Meeting place event log interpretation
Hello Guys I am wondering if somebody could help me with the meaning of certain values that is shown in the meeting place event log.
I have the following:
08/13 12:31:17.72 P 8 RN MC s=009 mcpHangupNotification
08/13 12:31:17.72 P 8 SE CP m=020 HANGUPEVENT Resp 0
08/13 12:31:17.72 P 8 RQ SM m=01a C 0 REMOVEPORT
08/13 12:31:17.72 RQ CP m=020 CPGOINGTOCONF
08/13 12:31:17.72 P 8 SR SM m=01a C 0 REMOVEPORT Resp 0
08/13 12:31:17.72 SR CP m=020 CPGOINGTOCONF Resp 0
08/13 12:31:17.72 C 0 RQ CP m=020 CPPLAYFILELIST
08/13 12:31:17.72 C 0 Play prompt: lang=1, num=575
08/13 12:31:17.72 C 0 Play prompt: lang=1, num=399
08/13 12:31:17.72 C 0 Play guest name: confID=263 part=4661
08/13 12:31:17.72 C 0 SQ MC s=009 mcpPlayFileListRequest
08/13 12:31:17.72 P 8 RQ CP m=020 CPDISCONNECT
08/13 12:31:17.72 P 8 SQ MC s=009 mcpDisconnectCallRequest
08/13 12:31:17.72 C 0 RR MC s=009 mcpPlayFileListResponse Resp 0
08/13 12:31:17.72 P 8 RR MC s=009 mcpDisconnectCallResponse Resp 0
08/13 12:31:17.72 P 8 SR CP m=020 CPDISCONNECT Resp 0
I almost sure that P8 means port 8 but I do not know what RN, MC, SE, RQ, CP, mcp or C 0 means.
Is there a document that shows all?
Regards
Hello,
This particular eventlog is for the CPMCP module within the Application Server which only talks to other internal components within the Application Server, so it's not exactly the best eventlog to start out with and is typically only reviewed for complex internal issues which are typically bugs. Since this getting involved with the internal workings of MeetingPlace, there is no external documentation for interpreting this.
If you are going through the logs or an Information Capture of a particular incident, I would suggest first going through the VUI eventlog. Here you can ignore any lines with "State" or "Substate" since those are internal messagings, but this will give you a good idea of when a user calls in, which port they are on, the meeting they joined, and when they disconnected.
For example:
New call into MeetingPlace:
08/17 09:54:55.83 P 1 In Call : DID/DNIS 2085, ANI 3062 ============= (2)
Outdial from MeetingPlace
08/17 09:48:00.14 P 4095 Outdial : UserID 3 RetCode 3107
Dest +13076R Trans Dest
Meeting ID that was entered in:
08/17 09:55:11.36 P 1 ConfStr : 640603980
Leaving conference:
08/17 10:01:56.29 P 1 Action : CONF_LEAVECONF
User disconnecting:
08/17 10:01:56.27 P 1 Input : Far end disconnect
Also if you are familiar with SIP, you can review the SIP messages for specific calls in either the "CCA Sip Log" or "SIP B2BUA log" depending on your deployment. These logs tend to overwrite fairly quickly, so you should gather an Information Capture as soon as an issue occurs.
The Information Capture is the main set of logs for Cisco Technical Support to review. To collect the Information Capture, login to the web page of the Application Server and go to Services, Logs, and System Information Capture. Select the appropriate start and end times to capture the issue. This will create a zip file for you to save on your computer. This can be unzipped and you can click on the "index.html" file to see the list of log files.
If you need any further help with these or want further steps on troubleshooting a particular issue, open a TAC case and we will be able to these logs with you.
Regards,
Andrew
Cisco TAC
Similar Messages
-
Meeting Place and Webex Call Back Failing
Hi
Meeting place 8.5 with WebEx scheduling, SIP trunk to CUCM 8.5.
Calling in using the specified number configured in call manager completes over the SIP trunk however call back from webex fails.
Error:
WebEx call back failed; no answer.
Problem is I never recieve a call. I have enabled Webex call backs in webex.
Seems like there is an issue on either MP or CUCM.
Just looking for some ideas as I am stumped.This turned out to be a few things:
1) I needed to configure a SIP proxy to CUCM from meeting place. This was the CUCM IP address and TCP port number.
2) The SIP trunk security profile needed to be reconfigured for this trunk.
3) E164 was being used so I created a translation pattern to strip the + for the CSS associated with the RP.
A few things learned along the way.
1) The "activity" command ran from a SSH prompt with allow you to simulate a call from meeting place. Option 4, enter the number to dial and "f" for port.
2) In meeting place - Services -Logs - System Information Capture - Loading the index file and under the CCA SIP LOG is the error being returned by CUCM. In my case it was Warning: 399 CSLCCM1 "Unable to find a device handler for the request received on port
3) Command "cptrace" again from the SSH prompt will allow you to view the digits being sent from webex to meeting place.
I hope this information helps someone... -
Windows update KB2964444 broke Event Logging Service and SQL Agent Service on Windows Server 2008 R2
I got the following problem:
I discovered that on my Windows Server 2008R2 machine the event logging stopped working on 04/May/2014 at 03:15.
Also, SQL Agent Service won't run
The only change that day was security
update KB2964444 - Security
Update for Internet Explorer 11 for Windows Server 2008 R2for x64-based Systems, that was installed exactly 04/May/2014 at 03:00. Apparently, that's what broke my machine...
When I try to start Windows Event Log via net
start eventlog or via Services
panel, I get an error:
C:\Users\Administrator>net start eventlog
The Windows Event Log service is starting.
The Windows Event Log service could not be started.
A system error has occurred.
System error 2 has occurred.
The system cannot find the file specified.
I tried:
restarted the OS (virtual on the host's VMWare).
re-checked the settings in services menu -they are like in the link.
checked the identity in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog -
the identity is NT
AUTHORITY\LocalService
gave all Authenticated Users full access to C:\Windows\System32\winevt\Logs
ran fc /scannow - Windows Resource Protection did not find any integrity violations.
