SCCM 2012 creates 4732 event logs for 3 of Servers

Similar Messages

• Search event logs for file system access

  I'm looking to create a script that will allow me to search Windows 2012 security event logs for access to specific folders.  Ideally it would allow the granularity to search for read access events (4663) and specify specific users to view.  One
  example would be to show events for drive F:\ where the folder name is JSmith (including subfolders) and the username is not JSmith.
  I've tried something like this, but can't see how to filter.
  Get-EventLog security | ? {$_.Message.contains("F:\JSmith")}

  Is the match explicit?  How can I use wildcard?  How can I exclude events?
  I recommend asking a search engine and doing some initial research. Here's a starter:
  https://technet.microsoft.com/en-us/library/hh849682.aspx
  http://blogs.msdn.com/b/powershell/archive/2009/06/11/windows-event-log-in-powershell-part-ii.aspx
  http://blogs.technet.com/b/ashleymcglone/archive/2013/08/28/powershell-get-winevent-xml-madness-getting-details-from-event-logs.aspx
  http://blogs.technet.com/b/heyscriptingguy/archive/2011/01/24/use-powershell-cmdlet-to-filter-event-log-for-easy-parsing.aspx
  https://richardspowershellblog.wordpress.com/2009/03/08/get-winevent/
  Don't retire TechNet! -
  (Don't give up yet - 13,225+ strong and growing)

• The Data Access service is either not running or not yet initialized. Check the event log for more information

  Hi,
  I have SCSM with remote SQL and the SCSM Management server give below error
  Message: Failed to connect to server ‘Name of Server’
  Microsoft.EnterpriseManagement.Common.ServiceNotRunningException: The Data Access service is either not running or not yet initialized. Check the event log for more information. —> System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://ServerName:5724/DispatcherService.
  The connection attempt lasted for a time span of 00:00:04.0070932. TCP error code 10061: No connection could be made because the target machine actively refused it IPAddress:5724.  —> System.Net.Sockets.SocketException: No connection could be made
  because the target machine actively refused it IPAddress:5724
  I had try to restart SQL & MS with same error,
  Also i had try the following
  https://social.technet.microsoft.com/Forums/systemcenter/en-US/c670d54d-3a92-481f-8dc9-55c475ad196f/problems-with-data-access-service-after-rebooting
  https://social.technet.microsoft.com/Forums/systemcenter/en-US/26dc1d5c-fa82-403f-8949-3073f3b82a60/the-data-access-service-is-either-not-running-or-not-yet-initialized
  Not help meRegards

  I had same error before 
  below steps to solve it
  Make sure SQL Server Running & ServiceManager Database not full
  Stop All SCSM Services,
             System Center Management Configuration
     Microsoft System Center Data Access Service.
     Microsoft Monitoring Agent
  Rename Health Service State to Health Service State_old --- @ "C:\Program Files\Microsoft System Center 2012 R2\Service Manager"
  Start SCSM Services
      Microsoft Monitoring Agent
             System Center Management Configuration
     Microsoft System Center Data Access Service.
  Wait 2 min...
  check Event Viewer... 
  hope this help you.
  Regards, Ibrahim Hamdy

• Error starting the Planning application, review the event log for details

  We are using the Hyperion Demo and there was a problem suddenly cropped up.
  While rebooting the system error is displayed saying - Atleast one of the driver is not installed.
  VMware is used to access the Hyperion Demo and when Planning application is started it gives the following error:
  Error starting the Planning application, review the event log for details
  We were using this Demo from some weeks and was able to access the workspace and others but from few days this issue is faced.
  Immediate response is highly appreciated as we are planning for a user demo in the weekend.
  Thanks,
  Ravi Kanth

  Hi Nofog / Goodwin,
  OLDAP is not running.
  Following errors are displayed:
  When VMWare is restarted: At least one service or driver failed during system startup. Use Event viewer to examine the Event log for details.
  OpenLDAP: Windows could not start the hyperion S9 OpenLDAP on Local Computer. For more information review the system even log. If this is not the microsoft service contact the service vendor, and refer to service specific code 21.
  Event log: The Hyperion S9 OpenLDAP service terminated with service - specific - erro 21 (0x15).
  Please let me know your email ids so that to send the screen shots.
  Thanks,
  Ravi

