How to recover cleared event logs in windows server 2003 ?
Hi All,
i accidentally cleared all of event logs in my server, is there any solution or other thing that can recover it ?
thank you
Best Regard, Lim Siaw Liang
pray hard that there will be no issues, and no one will look for the event logs.
Once it's cleared, and that's it.
Or if you have system restore checkpoints try it, shadow copy on your c drive could do something also.
Every second counts..make use of it. Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
IT Stuff Quick Bytes
Similar Messages
-
How to download oracle forms 6i for windows server 2003 or linux
hi all,
In my company there is a forms 6i server, now we want to move it to a new server for upgrade operations. for now we want to install forms 6i version on windows server 2003. on quick search I found it for xp but none for windows server 2003. if I try to install xp version I got "javai.dll is not valid" error.
how can I download it ? Company has license information also. what should I do ? for ex should I open a SR on metalink or something like that ?
thanks a lot.
Edited by: elcaro on Jan 18, 2013 7:43 AMelcaro wrote:
hi all,
In my company there is a forms 6i server, now we want to move it to a new server for upgrade operations. for now we want to install forms 6i version on windows server 2003. on quick search I found it for xp but none for windows server 2003. if I try to install xp version I got "javai.dll is not valid" error.What is the complete error message?
how can I download it ? Company has license information also. what should I do ? for ex should I open a SR on metalink or something like that ?Did you try this file? -- http://download.oracle.com/otn/nt/forms/6i_rel2_xp.zip
You may log a SR if this does not work.
Thanks,
Hussein -
How to setup ftp with dreamweaver and windows server 2003
Does anyone know if there is a tutorial/article on settinp up Dreamweaver cs3 to use Windows server 2003 as an FTP server...
any assistance would be greatly appreciated...I was able to figure out how to setup the ftp connection, connect to my home server, however,whenever i tried to upload the contents of my website to my server, nothing gets uploaded to the site. I tried putting one page at a time, nothing. tried everything, and still no joy. I can see everything on my local server which is a XAMP package, but nothing on my remote server. Do i maybe need to maybe have a WAMP or XAMP on the Windows Server 2003 or that should not matter. This is new to me so i am learning as i go along.
Another thing, i was able to create a subfolder in my c:\www.ftproot folder, i can see that folder on my local machine, i'm just not seeing the files in that folder when i do my 'put' with my files. -
Essential event viewer bugs with "Forwarded Events" log in Windows Server 2008 R2 and Windows 7
To my general experience, Windows event viewer is one of the most problematic, faulty management tools in the case of extensive use of its more sophisticated capabilities. The sole description as well as reproduction of some entangled failures would require
remarkable effort.
With the "Forwarded Events" log however, the situation becomes particularly worse in that even simple functionality fails and workarounds are difficult to find. That’s what I’ll describe here in order to share my experience with interested users.
For precision: I’ve extensively used event viewer on a German Windows Server 2008 R2 SP1 (Windows SBS 2011 Standard SP1). The bugs I found on that system, I could reproduce on a German Windows 7 Professional 64-Bit SP1, too.
Problem 1: Failure of even simple event filtering
To reproduce this problem, execute these steps on a test machine with any of the two OS mentioned above:
(i) To prepare log contents, do either of the following:
(a) populate some events to your local "Forwarded Events" log (most simply by subscribing events from other logs of the same machine; stop subscription if you have collected some events)
Or
(b) copy a non-empty log file "ForwardedEvents.evtx" from another machine (with any of the two OS mentioned above) to your test machine and open the file in event viewer.
(ii) Navigate to your "Forwarded Events" test log and open the filtering dialog. In the "Includes/Excludes Event IDs" field, type: 1-9000. Click OK.
(iii) Look at the results pane: Surprise, 0 Events! Do you really have no event IDs between 1 and 9000 in your test log?
(iv) Another example, if you have forwarded security events in your test log: Clear filter, if any previous filter is in place. Open the filtering dialog. In "Keywords" sub-dialog, choose "Audit Success". Click OK.
(v) Look at the results pane: Surprise, 0 Events! Do you really have no successful security monitoring events in your test log?
I’ll finish here. If you have a rich variety of events in your test log available, let your imagination run wild to test around. Finally include some simple manually created or modified XPath filters on the XML tab of the filtering dialog. I promise, you’ll
find a lot of additional strange results.
Problem 2: Cannot save manually selected events to .evtx file
Navigate to your "Forwarded Events" test log. In the results pane, select one or more events by highlighting them by mouse clicks. In context menu, choose "Save selected events". In the "save as" dialog, choose file type *.evtx
and save your file. Open the newly created file in event viewer. Result: Surprise, no events inside the new file!