went to the file %windir%\logs\cbs\cbs.log -
all clean, [SR] Repairing 0 components
EDIT: Uninstalled the recent system updates and rebooted - didn't help
EDIT: Sysinternals Process Monitor results when running start service from services panel (procmon in elevated mode):
filters:
process name is svchost.exe : include
operation contains TCP : exclude
the events captured are:
21:50:33.8105780 svchost.exe 772 Thread Create SUCCESS Thread ID: 6088
21:50:33.8108848 svchost.exe 772 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read
21:50:33.8109134 svchost.exe 772 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0
21:50:33.8109302 svchost.exe 772 RegOpenKey HKLM\System\CurrentControlSet\Services REPARSE Desired Access: Read
21:50:33.8109497 svchost.exe 772 RegOpenKey HKLM\System\CurrentControlSet\Services SUCCESS Desired Access: Read
21:50:33.8110051 svchost.exe 772 RegCloseKey HKLM SUCCESS
21:50:33.8110423 svchost.exe 772 RegQueryKey HKLM\System\CurrentControlSet\services SUCCESS Query: HandleTags, HandleTags: 0x0
21:50:33.8110705 svchost.exe 772 RegOpenKey HKLM\System\CurrentControlSet\services\eventlog SUCCESS Desired Access: Read
21:50:33.8110923 svchost.exe 772 RegQueryKey HKLM\System\CurrentControlSet\services\eventlog SUCCESS Query: HandleTags, HandleTags: 0x0
21:50:33.8111257 svchost.exe 772 RegOpenKey HKLM\System\CurrentControlSet\services\eventlog\Parameters SUCCESS Desired Access: Read
21:50:33.8111547 svchost.exe 772 RegCloseKey HKLM\System\CurrentControlSet\services SUCCESS
21:50:33.8111752 svchost.exe 772 RegCloseKey HKLM\System\CurrentControlSet\services\eventlog SUCCESS
21:50:33.8111901 svchost.exe 772 RegQueryValue HKLM\System\CurrentControlSet\services\eventlog\Parameters\ServiceDll SUCCESS Type: REG_SZ, Length: 68, Data: %SystemRoot%\System32\wevtsvc.dll
21:50:33.8112148 svchost.exe 772 RegCloseKey HKLM\System\CurrentControlSet\services\eventlog\Parameters SUCCESS
21:50:33.8116552 svchost.exe 772 Thread Exit SUCCESS Thread ID: 6088, User Time: 0.0000000, Kernel Time: 0.0000000
NOTE: previoulsy, for
21:46:31.6130476 svchost.exe 772 RegQueryValue HKLM\System\CurrentControlSet\services\eventlog\Parameters\ServiceDll SUCCESS Type: REG_SZ, Length: 68, Data: %SystemRoot%\System32\wevtsvc.dll
I also got NAME
NOT FOUND error ,so I created the new string value for the Parameters with
the name ServiceDll and
data %SystemRoot%\System32\wevtsvc.dll (copied
from the upper HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog key)
and this event now is
21:46:31.6130476 svchost.exe 772 RegQueryValue HKLM\System\CurrentControlSet\services\eventlog\Parameters\ServiceDll SUCCESS Type: REG_SZ, Length: 68, Data: %SystemRoot%\System32\wevtsvc.dll
I also checked for the presence of wevtsvc.dll in
the place and it's there.
Also, I tried to capture all events with path containing 'event' and
got following events firing every several seconds:
21:38:38.9185226 services.exe 492 RegQueryValue HKLM\System\CurrentControlSet\services\EventSystem\Tag NAME NOT FOUND Length: 16
21:38:38.9185513 services.exe 492 RegQueryValue HKLM\System\CurrentControlSet\services\EventSystem\DependOnGroup NAME NOT FOUND Length: 268
21:38:38.9185938 services.exe 492 RegQueryValue HKLM\System\CurrentControlSet\services\EventSystem\Group NAME NOT FOUND Length: 268
Also, I tried to capture all the events containing 'file',
excluding w3wp.exe,
chrome.exe, wmiprvse.exe, wmtoolsd.exe, System and it shows NO attempts to access any file ih the time I try to start
the event logger (if run from cmd - there are several hits by net executable,
not present if run from the panel).
What can be done?Hi,
I don’t found the similar issue, if you have the IE 11 please try to update system automatic or install the MS14-029 update.
The related KB:
MS14-029: Security update for Internet Explorer 11 for systems that do not have update 2919355 (for Windows 8.1 or Windows Server 2012 R2) or update 2929437 (for Windows 7
SP1 or Windows Server 2008 R2 SP1) installed: May 13, 2014
http://support.microsoft.com/kb/2961851/en-us
Hope this helps.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Script to Export Pervious Day Events Logs to CSV
HI,
I am trying to export all the previous day's application event logs to a CSV file. I found the following script on net. But for this script to work I need to enter in the Event ID's I wont to export. Does anyone have any idea how I can change thsi script
to export all event ID's or have another script that can?
'Description : This script queries the event log for...whatever you want it to! Just set the event 'log name and event ID's!
'Initialization Section
Option Explicit
Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8
Dim objDictionary, objFSO, wshShell, wshNetwork
Dim scriptBaseName, scriptPath, scriptLogPath
Dim ipAddress, macAddress, item, messageType, message
On Error Resume Next
Set objDictionary = NewDictionary
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set wshShell = CreateObject("Wscript.Shell")
Set wshNetwork = CreateObject("Wscript.Network")
scriptBaseName = objFSO.GetBaseName(Wscript.ScriptFullName)
scriptPath = objFSO.GetFile(Wscript.ScriptFullName).ParentFolder.Path
scriptLogPath = scriptPath & "\" & IsoDateString(Now)
If Err.Number <> 0 Then
Wscript.Quit
End If
On Error Goto 0
'Main Processing Section
On Error Resume Next
PromptScriptStart
ProcessScript
If Err.Number <> 0 Then
MsgBox BuildError("Processing Script"), vbCritical, scriptBaseName
Wscript.Quit
End If
PromptScriptEnd
On Error Goto 0
'Functions Processing Section
'Name : ProcessScript -> Primary Function that controls all other script processing.
'Parameters : None ->
'Return : None ->
Function ProcessScript
Dim hostName, logName, startDateTime, endDateTime
Dim events, eventNumbers, i
hostName = wshNetwork.ComputerName
logName = "application"
eventNumbers = Array("1001","1")
startDateTime = DateAdd("n", -21600, Now)
'Query the event log for the eventID's within the specified event log name and date range.
If Not QueryEventLog(events, hostName, logName, eventNumbers, startDateTime) Then
Exit Function
End If
'Log the scripts results to the scripts
For i = 0 To UBound(events)
LogMessage events(i)
Next
End Function
'Name : QueryEventLog -> Primary Function that controls all other script processing.
'Parameters : results -> Input/Output : Variable assigned to an array of results from querying the event log.
' : hostName -> String containing the hostName of the system to query the event log on.
' : logName -> String containing the name of the Event Log to query on the system.
' : eventNumbers -> Array containing the EventID's (eventCode) to search for within the event log.
' : startDateTime -> Date\Time containing the date to finish searching at.
' : minutes -> Integer containing the number of minutes to subtract from the startDate to begin the search.
'Return : QueryEventLog -> Returns True if the event log was successfully queried otherwise returns False.
Function QueryEventLog(results, hostName, logName, eventNumbers, startDateTime)
Dim wmiDateTime, wmi, query, eventItems, eventItem
Dim timeWritten, eventDate, eventTime, description
Dim eventsDict, eventInfo, errorCount, i
QueryEventLog = False
errorCount = 0
If Not IsArray(eventNumbers) Then
eventNumbers = Array(eventNumbers)
End If
'Construct part of the WMI Query to account for searching multiple eventID's
query = "Select * from Win32_NTLogEvent Where Logfile = " & SQ(logName) & " And (EventCode = "
For i = 0 To UBound(eventNumbers)
query = query & SQ(eventNumbers(i)) & " Or EventCode = "
Next
On Error Resume Next
Set eventsDict = NewDictionary
If Err.Number <> 0 Then
LogError "Creating Dictionary Object"
Exit Function
End If
Set wmi = GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!\\" & hostName & "\root\cimv2")
If Err.Number <> 0 Then
LogError "Creating WMI Object to connect to " & DQ(hostName)
Exit Function
End If
'Create the "SWbemDateTime" Object for converting WMI Date formats. Supported in Windows Server 2003 & Windows XP.
Set wmiDateTime = CreateObject("WbemScripting.SWbemDateTime")
If Err.Number <> 0 Then
LogError "Creating " & DQ("WbemScripting.SWbemDateTime") & " object"
Exit Function
End If
'Build the WQL query and execute it.
wmiDateTime.SetVarDate startDateTime, True
query = Left(query, InStrRev(query, "'")) & ") And (TimeWritten >= " & SQ(wmiDateTime.Value) & ")"
Set eventItems = wmi.ExecQuery(query)
If Err.Number <> 0 Then
LogError "Executing WMI Query " & DQ(query)
Exit Function
End If
'Convert the property values of Each event found to a comma seperated string and add it to the dictionary.
