and extension of the central log file to append to.
'           : message          -> String to include in the central log file
'Return     : LogToCentralFile -> Returns True if Successfull otherwise False.
Function LogToCentralFile(logSpec, message)
   Dim attempts, objLogFile
   LogToCentralFile = False
   'Attempt to append to the central log file up to 10 times, as it may be locked by some other system.
   attempts = 0
   Do
      On Error Resume Next
         Set objLogFile = objFSO.OpenTextFile(logSpec, ForAppending, True)
         If Err.Number = 0 Then
            objLogFile.WriteLine message
            objLogFile.Close
            LogToCentralFile = True
            Exit Function
         End If
      On Error Goto 0
      Randomize
      Wscript.sleep 1000 + Rnd * 100
      attempts = attempts + 1
   Loop Until attempts >= 10
End Function
'Name       : PromptScriptStart -> Prompt when script starts.
'Parameters : None
'Return     : None
Function PromptScriptStart
   MsgBox "Now processing the " & DQ(Wscript.ScriptName) & " script.", vbInformation, scriptBaseName
End Function
'Name       : PromptScriptEnd -> Prompt when script has completed.
'Parameters : None
'Return     : None
Function PromptScriptEnd
   MsgBox "The " & DQ(Wscript.ScriptName) & " script has completed successfully.", vbInformation, scriptBaseName
End Function
Thanks

Here is a script that will copy the previous days events and save them to "C:\". The file name be yesterdays date ex "04-18-2010-Events.csv"
Const strComputer = "."
Dim objFSO, objWMIService, colEvents, objEvent, outFile
Dim dtmStartDate, dtmEndDate, DateToCheck, fileDate
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set dtmStartDate = CreateObject("WbemScripting.SWbemDateTime")
Set dtmEndDate = CreateObject("WbemScripting.SWbemDateTime")
'change the date form "/" to "-" so it can be used in the file name
fileDate = Replace(Date - 1,"/","-")
Set outFile = objFSO.CreateTextFile("C:\" & fileDate & "-Events.csv",True)
DateToCheck = Date - 1
dtmEndDate.SetVarDate Date, True
dtmStartDate.SetVarDate DateToCheck, True
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where TimeWritten >= '" _
& dtmStartDate & "' and TimeWritten < '" & dtmEndDate & "'")
For each objEvent in colEvents
outFile.WriteLine String(100,"-")
outFile.WriteLine "Category = " & objEvent.Category
outFile.WriteLine "ComputerName = " & objEvent.ComputerName
outFile.WriteLine "EventCode = " & objEvent.EventCode
outFile.WriteLine "Message = " & objEvent.Message
outFile.WriteLine "RecordNumber = " & objEvent.RecordNumber
outFile.WriteLine "SourceName = " & objEvent.SourceName
outFile.WriteLine "TimeWritten = " & objEvent.TimeWritten
outFile.WriteLine "Type = " & objEvent.Type
outFile.WriteLine "User = " & objEvent.User
outFile.WriteLine String(100,"-")
Next
outFile.Close
MsgBox "Finished!"
v/r LikeToCode....Mark the best replies as answers.

Event Log Help Links No Longer Working?

Have the help links in the Windows XP event log entries been discontinued?
They used to open up the Help and Support Center with further information about the Event Log error if it was available.
For some time now they have all just given a "page not found" error, which then re-directs to Bing with offered results that are no use at all!
This happens now on every XP system I've tried it on.
As a user of Windows 8.1 as well as XP, I'm well aware that the Windows 8 Event Log help links have never worked so far, but the XP ones always did, and despite the looming "End of Support" I can see no reason for all that information to have been
removed.
Any explanation for this?
Thanks, Dave Hawley.

Hi - thank you DaveHawley for the report. Just wanted to confirm that I've passed this on to the team that looks after the redirect service behind the "More Info" link.
There have been some major changes in how this redirection works over the years as well as in the last months. The most recent efforts added the option to enable use of the TechNet Wiki [sample]
to allow the community to comment & contribute for a given component. I'm only guessing here, but this might have accidentally impacted XP.
Thanks
Bruno

While Installation of 11g database creation time error ORA-28056: Writing audit records to Windows Event Log failed Error

Hi Friends,
OS = Windows XP 3
Database = Oracle 11g R2 32 bit
Processor= intel p4 2.86 Ghz
Ram = 2 gb
Virtual memory = 4gb
I was able to install the oracle 11g successfully, but during installation at the time of database creation I got the following error many times and I ignored it many times... but at 55% finally My installation was hanged nothing was happening after it.....
ORA-28056: Writing audit records to Windows Event Log failed Error and at 55% my Installation got hung,,,, I end the installation and tried to create the database afterward by DBCA but same thing happened....
Please some one help me out, as i need to install on the same machine .....
Thanks and Regards