• Create an Event log entry in Event Viewer in Windows 7, when processor exceeds a set percentage of usage

  Hi, I am trying to create an Event log entry in Event viewer in Windows 7 when the processor exceeds a set percentage of usage. I have unsuccessfully tried doing this through a Data Collection Set in the User Defined folder to monitor CPU usage
  and to trigger an Alert and log an entry when the CPU exceeds a set percentage of usage.  Any suggestions, and please if possible keep them simple and easy to follow, I am not to familar with Windows 7.  

  Hi, I am trying to create an Event log entry in Event viewer in Windows 7 when the processor exceeds a set percentage of usage. I have unsuccessfully tried doing this through a Data Collection Set in the User Defined folder to monitor CPU usage
  and to trigger an Alert and log an entry when the CPU exceeds a set percentage of usage.  Any suggestions, and please if possible keep them simple and easy to follow, I am not to familar with Windows 7.  

• [Server 2008R2] Filter event logs for logged in users from clients on domain

  Hi All,
  I am looking for a script which can be run on a domain controller to check which user accounts logged in on the domain. I am looking for both the username and client. Reason why I need this is to check where service accounts are used.
  Thanks.
  Kind regards,
  Bart
  Bart Timmermans | Consultant at inovativ
  Follow me @
  My Blog | Linkedin |
  Twitter
  Please mark as Answer, if my post answers your Question. Vote as Helpful, if it is helpful to you.

  Hi Bart,
  To parse the event log, you can refer to the cmdlet "Get-WinEvent", and how to use this cmdlet to parse event log, please check this article, you can also add the "-computername" to query event log from remote computers:
  Use PowerShell Cmdlet to Filter Event Log for Easy Parsing
  To monitor the logon history, please check this function to start:
  function Get-Win7LogonHistory {
  $logons = Get-EventLog Security -AsBaseObject -InstanceId 4624,4647 |
  Where-Object { ($_.InstanceId -eq 4647) -or (($_.InstanceId -eq 4624) -and ($_.Message -match "Logon Type:\s+2")) -or (($_.InstanceId -eq 4624) -and ($_.Message -match "Logon Type:\s+10")) }
  $poweroffs = Get-EventLog System -AsBaseObject -InstanceId 41
  $events = $logons + $poweroffs | Sort-Object TimeGenerated
  if ($events) {
  foreach($event in $events) {
  # Parse logon data from the Event.
  if ($event.InstanceId -eq 4624) {
  # A user logged on.
  $action = 'logon'
  $event.Message -match "Logon Type:\s+(\d+)" | Out-Null
  $logonTypeNum = $matches[1]
  # Determine logon type.
  if ($logonTypeNum -eq 2) {
  $logonType = 'console'
  } elseif ($logonTypeNum -eq 10) {
  $logonType = 'remote'
  } else {
  $logonType = 'other'
  # Determine user.
  if ($event.message -match "New Logon:\s*Security ID:\s*.*\s*Account Name:\s*(\w+)") {
  $user = $matches[1]
  } else {
  $index = $event.index
  Write-Warning "Unable to parse Security log Event. Malformed entry? Index: $index"
  } elseif ($event.InstanceId -eq 4647) {
  # A user logged off.
  $action = 'logoff'
  $logonType = $null
  # Determine user.
  if ($event.message -match "Subject:\s*Security ID:\s*.*\s*Account Name:\s*(\w+)") {
  $user = $matches[1]
  } else {
  $index = $event.index
  Write-Warning "Unable to parse Security log Event. Malformed entry? Index: $index"
  } elseif ($event.InstanceId -eq 41) {
  # The computer crashed.
  $action = 'logoff'
  $logonType = $null
  $user = '*'
  # As long as we managed to parse the Event, print output.
  if ($user) {
  $timeStamp = Get-Date $event.TimeGenerated
  $output = New-Object -Type PSCustomObject
  Add-Member -MemberType NoteProperty -Name 'UserName' -Value $user -InputObject $output
  Add-Member -MemberType NoteProperty -Name 'ComputerName' -Value $env:computername -InputObject $output
  Add-Member -MemberType NoteProperty -Name 'Action' -Value $action -InputObject $output
  Add-Member -MemberType NoteProperty -Name 'LogonType' -Value $logonType -InputObject $output
  Add-Member -MemberType NoteProperty -Name 'TimeStamp' -Value $timeStamp -InputObject $output
  Write-Output $output
  } else {
  Write-Host "No recent logon/logoff events."
  Get-Win7LogonHistory
  Refer to:
  https://github.com/pdxcat/Get-LogonHistory/blob/master/Get-LogonHistory.ps1
  If there is anything else regarding this issue, please feel free to post back.
  If you have any feedback on our support, please click here.
  Best Regards,
  Anna Wang
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• SCCM 2012 Secondary site Client Communication for SUP