For Each eventItem In eventItems
Do
timeWritten = ""
eventDate = ""
eventTime = ""
eventInfo = ""
timeWritten = ConvertWMIDateTime(eventItem.TimeWritten)
eventDate = FormatDateTime(timeWritten, vbShortDate)
eventTime = FormatDateTime(timeWritten, vbLongTime)
eventInfo = eventDate &
eventInfo = eventInfo & eventTime & ","
eventInfo = eventInfo & eventItem.SourceName & ","
eventInfo = eventInfo & eventItem.Type & ","
eventInfo = eventInfo & eventItem.Category & ","
eventInfo = eventInfo & eventItem.EventCode & ","
eventInfo = eventInfo & eventItem.User & ","
eventInfo = eventInfo & eventItem.ComputerName & ","
description = eventItem.Message
'Ensure the event description is not blank.
If IsNull(description) Then
description = "The event description cannot be found."
End If
description = Replace(description, vbCrLf, " ")
eventInfo = eventInfo & description
'Check if any errors occurred enumerating the event Information
If Err.Number <> 0 Then
LogError "Enumerating Event Properties from the " & DQ(logName) & " event log on " & DQ(hostName)
errorCount = errorCount + 1
Err.Clear
Exit Do
End If
'Remove all Tabs and spaces.
eventInfo = Trim(Replace(eventInfo, vbTab, " "))
Do While InStr(1, eventInfo, " ", vbTextCompare) <> 0
eventInfo = Replace(eventInfo, " ", " ")
Loop
'Add the Event Information to the Dictionary object if it doesn't exist.
If Not eventsDict.Exists(eventInfo) Then
eventsDict(eventsDict.Count) = eventInfo
End If
Loop Until True
Next
On Error Goto 0
If errorCount <> 0 Then
Exit Function
End If
results = eventsDict.Items
QueryEventLog = True
End Function
'Name : ConvertWMIDateTime -> Converts a WMI Date Time String into a String that can be formatted as a valid Date Time.
'Parameters : wmiDateTimeString -> String containing a WMI Date Time String.
'Return : ConvertWMIDateTime -> Returns a valid Date Time String otherwise returns a Blank String.
Function ConvertWMIDateTime(wmiDateTimeString)
Dim integerValues, i
'Ensure the wmiDateTimeString contains a "+" or "-" character. If it doesn't it is not a valid WMI date time so exit.
If InStr(1, wmiDateTimeString, "+", vbTextCompare) = 0 And _
InStr(1, wmiDateTimeString, "-", vbTextCompare) = 0 Then
ConvertWMIDateTime = ""
Exit Function
End If
'Replace any "." or "+" or "-" characters in the wmiDateTimeString and check each character is a valid integer.
integerValues = Replace(Replace(Replace(wmiDateTimeString, ".", ""), "+", ""), "-", "")
For i = 1 To Len(integerValues)
If Not IsNumeric(Mid(integerValues, i, 1)) Then
ConvertWMIDateTime = ""
Exit Function
End If
Next
'Convert the WMI Date Time string to a String that can be formatted as a valid Date Time value.
ConvertWMIDateTime = CDate(Mid(wmiDateTimeString, 5, 2) & "/" & _
Mid(wmiDateTimeString, 7, 2) & "/" & Left(wmiDateTimeString,
4) & " " & _
Mid(wmiDateTimeString, 9, 2) & ":" & _
Mid(wmiDateTimeString, 11, 2) & ":" & _
Mid(wmiDateTimeString, 13, 2))
End Function
'Name : NewDictionary -> Creates a new dictionary object.
'Parameters : None ->
'Return : NewDictionary -> Returns a dictionary object.
Function NewDictionary
Dim dict
Set dict = CreateObject("scripting.Dictionary")
dict.CompareMode = vbTextCompare
Set NewDictionary = dict
End Function
'Name : SQ -> Places single quotes around a string
'Parameters : stringValue -> String containing the value to place single quotes around
'Return : SQ -> Returns a single quoted string
Function SQ(ByVal stringValue)
If VarType(stringValue) = vbString Then
SQ = "'" & stringValue & "'"
End If
End Function
'Name : DQ -> Place double quotes around a string and replace double quotes
' : -> within the string with pairs of double quotes.
'Parameters : stringValue -> String value to be double quoted
'Return : DQ -> Double quoted string.
Function DQ (ByVal stringValue)
If stringValue <> "" Then
DQ = """" & Replace (stringValue, """", """""") & """"
Else
DQ = """"""
End If
End Function
'Name : IsoDateTimeString -> Generate an ISO date and time string from a date/time value.
'Parameters : dateValue -> Input date/time value.
'Return : IsoDateTimeString -> Date and time parts of the input value in "yyyy-mm-dd hh:mm:ss" format.
Function IsoDateTimeString(dateValue)
IsoDateTimeString = IsoDateString (dateValue) & " " & IsoTimeString (dateValue)
End Function
'Name : IsoDateString -> Generate an ISO date string from a date/time value.
'Parameters : dateValue -> Input date/time value.
'Return : IsoDateString -> Date part of the input value in "yyyy-mm-dd" format.
Function IsoDateString(dateValue)
If IsDate(dateValue) Then
IsoDateString = Right ("000" & Year (dateValue), 4) & "-" & _
Right ( "0" & Month (dateValue), 2) & "-" & _
Right ( "0" & Day (dateValue), 2)
Else
IsoDateString = "0000-00-00"
End If
End Function
'Name : IsoTimeString -> Generate an ISO time string from a date/time value.
'Parameters : dateValue -> Input date/time value.
'Return : IsoTimeString -> Time part of the input value in "hh:mm:ss" format.
Function IsoTimeString(dateValue)
If IsDate(dateValue) Then
IsoTimeString = Right ("0" & Hour (dateValue), 2) & ":" & _
Right ("0" & Minute (dateValue), 2) & ":" & _
Right ("0" & Second (dateValue), 2)
Else
IsoTimeString = "00:00:00"
End If
End Function
'Name : LogMessage -> Writes a message to a log file.
'Parameters : logPath -> String containing the full folder path and file name of the Log file without with file extension.
' : message -> String containing the message to include in the log message.
'Return : None ->
Function LogMessage(message)
If Not LogToCentralFile(scriptLogPath & ".csv", IsoDateTimeString(Now) & "," & message) Then
Exit Function
End If
End Function
'Name : LogError -> Writes an error message to a log file.
'Parameters : logPath -> String containing the full folder path and file name of the Log file without with file extension.
' : message -> String containing a description of the event that caused the error to occur.
'Return : None ->
Function LogError(message)
If Not LogToCentralFile(scriptLogPath & ".err", IsoDateTimeString(Now) & "," & BuildError(message)) Then
Exit Function
End If
End Function
'Name : BuildError -> Builds a string of information relating to the error object.
'Parameters: message -> String containnig the message that relates to the process that caused the error.
'Return : BuildError -> Returns a string relating to error object.
Function BuildError(message)
BuildError = "Error " & Err.Number & " (Hex " & Hex(Err.Number) & ") " & message & ". " & Err.Description
End Function
'Name : LogToCentralFile -> Attempts to Appends information to a central file.
'Parameters : logSpec -> Folder path, file name and extension of the central log file to append to.
' : message -> String to include in the central log file
'Return : LogToCentralFile -> Returns True if Successfull otherwise False.