AAP wrote:
Thanks Now I am able to Create a database , but with one error,
When I created a database using DBCA, at the last stage I got this error,
Database Configuration Assistant : Warning
Enterprise Manager Configuration Failed due to the Following error Listener is not up or database service is not registered with it. Start the listener & Registered database service & run EM Configuration Assistant again....
But when I checked the listener was up.....
Now what was the problem, I am able to connect and work through sqlplus,
But I didnt got the link of EM and when try to create a new connection in sql developer it is giving error ( Status : failure - Test Failed the Network Adapter could not establish the connection )
Thanks & Regards
Creation of the dbcontrol requires a connection via the listener. When configuring the dbcontrol as part of database creation, it appears that the dbcontrol creation step runs before the dynamic registration of the databsase with the listener is complete. Now that the database itself is completed and enough time (really, just a minute or two) has passed to allow the instance to register, use dbca or emca to create the dbcontrol.
Are you able to get a sqlplus connection via the listener (sqlplus scott/tiger@orcl)? That needs to be the first order of business.

Where are the explanations for the error codes in Envy 120 EWS Event Log

I have been having trouble with the printer, and following diagnostic recommendations from a separate thread, have looked at the event log.
I see a series of events, mostly 74899 Printer Event and 74741 Network Information.
What I DO NOT SEE is any explanation of these events, and whether they are normal or indications of trouble.
I have also searched online for the Secret Message Decoder but nothing was found with Bing or Google.
Seriously, what value are the codes without a way to interpret them?
I beginning to regret my long-term loyalty to HP products.

Hello @mikerb,
I have read your post on how your desktop computer is displaying an error message in regards to a Kernel event log, and I would be happy to assist you in this matter!
To further diagnose this issue, I recommend following the steps in this document on Windows Kernel event ID 41 error "The system has rebooted without cleanly shutting down first". This should help to resolve the critical error message.
Just to be on the safe side, I also suggest following this resource on Testing for Hardware Failures (Windows 8); which should help determine if there is a hardware defect with one or multiple hardware components on your computer.
Please re-post with the results of your troubleshooting, and I look forward to your reply!
Regards
MechPilot
I work on behalf of HP
Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
Click the “Kudos, Thumbs Up" on the right to say “Thanks” for helping!

Windows 8 system doesn't get internet, says system event log on service has some problem of STOP 0xC000021A error which system restarts very slowly

Hi, my system runs on windows 8 on hp laptop envy series. All of a sudden, system event log on service stopped, errors which prevented the system to log on services. It displayed error of STOP 0xC000021A when i use system restore to roll back to previous
configuration. Also when I tried to refresh my pc, it says i can't do changes as log in was switched to prevent the changes by notification.I don't know what to do next, I tried to put recovery dvds which I made when system was bought, now not at all working.
Internet is not active, not able to resolve by trouble shooting and system taking lot of time to get dsktop. Previously I used to get my desktop in 10 seconds. Now its 10 min. May be I m infected with virus. My files, they are there. I tried to transfer some
files by pendrive to another system, now the new system(where i put my files in another system) crashed, windows 7 system which does not display desktop, icons etc and not at all workable.
Also in my hp system, i m unable to open control panel. if its opened, it will not go off, when i use task manager, it says explorer and shuts down. I had to force restart the system. Please resolve something to get my hp laptop workable. I m waiting for
my MS thesis to be working on that. My files are locked and no way to transfer, I fear of infected by virus to another computer also.
Pls give instructions to hw to set my hp laptop at the earliest without losing any of the files. Idon't want to reinstall and lose all the data for timebeing. Else, inform me the option for copying data safely. I tried to change the adv startup and recovery
by changing the boot sequence by DVD but this also shows error 0xC000021A and asks us to see the details. I didn't understand all this. Pls help asap.
Thanks
venkata
STOP 0xC000021A

MV
If you can boot either from the win 8 dvd or in safe mode we need the DMP files
We do need the actual DMP file as it contains the only record of the sequence of events leading up to the crash, what drivers were loaded, and what was responsible.
WE NEED AT LEAST TWO DMP FILES TO SPOT TRENDS AND CONFIRM THE DIAGNOSIS.
Please follow our instructions for finding and uploading the files we need to help you fix your computer. They can be found here
If you have any questions about the procedure please ask
Wanikiya and Dyami--Team Zigzag

Event Log - explanation needed

Similar Messages

Maybe you are looking for