Have more fun with forwarded events
HelmutDid you mean that right click Forwarded Event and select "Filter Current Log..."? Since I can filter correct event vai the "Filter Current Log..." in my Lab environment.
Hi Justin,
yes, I mean "Filter Current Log ... " (in my German systems: "Aktuelles Protokoll filtern ... ").
What do you mean with "my Lab environment" exactly?
In the meantime, I performed additional tests. I copied the "ForwardedEvents.evtx" test file from Server 2008 R2 resp. Windows 7 to
(i) German Windows 8 Pro 64-Bit RTM
(ii) German Windows 8.1 Pro 64-Bit, up-to-date
in order to view and filter the file there.
Results: Same event viewer problem on Windows 8 RTM, but correct behavior on Windows 8.1!
Best regards, Helmut -
Oracle 11g R2 write audit record to application event log in Windows server
Hi,
I have a oracle 11g R1 database in windows 2003 server,
I set the init parameter audit_trail=db,extended,
but some auditing record still keep writting to windows application log
Event Type: Information
Event Source: Oracle.test
Event Category: None
Event ID: 34
Date: 9/7/2011
Time: 3:36:38 PM
User: N/A
Computer: test
Description:
Audit trail: LENGTH: "226" SESSIONID:[7] "3875588" ENTRYID:[1] "1" USERID:[8] "test" ACTION:[3] "102" RETURNCODE:[1] "0" LOGOFF$PREAD:[1] "1" LOGOFF$LREAD:[3] "755" LOGOFF$LWRITE:[2] "26" LOGOFF$DEAD:[1] "0" DBID:[10] "1613217480" SESSIONCPU:[1] "0".
Is there any way to disable this?
Thanks
Vincentoh really, dont you say?
maybe next time read the whole note, not just the title
"In 11g these 'logoff by cleanup' audit records are not logged in DBA_AUDIT_TRAIL. The connection record remains as 'logon' record. It is not updated to 'logoff by cleanup'. *In these cases, the log off information like logoff_time, logoff_lread etc are written to an OS audit file as 'logoff by cleanup' audit record.* " -
IIS 6 logs, ASP, Windows server 2003, access 2000
Hello all,
I have an asp page on my website that has been throwing some
500 errors. I
pulled the following out of the IIS 6 logs:
2008-02-19 19:58:05 POST /sssssssss_xxxxxxxxxxx.asp
|145|80020005|Type_mismatch. - 24.111.22.94 HTTP/1.1
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+InfoPa
th.1) https://xxxxxx/xxxxxxxxxxxx.asp 500 471
Is the "145" the line in code that the error is coming from?
Thanks.Ashish,
This forum is dedicated to Microsoft Project and Project Server, a project management applications.
I am not seeing how your question is connected to this forum. I suggest you post this in a relevant forum to get better and correct answers.
Cheers,
Prasanna Adavi, Project MVP
Blog:
Podcast:
Twitter:
LinkedIn:
-
Clearing share memory in windows server 03 + mssql
Hi,
Can any one tell me how to clear share memory in Windows Server 2003 +MSSQL box??
Thanks and regards,
ParthaHi Juan,
Actually someone told me to do so for the following reason , can you help me in this regard
Hello All,
In our portal box when I tried to start the gateway using the following command :
D:\usr\sap\EP1\SYS\exe\uc\NTAMD64>gwrd -force pf=D:\usr\sap\EP1\SYS\profile\EP1_JC01_tdep
It shows the following message :
rslgwr1(21): Searching for overlap point in pre-existing SysLog file...