Function LogToCentralFile(logSpec, message)
Dim attempts, objLogFile
LogToCentralFile = False
'Attempt to append to the central log file up to 10 times, as it may be locked by some other system.
attempts = 0
Do
On Error Resume Next
Set objLogFile = objFSO.OpenTextFile(logSpec, ForAppending, True)
If Err.Number = 0 Then
objLogFile.WriteLine message
objLogFile.Close
LogToCentralFile = True
Exit Function
End If
On Error Goto 0
Randomize
Wscript.sleep 1000 + Rnd * 100
attempts = attempts + 1
Loop Until attempts >= 10
End Function
'Name : PromptScriptStart -> Prompt when script starts.
'Parameters : None
'Return : None
Function PromptScriptStart
MsgBox "Now processing the " & DQ(Wscript.ScriptName) & " script.", vbInformation, scriptBaseName
End Function
'Name : PromptScriptEnd -> Prompt when script has completed.
'Parameters : None
'Return : None
Function PromptScriptEnd
MsgBox "The " & DQ(Wscript.ScriptName) & " script has completed successfully.", vbInformation, scriptBaseName
End Function
ThanksHere is a script that will copy the previous days events and save them to "C:\". The file name be yesterdays date ex "04-18-2010-Events.csv"
Const strComputer = "."
Dim objFSO, objWMIService, colEvents, objEvent, outFile
Dim dtmStartDate, dtmEndDate, DateToCheck, fileDate
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set dtmStartDate = CreateObject("WbemScripting.SWbemDateTime")
Set dtmEndDate = CreateObject("WbemScripting.SWbemDateTime")
'change the date form "/" to "-" so it can be used in the file name
fileDate = Replace(Date - 1,"/","-")
Set outFile = objFSO.CreateTextFile("C:\" & fileDate & "-Events.csv",True)
DateToCheck = Date - 1
dtmEndDate.SetVarDate Date, True
dtmStartDate.SetVarDate DateToCheck, True
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where TimeWritten >= '" _
& dtmStartDate & "' and TimeWritten < '" & dtmEndDate & "'")
For each objEvent in colEvents
outFile.WriteLine String(100,"-")
outFile.WriteLine "Category = " & objEvent.Category
outFile.WriteLine "ComputerName = " & objEvent.ComputerName
outFile.WriteLine "EventCode = " & objEvent.EventCode
outFile.WriteLine "Message = " & objEvent.Message
outFile.WriteLine "RecordNumber = " & objEvent.RecordNumber
outFile.WriteLine "SourceName = " & objEvent.SourceName
outFile.WriteLine "TimeWritten = " & objEvent.TimeWritten
outFile.WriteLine "Type = " & objEvent.Type
outFile.WriteLine "User = " & objEvent.User
outFile.WriteLine String(100,"-")
Next
outFile.Close
MsgBox "Finished!"
v/r LikeToCode....Mark the best replies as answers. -
Where are the explanations for the error codes in Envy 120 EWS Event Log
I have been having trouble with the printer, and following diagnostic recommendations from a separate thread, have looked at the event log.
I see a series of events, mostly 74899 Printer Event and 74741 Network Information.
What I DO NOT SEE is any explanation of these events, and whether they are normal or indications of trouble.
I have also searched online for the Secret Message Decoder but nothing was found with Bing or Google.
Seriously, what value are the codes without a way to interpret them?
I beginning to regret my long-term loyalty to HP products.Hello @mikerb,
I have read your post on how your desktop computer is displaying an error message in regards to a Kernel event log, and I would be happy to assist you in this matter!
To further diagnose this issue, I recommend following the steps in this document on Windows Kernel event ID 41 error "The system has rebooted without cleanly shutting down first". This should help to resolve the critical error message.
Just to be on the safe side, I also suggest following this resource on Testing for Hardware Failures (Windows 8); which should help determine if there is a hardware defect with one or multiple hardware components on your computer.
Please re-post with the results of your troubleshooting, and I look forward to your reply!
Regards
MechPilot
I work on behalf of HP
Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
Click the “Kudos, Thumbs Up" on the right to say “Thanks” for helping! -
Home Hub 3. Constant connectivity loss. Event log ...
Trying to get any kind of service out of my BT Infinity provision nowadays is like trying to arrange a tsunami in a desert.
Time after time after time after time, the Internet is working normally but then a page refuses to refresh and attempts to open another website result only in 'page not found' even though the Internet-connection icon is glowing steadily in the tray, and when I ask Windows to check on things, it reports that no problems have been found and the connection is working normally.
Except, of course, it isn't. I am not a technical expert and therefore haven't much of a clue where to start with this. My Vista OS runs with Panda Cloud AV and Malwarebytes PRO and Windows Firewall, all three of which have always played nicely. Prior to switching to BT Infinity, I had 'ordinary' BT broadband via a Netgear wireless router. The service was trouble-free.
This morning, I decided to delve into BT Home Hub Manager to re-set to factory default. That in itself took some doing because clicking on the Firefox bookmark got me nowhere at all: I had to sit here and wait for 10 minutes before the Hub page suddenly appeared as if out of nowhere.
I found in the event logs a seemingly unending chain of firewall related reports. Rather than read 'em all, I just hit re-set and whoa-hey, after a 5 or 6 minute wait, everything was fine and dandy again. . .
Until, 20 minutes later, it wasn't. Despite the re-set, Internet connectivity was shot to pieces. I'm on Amazon UK and click to open a new page in a new tab: Page Not Found. On the BBC News website, click on a link to open in a new tab: Page Not Found. Reload any of those exisdting, open pages and the reload circle just spins and spins until. . . Page Not Found.
Unfortunately, I can't make head nor tail of the log reports in the Firewall section, but typically they read:
IN: BLOCK [16] Remote administration
BLOCKED 1 more packet [because of Remote Administration]
IN: BLOCK [9] Packet invalid in connection
BLOCKED 4 more packets (because of Packet invalid in connection)
IN: BLOCK [9] Packet invalid in connection
BLOCKED 20 more packets (because of Packet invalid in connection)
BLOCKED 40 more packets (becuase of Packet invalid in connection)
And so it goes on. . . and on. It's not even clear to me if the Home Hub is doing the blocking anyway, but if it is, then I can't begin to figure out why websites like Amazon UK, BBC News, Speedtest and even Google Maps should be BLOCKED.
Help appreciated. . . always assuming, this post actually gets through -- I've no idea if this page has gone down or not, because though it's on-screen, that no longer means anything at all.Thanks, Ray. Just managed to get back on here, there's been virtually no connectivity at all. One odd thing has been that the Home Hub Manager has opened OK. But it is no longer in agreement with the computer about whether or not connectivity exists. For example:
1) Click on disconnect in HH Manager, and it reports that the task has been achieved and the button changes to 'connect'.
But no disconnection has occurred. The Internet icon is still in the tray in its 'connected' state. And it's possible to go on the Net and briefly open up a website that isn't in the FF cache. But then everything fails again. Alternatively:
2) Click 'disconnect' in the tray control and the icon changes shows a bid red x. But the HH Manager doesn't agree. It continues to report that the computer is connected to the Internet.
I'm baffled and wearied. I'll have to relocate the Infinity set-up from downstairs to where this computer is; I'm assuming, I leave the modem in place (the new white flat thing the engineer brought when he installed Infinity)and just disconnect the black HH3 and brin g it upstairs and plug it into the PC?
Thanks for your help, much appreciated. -
Event log is not working in Multiform server
Hi ,
We are trying to implement event logging in our application. We have created separate event source for our application. When we testing this our local dev machine it is working without any problem. when I try to test the same in higher environment (QA, Pre-prod)
it is not working. The QA environment is a multi form server. We are able to see the event source in the event viewer, but the logging is not happening. We have tried restarting IIS, restarting the services.
Any suggestion or guidance will be highly appreciated.
Thanks in AdvanceHi GHPMS,
>>We are trying to implement event logging in our application
Do you mean this code as below?
string sSource;
string sLog;
string sEvent;
sSource = "dotNET Sample App";
sLog = "Application";
sEvent = "Sample Event";
if (!EventLog.SourceExists(sSource))
EventLog.CreateEventSource(sSource, sLog);
EventLog.WriteEntry(sSource, sEvent);
EventLog.WriteEntry(sSource, sEvent,
EventLogEntryType.Warning, 234);
Like in following screenshot
>>We are able to see the event source in the event viewer, but the logging is not happening.
Maybe, you also need to check if the
eventlog exist method before you try to crate it new.
You might need check on what account the service is running under, which may make a difference on multi form server and up since they are more stringent on account rights on those environment.
Best regards,
Kristin
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
Hi,
After a sudden power failure, I guess vista file system is corrupt. I am able to start vista in normal mode, but it seems there are errors like Event Log service unable to start itself, when I start IE, it closes automatically ,
Norton antivirus does not start itself. and so on.
After Bing search, I went to safe mode and executed sfc /scannow and it reported error as below.
"Windows resource protection found corrupt files but was unable to fix some of them"
Unfortunately I am unable to upload log file, so I am pasting CBS.log content here.... Please advice.
Some parts of logs are removed due to limit of 60000 characters.
Please advice.
Regards
2014-07-07 14:55:57, Info CBS Loaded Servicing Stack v6.0.6002.18005 with Core: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cbscore.dll
2014-07-07 14:55:58, Info CSI
00000001@2014/7/7:09:25:58.062 WcpInitialize (wcp.dll version 0.0.0.5) called (stack @0x6e9c8a50 @0x7147854e @0x714563a1 @0x341392 @0x341ed4 @0x3417cb)
2014-07-07 14:55:58, Info CSI
00000002@2014/7/7:09:25:58.156 WcpInitialize (wcp.dll version 0.0.0.5) called (stack @0x6e9c8a50 @0x714ae7b6 @0x71490f93 @0x341392 @0x341ed4 @0x3417cb)
2014-07-07 14:55:58, Info CSI
00000003@2014/7/7:09:25:58.187 WcpInitialize (wcp.dll version 0.0.0.5) called (stack @0x6e9c8a50 @0x73981a0d @0x73981794 @0x34360b @0x342be3 @0x3417cb)
2014-07-07 14:55:58, Info CBS NonStart: Checking to ensure startup processing was not required.
2014-07-07 14:55:58, Info CBS NonStart: Windows is in Safe Mode.
2014-07-07 14:55:58, Info CSI 00000004 IAdvancedInstallerAwareStore_ResolvePendingTransactions (call 1) (flags = 00000004, progress = NULL,
phase = 0, pdwDisposition = @0x2dfe70
2014-07-07 14:55:58, Info CBS NonStart: Success, startup processing not required as expected.
2014-07-07 14:55:58, Info CSI 00000005 CSI Store 4780952 (0x0048f398) initialized
2014-07-07 14:56:03, Info CSI 00000006 [SR] Verifying 100 (0x00000064) components
2014-07-07 14:56:03, Info CSI 00000007 [SR] Beginning Verify and Repair transaction
2014-07-07 14:56:10, Info CSI 00000008 Repair results created:
POQ 0 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\ca20037dc599cf01650000007806a403._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\aa070f7dc599cf01660000007806a403.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
2: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\6aca137dc599cf01670000007806a403.program_files_common_files_d7a65bb2f0e854e7.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms"
3: Move File: Source = [l:278{139}]"\SystemRoot\WinSxS\Temp\PendingRenames\2a8d187dc599cf01680000007806a403.program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms", Destination = [l:190{95}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms"
4: Move File: Source = [l:286{143}]"\SystemRoot\WinSxS\Temp\PendingRenames\4ab11f7dc599cf01690000007806a403.program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms", Destination = [l:198{99}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms"
5: Move File: Source = [l:292{146}]"\SystemRoot\WinSxS\Temp\PendingRenames\aa12227dc599cf016a0000007806a403.program_files_common_files_microsoft_shared_ink_en_7a951cedcb9a5105.cdf-ms", Destination = [l:204{102}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_en_7a951cedcb9a5105.cdf-ms"
6: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\aa28487dc599cf016b0000007806a403.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
7: Move File: Source = [l:208{104}]"\SystemRoot\WinSxS\Temp\PendingRenames\6aeb4c7dc599cf016c0000007806a403.$$_ehome_40103e2da1d
2014-07-07 14:56:10, Info CSI 121de.cdf-ms", Destination = [l:120{60}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_40103e2da1d121de.cdf-ms"
POQ 0 ends.
2014-07-07 14:56:10, Info CSI 00000009 [SR] Verify complete
2014-07-07 14:56:11, Info CSI 0000000a [SR] Verifying 100 (0x00000064) components
2014-07-07 14:56:11, Info CSI 0000000b [SR] Beginning Verify and Repair transaction
2014-07-07 14:56:19, Info CSI 0000000c Repair results created:
POQ 1 starts:
POQ 42 ends.
2014-07-07 14:58:29, Info CSI 000000b1 [SR] Verify complete
2014-07-07 14:58:30, Info CSI 000000b2 [SR] Verifying 100 (0x00000064) components
2014-07-07 14:58:30, Info CSI 000000b3 [SR] Beginning Verify and Repair transaction
2014-07-07 14:58:38, Info CSI 000000b4 Repair results created:
POQ 43 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\4a5ad3d4c599cf01391100007806a403._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\4a5ad3d4c599cf013a1100007806a403.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\cadfdcd4c599cf013b1100007806a403.$$_help_windows_en-us_b594929e73669c5e.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_help_windows_en-us_b594929e73669c5e.cdf-ms"
3: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\2a41dfd4c599cf013c1100007806a403.$$_help_help_en-us_91e6e7979a9bf9c6.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_help_help_en-us_91e6e7979a9bf9c6.cdf-ms"
4: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\ea0ef7d4c599cf013d1100007806a403.$$_apppatch_1143992cbbbebcab.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_apppatch_1143992cbbbebcab.cdf-ms"
5: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\ea241dd5c599cf013e1100007806a403.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
6: Create Directory: Directory = [l:48{24}]"\??\C:\Program Files\MSN", Attributes = 00000080
POQ 43 ends.