I also found in dev_rd the following message
LOCATION SAP-Gateway on host tdep / sapgw01
ERROR Gateway not connected to local R/3
TIME Wed Jan 21 11:44:04 2009
RELEASE 700
COMPONENT SAP-Gateway
VERSION 2
RC 726
MODULE gwxxrd.c
LINE 8211
COUNTER 1
Also rfc trace is following
Connection Error
Error when opening an RFC connection
ERROR: Gateway not connected to local R/3
LOCATION: SAP-Gateway on host tdep / sapgw01
COMPONENT: SAP-Gateway
COUNTER: 1
MODULE: gwxxrd.c
LINE: 8211
RETURN CODE: 726
The following command also give you some idea
C:\Documents and Settings\ep1adm.TDEP.001>netstat
TCP tdep:sapgw31 tdsap:sapgw01 ESTABLISHED
TCP tdep:sapgw32 tdsap:sapgw01 ESTABLISHED
TCP tdep:sapgw33 tdsap:sapgw01 ESTABLISHED
TCP tdep:sapgw34 tdsap:sapgw01 ESTABLISHED
TCP tdep:sapgw35 tdsap:sapgw01 ESTABLISHED
TCP tdep:sapgw36 tdsap:sapgw01 ESTABLISHED
TCP tdep:sapgw37 tdsap:sapgw01 ESTABLISHED
TCP tdep:sapgw38 tdsap:sapgw01 ESTABLISHED
TCP tdep:sapgw39 tdsap:sapgw01 ESTABLISHED
TCP tdep:sapgw40 tdsap:sapgw01 ESTABLISHED
TCP tdep:sapgw41 tdsap:sapgw01 ESTABLISHED
TCP tdep:sapgw42 tdsap:sapgw01 ESTABLISHED
TCP tdep:sapgw44 tdsap:sapgw01 ESTABLISHED
TCP tdep:sapgw45 tdsap:sapgw01 ESTABLISHED
TCP tdep:sapgw46 tdsap:sapgw01 ESTABLISHED
TCP tdep:sapgw47 tdsap:sapgw01 ESTABLISHED
TCP tdep:sapgw48 tdsap:sapgw01 ESTABLISHED
TCP tdep:sapgw49 tdsap:sapgw01 ESTABLISHED
TCP tdep:sapgw50 tdsap:sapgw01 ESTABLISHED
TCP tdep:sapgw51 tdsap:sapgw01 ESTABLISHED
TCP tdep:sapgw52 tdsap:sapgw01 ESTABLISHED
TCP tdep:sapgw53 tdsap:sapgw01 ESTABLISHED
TCP tdep:sapgw54 tdsap:sapgw01 ESTABLISHED
TCP tdep:sapgw55 tdsap:sapgw01 ESTABLISHED
TCP tdep:sapgw56 tdsap:sapgw01 ESTABLISHED
But I am unable to telnet the ports of tdep.
Please guide me in this regard.
Regards,
Partha -
How To Configure GP For Client DC on Windows Server 2003
Dear all,
I have been installed windows server 2003 and make one DC on my server. And i create several group and want to make policy for that each group. For example I have created '2014' group and all user who join my dc and registered as a part of '2014' group couldn't
access their browser such as Firefox and IE and couldn't access their bluetooth. How can I make it possible?
Thanks before.
Warm Regards,Hi Denni Sembiring,
Could you clarify your question “all user who join my dc and registered as a part of '2014' group couldn't access their browser such as Firefox and IE and couldn't access their
Bluetooth”, are you want to realize to limit some user can access the specific software and computer device? GPOs can be linked to the following levels:
•Site
•Domain
•Organizational Unit
We can not link GPO to group, if you want to limit specific user can only access specific software you can refer the following KB to restrict user access.
The related KB:
How To use Software Restriction Policies in Windows Server 2003
http://support.microsoft.com/kb/324036
I’m glad to be of help to you!
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Windows server 2003 not working after computer hard restart
Hello, the following problem did occure. I was logged to windows server 2003, working on it, when my pc suddenly frozen, so i had no other option, than to make a hard restart of my pc. From that time, when a log into the windows server, i can see the server
desktop, but i cannot click on anything. I am hearing just the clicking sound. When i minimalize it a maximalize it back, all i can see is a black screen.
Can anyone help me, how to solve this problem ?
Thank you for your answersHi,
According to your description, my understanding is that Windows Server 2003 unable to start correctly.
You may try to restart the computer, when you see the message Please select the operating system to start, press the F8 . select the
Last Known Good Configuration, in order to start the computer by using the most recent settings that worked.
Or you may select Windows Advanced Option –> Safe Mode, check to see if this was caused by faulty drivers, programs, or services that start automatically.
More methods about troubleshooting startup problem, you may reference the link below:
How to troubleshoot startup problems in Windows Server 2003
http://support.microsoft.com/kb/325375/en-us
Best Regards,
Eve Wang -
Remotely login error on windows server 2003 using gemalto smart card
I am getting this error when trying to log on windows server 2003 remotely using smartcard. We have our own CA. We are able to successfully logon on windows server 2008 using same card.
Hi,
Base on my research, Event 537 indicates that a logon attempt was made and rejected for some reason other than those covered by explicit audit records in this category.
Would you please provide more details?
Are there any related warnings and errors under Application Logs or System Logs?
By remotely login, do you mean logon via RDP?
Here are some related links below for you references:
Event 537
http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows%20Operating%20System&ProdVer=5.0&EvtID=537&EvtSrc=Security&LCID=1033
Smart Card and Remote Desktop Services
http://technet.microsoft.com/en-us/library/ff404286(v=WS.10).aspx
Please get back to us with the necessary information at your earliest convenience.