2014-07-07 14:58:38, Info CSI 000000b5 [SR] Verify complete
2014-07-07 14:58:38, Info CSI 000000b6 [SR] Verifying 100 (0x00000064) components
2014-07-07 14:58:38, Info CSI 000000b7 [SR] Beginning Verify and Repair transaction
2014-07-07 14:58:43, Info CSI 000000b8 Repair results created:
POQ 44 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\eac6f0d7c599cf01a31100007806a403._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\aa89f5d7c599cf01a41100007806a403.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\6a4cfad7c599cf01a51100007806a403.$$_resources_fbee56ab048ab239.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_resources_fbee56ab048ab239.cdf-ms"
3: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\caadfcd7c599cf01a61100007806a403.$$_resources_themes_4d0d4910e83c2273.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_4d0d4910e83c2273.cdf-ms"
4: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\caadfcd7c599cf01a71100007806a403.$$_resources_themes_aero_3fd78bf4cb5fa2c4.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_3fd78bf4cb5fa2c4.cdf-ms"
5: Move File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenames\8a7001d8c599cf01a81100007806a403.$$_resources_themes_aero_shell_a91dfa5124b343c4.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_shell_a91dfa5124b343c4.cdf-ms"
6: Move File: Source = [l:276{138}]"\SystemRoot\WinSxS\Temp\PendingRenames\aa9408d8c599cf01a91100007806a403.$$_resources_themes_aero_shell_normalcolor_10be8ec981b35fb6.cdf-ms", Destination = [l:188{94}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_shell_normalcolor_10be8ec981b35fb6.cdf-ms"
7: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\cab80fd8c599cf01aa1100007806a403.$$_schcache_f995a5d4decb8cc0.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_schcache_f995a5d4decb8cc0.cdf
2014-07-07 14:58:43, Info CSI -ms"
8: Move File: Source = [l:212{106}]"\SystemRoot\WinSxS\Temp\PendingRenames\cad948d8c599cf01ab1100007806a403.$$_msagent_be90584645cb9b95.cdf-ms", Destination = [l:124{62}]"\SystemRoot\WinSxS\FileMaps\$$_msagent_be90584645cb9b95.cdf-ms"
9: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\4a7578d8c599cf01ac1100007806a403.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
10: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\cafa81d8c599cf01ad1100007806a403.$$_system32_manifeststore_7d35b12f9be4c20e.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_system32_manifeststore_7d35b12f9be4c20e.cdf-ms"
11: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\aae18dd8c599cf01ae1100007806a403.$$_msagent_chars_9a5bcb5da392f588.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_msagent_chars_9a5bcb5da392f588.cdf-ms"
POQ 107 ends.
2014-07-07 15:08:01, Info CSI 00000213 [SR] Repair complete
2014-07-07 15:08:01, Info CSI 00000214 [SR] Committing transaction
2014-07-07 15:08:01, Info CSI 00000215 Creating NT transaction (seq 1), objectname [6]"(null)"
2014-07-07 15:08:01, Info CSI 00000216 Created NT transaction (seq 1) result 0x00000000, handle @0x4cc
2014-07-07 15:08:01, Info CSI
00000217@2014/7/7:09:38:01.060 CSI perf trace:
CSIPERF:TXCOMMIT;5
2014-07-07 15:08:01, Info CSI 00000218 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction
have been successfully repaired
2014-07-07 15:15:58, Info CBS Scavenge: Package store indicates there is no component to scavenge, skipping.
Hi,
First, I would suggest you using last known good configuration:
Using Last Known Good Configuration
http://windows.microsoft.com/en-in/windows/using-last-known-good-configuration#1TC=windows-vista
if this cannot bring your Windows Vista back to good state, I suggest you perform in-place upgrade to fix the corrupted files:
How to Perform an In-Place Upgrade on Windows Vista, Windows 7, Windows Server 2008 & Windows Server 2008 R2
http://support.microsoft.com/kb/2255099/en-us
If you have any feedback on our support, please click
here
Alex Zhao
TechNet Community Support -
Event log entries missing in PoSh but visible in Eventvwr
Hi,
I've noticed the following issue on about 10 out of 2500 computers which run a script on our domain, so its minor, but I'd like to understand why its happening.
When I query the event log using the eventvwr GUI I can filter on event ID 7001 and all the events list fine. However when I run 'get-eventlog -logname system -instanceid 7001' it shows all the events except the last 3 or so most recent ones (which are visible
in the GUI).
I've cross referenced this with an event visible in the GUI that had an EventRecordID of 32029. But when querying this via PowerShell 'get-eventlog -logname system -index 32029' it returns 'no matches found'.
Its a weird problem, because if I was to query to logs in a few hours time after a few more people have logged on/off the computer then the event would show in PowerShell, but the new most recent ones wouldn't.
Is there a caching mechanism at work, and if so how could I disable it? Its interesting that these machines are all built from the same WDS image with the same GPO's applied but only a very small percentage exhibit this issue, all other machines show recent
event logs in PowerShell instantly.
I should also mention that these are all Windows 7 x64 computers.
Any help appreciated.
Thanks,
PhilHi,
Based on my understanding, only some of your computers have this issue. And when use WMI, we could query all of the events, but when use powershell command, some logs are missing.
I would like to know that when we use 'get-eventlog -logname system -instanceid 7001| out-file c:\result.txt', how many logs are there?
What I think it may caused by there are so many logs information, and could not be dispalyed out. We may try some other logs also.
Regards,
Yan Li
TechNet Subscriber Support
If you are
TechNet Subscription
user and have any feedback on our support quality, please send your feedback
here.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
VSS snapshot of 1.1TB is ending after few hours with timeout. No errors in event log
Hello,
does someone have experienced issue where starting making snapshot (forum GUI or command line) is taking a lot of time and then it just ends with timeout?
I have scenario on virtualised Windows Web Server 2008 R2 where backup is being made by Idera Backup Software but since it relies on VSS Snapshots then we can just skip this point because making snapshots from directly Windows command line or drive preferences/GUI
is ending with timeout for this single drive after few hours. Affected system has 3 drives: C - 95GB, D-1.06TB and E-120GB. C and E can be backuped correctly and only drive D has problems. System is updated with latest drivers vssadmin for writers returns
list without any errors and snapshot for drive D which ends with timeout is not generating any error in event log. I wanted to configure VSS trace like it is being instructed on this site:
http://publib.boulder.ibm.com/infocenter/tsminfo/v6/index.jsp?topic=%2Fcom.ibm.itsm.tshoot.doc%2Ft_pdg_traceprfrm.html
but I don't see any trace.txt file on given location. If I remove drive D from backup process it ends without errors. System was restarted many times. Only thing which is visible in windows Event log (application part) is that "The VSS service is shutting
down due to idle timeout." about 4 hours after snapshot making proces is starting.
I've contacted Idera backup about this but they can't help too much if Windows snapshot process is failing. They suggested that something can be wrong with this drive but since this is virtualised machine and all of my VM are being stored on RAID10 disk
array connected to my server using fiber connections then I don't think that this is hardware issue (especially when other two drives are located on the same LUN on disk array).
Any suggestions?
RegardsHi,
Do you create VMs on Hyper-V or VMWare? Based on research, possible causes could be:
1. Files changes in the volume is very huge. So the shadow size may be big and the current shadow storage my not able to hold it. And that’s cause the shadow copy creation failure.
2. The I/O in D drive is heavy and make the shadow copy I/O failed.
3. Server is too busy to handle the request.
4. The disk is heavily defragment.
Please refer to the articles to troubleshoot the issue:
Time-out errors occur in Volume Shadow Copy service writers, and shadow copies are lost during backup and during times when there are high levels of input/output
http://support.microsoft.com/kb/826936/en-us
VSS timeouts during backup? What could contribute to that?
https://blogs.technet.com/b/askpfeplat/archive/2012/09/12/vss-timeouts-during-backup-check-fragmentation.aspx
Regards,
Mandy
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Essential event viewer bugs with "Forwarded Events" log in Windows Server 2008 R2 and Windows 7
To my general experience, Windows event viewer is one of the most problematic, faulty management tools in the case of extensive use of its more sophisticated capabilities. The sole description as well as reproduction of some entangled failures would require
remarkable effort.
With the "Forwarded Events" log however, the situation becomes particularly worse in that even simple functionality fails and workarounds are difficult to find. That’s what I’ll describe here in order to share my experience with interested users.
For precision: I’ve extensively used event viewer on a German Windows Server 2008 R2 SP1 (Windows SBS 2011 Standard SP1). The bugs I found on that system, I could reproduce on a German Windows 7 Professional 64-Bit SP1, too.
Problem 1: Failure of even simple event filtering
To reproduce this problem, execute these steps on a test machine with any of the two OS mentioned above:
(i) To prepare log contents, do either of the following:
(a) populate some events to your local "Forwarded Events" log (most simply by subscribing events from other logs of the same machine; stop subscription if you have collected some events)
Or
(b) copy a non-empty log file "ForwardedEvents.evtx" from another machine (with any of the two OS mentioned above) to your test machine and open the file in event viewer.
(ii) Navigate to your "Forwarded Events" test log and open the filtering dialog. In the "Includes/Excludes Event IDs" field, type: 1-9000. Click OK.
(iii) Look at the results pane: Surprise, 0 Events! Do you really have no event IDs between 1 and 9000 in your test log?
(iv) Another example, if you have forwarded security events in your test log: Clear filter, if any previous filter is in place. Open the filtering dialog. In "Keywords" sub-dialog, choose "Audit Success". Click OK.
(v) Look at the results pane: Surprise, 0 Events! Do you really have no successful security monitoring events in your test log?
I’ll finish here. If you have a rich variety of events in your test log available, let your imagination run wild to test around. Finally include some simple manually created or modified XPath filters on the XML tab of the filtering dialog. I promise, you’ll
find a lot of additional strange results.
Problem 2: Cannot save manually selected events to .evtx file
Navigate to your "Forwarded Events" test log. In the results pane, select one or more events by highlighting them by mouse clicks. In context menu, choose "Save selected events". In the "save as" dialog, choose file type *.evtx
and save your file. Open the newly created file in event viewer. Result: Surprise, no events inside the new file!
Have more fun with forwarded events
HelmutDid you mean that right click Forwarded Event and select "Filter Current Log..."? Since I can filter correct event vai the "Filter Current Log..." in my Lab environment.
Hi Justin,
yes, I mean "Filter Current Log ... " (in my German systems: "Aktuelles Protokoll filtern ... ").
What do you mean with "my Lab environment" exactly?
In the meantime, I performed additional tests. I copied the "ForwardedEvents.evtx" test file from Server 2008 R2 resp. Windows 7 to
(i) German Windows 8 Pro 64-Bit RTM
(ii) German Windows 8.1 Pro 64-Bit, up-to-date
in order to view and filter the file there.
Results: Same event viewer problem on Windows 8 RTM, but correct behavior on Windows 8.1!
Best regards, Helmut -
Cisco Meeting Place Express 2.1.1.2 and not working anymore
Hello, we currently have cisco meeting place express 2.1.1.2; however are now having issues with it. We are unable to dial to the internal extension that was previously working to login to the meetings and only get a busy signal everytime. Furthermore, whenever someone tries to schedule a new meeting via the web form, it says "request to server timed out. please try again".
I tried reaching out to Cisco TAC support; however it's no longer a supported item and am looking for assistance here. The TAC engineer was able to help assist with updating the system clock; however I believe the problems started happening after we updated the clock and rebooted the server. Now we are unable to schedule and attend any meetings (busy signal everytime) at all. I tried restarting the server itself as well as via the command line. I also now see an error during CLI restart, which I have listed directly below:
Stopping MeetingPlace SNMP/R: [ OK ]
Stopping mpe-tomcat-main: bash: /root/.bashrc: Permission denied
[ OK ]
Stopping mpe-tomcat-securewebservices: bash: /root/.bashrc: Permission denied
[ OK ]
Shutting down breeze: [ OK ]
Shutting down fmsmaster: [ OK ]
Shutting down fmsadmin: [ OK ]
Stopping MeetingPlace application: /etc/init.d/mpx_app: line 264: 4955 Segmentation fault (core dumped) ${shutdown_bin} ${shutdown_arg_1} ${shutdown_arg_2} ${shutdown_arg_3} >>${non_verbose_shutdown_output} 2>&1
[FAILED]
ERROR: returncode = 139
Stopping MeetingPlace License Manager: [ OK ]
Stopping MeetingPlace database: [ OK ]
Stopping MeetingPlace Java RMI: Shutting down RMI Registry:
[ OK ]
Stopping Cisco MeetingPlace Express: [ OK ]
Starting MeetingPlace Java RMI: Starting RMI Registry:
starting daemon
mpxadmin
[ OK ]
Starting MeetingPlace database: [ OK ]
Starting MeetingPlace License Manager: [ OK ]
Starting MeetingPlace application: [ OK ]
already running
Starting breeze: [ OK ]
Starting fmsmaster: [ OK ]
Starting fmsadmin: [ OK ]
Starting mpe-tomcat-main: bash: /root/.bashrc: Permission denied
[ OK ]
Both the admin and user web interfaces work on the home pages, but can't seem to schedule any new meetings or login to any existing ones, with busy signal as well. Anyone have any ideas? We need assistance with this ASAP since it's our voice collaboration solution. Thanks in advance for any help.Amlesh,
Here is the pertinent output:
/common/log/taos-log-a/core/core.1947.11.ConfSchd.1183266069
/common/log/taos-log-a/core/core.1837.6.gyromain.bin.1183266161
/common/log/taos-log-a/core/core.1859.6.cpgs.1183266206
/common/log/taos-log-a/core/core.1951.11.ConfSchd.1184475669
/common/log/taos-log-a/core/core.1946.11.ConfSchd.1185685269
/common/log/taos-log-a/core/core.1836.6.gyromain.bin.1185685332
/common/log/taos-log-a/core/core.1880.6.cca.1185685452
/common/log/taos-log-a/core/core.1858.6.cpgs.1185685452
/common/log/taos-log-a/core/core.1950.11.ConfSchd.1185771671
/common/log/taos-log-a/core/core.1863.6.cpgs.1185771865
/common/log/taos-log-a/core/core.1884.6.cca.1185771865
/common/log/taos-log-a/core/core.1991.6.nmpagent.1185771865
/common/log/taos-log-a/core/core.1950.11.ConfSchd.1185858067
/common/log/taos-log-a/core/core.1952.11.ConfSchd.1188018079
/common/log/taos-log-a/core/core.1969.11.ConfSchd.1188190869
/common/log/taos-log-a/core/core.2008.6.vui.1188190988
/common/log/taos-log-a/core/core.2029.6.nmpagent.1188190988
/common/log/taos-log-a/core/core.1998.6.poclient.1188190988
/common/log/taos-log-a/core/core.1970.11.ConfSchd.1189227671
/common/log/taos-log-a/core/core.1862.6.gyromain.bin.1189227762
/common/log/taos-log-a/core/core.1883.6.cpgs.1189227807
/common/log/taos-log-a/core/core.1952.11.ConfSchd.1189918866
/common/log/taos-log-a/core/core.1952.11.ConfSchd.1190005281
/common/log/taos-log-a/core/core.1952.11.ConfSchd.1190178068
/common/log/taos-log-a/core/core.1886.6.cca.1190178237
/common/log/taos-log-a/core/core.2012.6.nmpagent.1190178237
/common/log/taos-log-a/core/core.1952.11.ConfSchd.1191906070
/common/log/taos-log-a/core/core.1843.6.gyromain.bin.1191906162
/common/log/taos-log-a/core/core.1886.6.cca.1191906248
/common/log/taos-log-a/core/core.1865.6.cpgs.1191906248
/common/log/taos-log-a/core/core.1950.11.ConfSchd.1192424479
/common/log/taos-log-a/core/core.1842.6.gyromain.bin.1192424571
/common/log/taos-log-a/core/core.1863.6.cpgs.1192424613
/common/log/taos-log-a/core/core.1951.11.ConfSchd.1192597270
/common/log/taos-log-a/core/core.1969.11.ConfSchd.1192683669
/common/log/taos-log-a/core/core.1903.6.cca.1192683817
/common/log/taos-log-a/core/core.1951.11.ConfSchd.1193029270
/common/log/taos-log-a/core/core.1842.6.gyromain.bin.1193029360
/common/log/taos-log-a/core/core.1864.6.cpgs.1193029400
/common/log/taos-log-a/core/core.1952.11.ConfSchd.1193720467
/common/log/taos-log-a/core/core.1843.6.gyromain.bin.1193720565
/common/log/taos-log-a/core/core.1864.6.cpgs.1193720610
/common/log/taos-log-a/core/core.1952.11.ConfSchd.1195452071
/common/log/taos-log-a/core/core.1843.6.gyromain.bin.1195452170
/common/log/taos-log-a/core/core.1864.6.cpgs.1195452213
/common/log/taos-log-a/core/core.1952.11.ConfSchd.1196834481
/common/log/taos-log-a/core/core.1952.11.ConfSchd.1197007273
/common/log/taos-log-a/core/core.1842.6.gyromain.bin.1197007371
/common/log/taos-log-a/core/core.1864.6.cpgs.1197007413
/common/log/taos-log-a/core/core.1952.11.ConfSchd.1198044080
/common/log/taos-log-a/core/core.1843.6.gyromain.bin.1198044184
/common/log/taos-log-a/core/core.1842.6.gyromain.bin.1199858530
My understanding is these core files are crash dumps and are safe to delete?