Best Regards,
Amy Wang -
Monitoring RT application on windows server 2003
Hi,
I developed a simple realtime application using labview 7.1.1 on windows server 2003, I can run the application (in realtime mode) in labview development platform. However, after compiling the application into a startup execuable on the RT, I couldn't monitor it anymore.
I created a folder c:\ni-rt\startup , and tried to copy the startup executable (test1.exe) from RT (ni-rt\startup) to this folder and got a permission error, however, i logged in windows server 2003 as local administrator. I can copy other files into this folder, but not the executable "test1.exe".
our IT said "Startup" is a special folder in windows server 2003, and does not allow executables to be put inside it. I am not familiar with this O.S. Has anyone had similar problem? If so, did you get it resolved? and how?
thanks,
-JoeJoe,
If your application is running in Windows than it is not running in true realtime and you cannot make it a real-time startup executable. In LabVIEW 8.0 and later you can create a debuggable executable, with which you can see the block diagram of an executable. This Knowledge Base Article talks about how to automatically launch a VI at startup, which sounds like what you are looking for. Here is a link to the Real Time Module for LabVIEW.
Cheers,
NathanT -
I have a problem with win server 2003.
This is was happened:
I restart windows server because sap systems (dev and qos in the same server) were too slow. After it never started again, stayed in windows intialize fase. The the hw technician diagnostic that the raid mirroring wasnt synchronized and for this reason some windows files were corrupted. So we are now repairing the windows server via the installation cd option. Has anyone pass with this scenario, how it affect to sap system?<i>> How can I reinstall sap service in windows server 2003 using the drive D (sap files folder usr/sap) and E (sap database)??</i>
Hello Franklin,
I don't think that this will work if you don't have a backup of the system.
If you really have to re-install Windows 2003 from scratch you will have a "clean" system. So there will be no needed sap-users, no sap-registry keys in the registry, no entries in the services-file, no environment settings will be set and so on - all the things which are created while installing.
So I think without a backup of your system (or perhaps the c-drive) it is impossible to rebuild the SAP system - sorry.
Regards
Norman -
Cant install ActiveSync 4.5 on Windows server 2003
hi
i try to install ActiveSync 4.5 on Windows Server 2003 - It seems that it installs
but after the reset the computer want to install again... and no ActiveSync was installed
how to install ActiveSync 4.5 on Windows Server 2003 SP1 ?
thanksHi GoldSoft,
Thanks for your post.
This forum is to discuss problems of Windows Mobile Development . Your question is not related to the topic of this forum.
But here is a useful link:
Problem: ActiveSync 4.5 install on windows server 2003
And other resource:ActiveSync 4.5
Hope this helps you.
Best Regards,
Eileen
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
How to write to windows event logs from determinations-server under IIS
This is just an FYI technical bit of information I wish someone had shared with me before I started trying to write OPA errors to the windows event log... Most problems writing to the windows event log from log4net occur because of permissions. Some problems are because determinations-server does not have permissions to create some registry entries. Some problems cannot be resolved unless specific registry entry permissions are actually changed. We had very little consistency with the needed changes across our servers, but some combination of the following would always get the logging to the windows event log working.
To see log4net errors as log4net attempts to utilize the windows event log, temporarily add the following to the web.config:
<appSettings>
<!-- uncomment the following line to send diagnostic messages about the log configuration file to the debug trace.
Debug trace can be seen when attached to IIS in a debugger, or it can be redirected to a file, see
http://logging.apache.org/log4net/release/faq.html in the section "How do I enable log4net internal debugging?" -->
<add key="log4net.Internal.Debug" value="true"/>
</appSettings>
<system.diagnostics>
<trace autoflush="true">
<listeners>
<add
name="textWriterTraceListener"
type="System.Diagnostics.TextWriterTraceListener"
initializeData="logs/InfoDSLog.txt" />
</listeners>
</trace>
</system.diagnostics>
To add an appender for the windows event viewer, try the following in the log4net.xml:
<appender name="EventLogAppender" type="log4net.Appender.EventLogAppender" >
<param name="ApplicationName" value="OPA" />
<param name="LogName" value="OPA" />
<param name="Threshold" value="all" />
<layout type="log4net.Layout.PatternLayout">
<conversionPattern value="%date [%thread] %-5level %logger [%property{NDC}] - %message%newline" />
</layout>
<filter type="log4net.Filter.LevelRangeFilter">
<levelMin value="WARN" />
<levelMax value="FATAL" />
</filter>
</appender>
<root>
<level value="warn"/>
<appender-ref ref="EventLogAppender"/>
</root>
To put the OPA logs under the Application Event Log group, try this:
Create an event source under the Application event log in Registry Editor. To do this, follow these steps:
1. Click Start, and then click Run.
2. In the Open text box, type regedit.
3. Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application
4. Right-click the Application subkey, point to New, and then click Key.
5. Type OPA for the key name.
6. Close Registry Editor.
To put the OPA logs under a custom OPA Event Log group (as in the demo appender above), try this:
Create an event log in Registry Editor. To do this, follow these steps:
1. Click Start, and then click Run.
2. In the Open text box, type regedit.
3. Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
4. Right-click the eventlog subkey, point to New, and then click Key.
5. Type OPA for the key name.
6. Right-click the new OPA key and add a new DWORD called "MaxSize" and set it to "1400000" which is about 20 Meg in order to keep the log file from getting too large.
7. The next steps either help or sometimes cause an error, but you can try these next few steps... If you get an error about a source already existing, then you can delete the key.
8. Right-click the OPA subkey, point to New, and then click Key.
9. Type OPA for the key name.
10. Close Registry Editor.
You might need to change permissions so OPA can write to the event log in Registry Editor. If you get permission errors, try following these steps:
1. Click Start, and then click Run.
2. In the Open text box, type regedit.
3. Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
4. Right-click the EventLog key, select Permissions.
5. In the dialog that pops up, click Add...
6. Click Advanced...
7. Click Locations... and select the current machine by name.
8. Click Find Now
9. Select both the Network user and IIS_IUSERS user and click OK and OK again. (We never did figure out which of those two users was the one that fixed our permission problem.)
10. Change the Network user to have Full Control
11. Click Apply and OK
To verify OPA Logging to the windows event logs from Determinations-Server:
Go to the IIS determinations-server application within Server Manager.
Under Manage Application -> Browse Application click the http link to pull up the local "Available Services" web page that show the wsdl endpoints.
Select the /determinations-server/server/soap.asmx?wsdl link
Go to the URL and remove the "?wsdl" from the end of the url and refresh. This will throw the following error into the logs:
ERROR Oracle.Determinations.Server.DSServlet [(null)] - Invalid get request: /determinations-server/server/soap.asmx
That error should show up in the windows event log, OR you can get a message explaining why security stopped you in "logs/InfoDSLog.txt" if you used the web.config settings from above.
http://msdn.microsoft.com/en-us/library/windows/desktop/aa363648(v=vs.85).aspx
Edited by: Paul Fowler on Feb 21, 2013 9:45 AMThanks for sharing this information Paul.
-
Hi all,
We have almost 1500 clients (win7 system) in LAN environment and our requirement was we need to clear event logs older than 7 day's in all client system,
Pls confirm and group policy or script available for that.
Thanks, Mariappan ShanmugavelGreetings!
I am not sure if it is practical to have a script to search for old event logs and clear them. Also it may create performance issues because the event logs should be queried and check conditions for that, then move for removal process. Why not to use retention
for this? configure retention for 7 days and there will be no log older that that.
Event Logging policy settings in Windows Server 2008 and Vista
Regards.
Mahdi Tehrani |
|
www.mahditehrani.ir
Please click on Propose As Answer or to mark this post as
and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.
How to query members of 'Local Administrators' group in all computers?
Maybe you are looking for
-
I would like to set my payment options in a way that will not tie my user id to a credit card, but will allow me to use gift cards to purchase apps. Is this possible? How can I do this? Do I ever have to enter a credit card in order to pay with gi
-
Itunes 10.6.1 does not open- Windows XP
Good Evening Gang, I recently reinstalled windows XP and downloaded the new itunes 10.6. Itunes starts with the end user agreement and does not open after I accept. I have tried everything and nothing seems to work and I cannot sync any of my apple d
-
Saving attachments under Mail 1.3.11 and OSX 10.3.9
Hi, I appear to be unable to save any attchments that are sent to me in an e-mail, these can be photo's or video clips, whatever. For example, with a photo attachment, if I open the attachment in Preview and select 'Save As' I get the warning 'Save,
-
Final Cut Pro X compared to FCE4, any thoughts?
I have been using FCE4 for a while, but now I see Final Cut Pro X has been intrioduced. Is it similar to FCE, and a natural upgrade, or is it different in what it can do? Has anyone had a chance to compare them yet please? Thanks, Keith
-
When our phones go into SRST mode, none of the 7961/7914 will go into SRST mode, they just continually say Registering. Here is a sh call-manager-fallback: CONFIG (Version=4.0(0)) ===================== Version 4.0(0) For on-line documentation please