Jared -
Microsoft sql server extended event log file
Dears
Sorry for my below questions if it is very beginner level.
In my implementation I have cluster SQL 2012 on Windows 2012; I am using MountPoints since I have many Clustered Disks.
My MountPoint Size is only 3 GB; My Extended event log are growing fast and it is storing in the MountPoint Drive directly (Path: F:\MSSQL11.MSSQLSERVER\MSSQL\Log).
What is the best practice to work with it? (is it to keep all Extended events? or recirculate? or to shrink? or to store in DB?)
Is there any relation between SQL truncate and limiting the size of Extended event logs?
How can I recirculate this Extended Events?
How can I change the default path?
How can I stop it?
and in case I stop it, does this means to stop storing SQL event in Windows event Viewer?
Thank youAfter a lot of checking, I have found below:
My Case:
I am having SQL Failover Cluster Instances "FCI" and I am using Mount-Points to store my Instances.
I am having 2 Passive Copies for each FCI.
In my configuration I choose to store the Root Instance which include the logs on Mount-Point.
My Mount Point is 2 GB Only, which became full after few days of deployment.
Light Technical Information:
The Extended Event Logs files are generated Coz I have FCI, in single SQL Installation you will not find this files.
The File Maximum size will be 100 MB.
The Files start circulating after it become 10 Full Files.
If you have the FCI installed as 1 Active 2 Passive, and you are doing failover between the nodes, then you will expect to see around 14 - 30 copy of this file.
Based on above information you will need to have around 100 MB * 10 Files Per Instance copy * 3 Since in my case I have 1 Active and 2 passive instances which will = 3000 MB
So in my case My Mount-Point was 2 GB, which become full coz of this SQLDIAG Logs.
Solution:
I extended my mount point by 3 GB coz I am storing this logs on it.
In case you will need to change SQLDIAG Extended Logs Size to 50 MB for example and place to F:\Logs, then you will need below commands:
ALTER SERVER CONFIGURATION SET DIAGNOSTICS LOG OFF;
ALTER SERVER CONFIGURATION
SET DIAGNOSTICS LOG MAX_SIZE = 50 MB;
ALTER SERVER CONFIGURATION
SET DIAGNOSTICS LOG PATH = 'F:\logs';
ALTER SERVER CONFIGURATION SET DIAGNOSTICS LOG ON;
After that you will need to restart the FCI from SQL Server Configuration Manager or Failover Cluster Manager.
I wish you will find this information helpful if it is your case.
Regards -
Please help me with the following questions with MP 7.
We are planning to implement MP 7 in our network soon.
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
11. What is process for creating temp user Meeting Place user account ? Is there any expiration date I can set for temp user?
12. Come up with a 8 Digit Range Temporary User Profiles Number to be assigned to temp users.
14. Same User with multiple pins - AD is sync up, how do we handle same user with multiple pins?
15. How do we manage scheduled meetings ? : Recurring Meeting?
16. How do we disable all these in the meeting place web page when user logs in to schedule a meeting?
a. Once
b. Daily
c. Bi-Weekly
d. Weekly
e. Monthly by Date
f. Weekdays
17. Do we want to allow user to setup a meeting password when they start a reservationless meeting?
18. How do we manage the international users phone password since they are not integrated with AD? Is there a process we can implement?
19. MP Training Documents/Materials- Cheat sheets Review?
21. Anything we need to review from User Profile Perspective and System Configs?
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}MPE 2.0 is EoS
http://www.cisco.com/en/US/prod/collateral/voicesw/ps6789/ps5664/ps6533/end_of_life_notice_c51-566004.pdf -
Hi,
The current integration is between Avaya and CUCM using SIP Trunk, calling from Avaya to Cisco is working fine, however when the calls originate from the Avaya to Meeting place which uses the SIP trunk between Avaya and CUCM the call does not connect. From the logs I can see that 503 Service unavailable which normally means that the DN is not registered to CUCM.
Is there any specific configuration for integration of Avaya with Meetingplace using CUCM.
Thanks,
VinayFirst verify that the Avaya system is passing the MP number via the SIP trunk to CUCM. Then checked what number the Avaya system is passing and if that number is routed to MP. The Avaya system may be translating the MP phone number so it is not being reconized on the CUCM system.
Maybe you are looking for
-
MacBook Air heats up quickly, is slow, freezes
Hi there. My MBA has recently started acting up -- CPU gets pegged and fan spins up to max with seemingly no load. Freezes on occasion -- just basically sluggish and sickly performance. Report follows. Any advice would be very much appreciated: Probl
-
Need help with an Aforge and windows forms memory stack-up issue
Hello, I am experiencing a strange memory stack-up in my c# windows form program that occurs all the time on slow PCs, and when the windows form loses focus or is otherwise interrupted on faster PCs. The program I have written uses Aforge to get imag
-
SAP Conversion Agent Studio Preview Version
Hi, Does anyone have knowledge about SAP Conversion Agent Studio Preview Version? I've downloaded it from SDN and it says it comes with an Eclipse version, but i doesnt. When i try to point it to my existing Eclipse it says it needs version 2.1.2 oe
-
Re-installation advice, please
Hi all. After installing CS4, shortly after its introduction, everything went well, sort of. The GPU feature wouldn't work with my older graphics card, I think. At least it wasn't one of the tested/supported cards. Then, my D drive (storage and scrat
-
I'm getting this error on a cfgridupdate: Error casting an object of type to an incompatible type. The weird thing is that I only get it on my client machine. Others are using it without the error. It's a simple grid, no date/time. There is one field