   Hi,
  We have an SCCM 2012 Setup and here is the design CAS-->Primary-->Secondary site servers.
  SUP is configured for Secondary site too. Boundaries are defined with IP Address Range and is proper.
  Some clients are comminicating to Secondary site for updates. Downloading successfully and installing the software.
  But some of the clients are communicating to primary site for updates and retain with the status "Downloading update"
  I have checked the locationservices.log and it is fluctuating between Primary and secondary MP.
  2 proxy MP errors in the last 10 minutes, threshold is 5. LocationServices 4/5/2013 11:35:59 AM 768 (0x0300)
  Executing Task LSSiteRoleCycleTask LocationServices 4/5/2013 11:51:59 AM 4200 (0x1068)
  1 proxy MP errors in the last 10 minutes, threshold is 5. LocationServices 4/5/2013 11:51:59 AM 4200 (0x1068)
  Executing Task LSSiteRoleCycleTask LocationServices 4/5/2013 11:51:59 AM 5648 (0x1610)
  2 proxy MP errors in the last 10 minutes, threshold is 5. LocationServices 4/5/2013 11:51:59 AM 5648 (0x1610)
  I have also checed "DataTransferService.log" and found more errors.
  Error retrieving manifest (0x800704cf).  Will attempt retry 7 in 1920 seconds. DataTransferService 4/5/2013 11:51:59 AM 5576 (0x15C8)
  DTSJob {141CB5AE-8EF2-464D-8D8C-68B868EE7F7B} in state 'DownloadingManifest'. DataTransferService 4/5/2013 11:51:59 AM 4200 (0x1068)
  Failed to send request to /SMS_DP_SMSPKG$/1fd86ee1-ece0-41ae-a2b8-5a2b305746d4 at host xxxxxxxx.xxxxxxx.com, error 0x2efe DataTransferService 4/5/2013 11:51:59 AM 4200 (0x1068)
  [CCMHTTP] ERROR: URL=https://xxxxxxxx.xxxxxxx.com:443/SMS_DP_SMSPKG$/1fd86ee1-ece0-41ae-a2b8-5a2b305746d4, Port=443, Options=192, Code=12030, Text=ERROR_WINHTTP_CONNECTION_ERROR DataTransferService 4/5/2013 11:51:59 AM 4200 (0x1068)
  Raising event:
  instance of CCM_CcmHttp_Status
   ClientID = "GUID:0DA907D5-1709-4B10-B627-61E289FD7149";
   DateTime = "20130405062159.643000+000";
   HostName = "xxxxxxxx.xxxxxxx.com";
   HRESULT = "0x80072efe";
   ProcessID = 4260;
   StatusCode = 600;
   ThreadID = 4200;
   DataTransferService 4/5/2013 11:51:59 AM 4200 (0x1068)
  Successfully sent location services HTTPS failure message. DataTransferService 4/5/2013 11:51:59 AM 4200 (0x1068)
  Error sending DAV request. HTTP code 600, status '' DataTransferService 4/5/2013 11:51:59 AM 4200 (0x1068)
  GetDirectoryList_HTTP mapping original error 0x80072efe to 0x800704cf. DataTransferService 4/5/2013 11:51:59 AM 4200 (0x1068)
  GetDirectoryList_HTTP('https://xxxxxxxx.xxxxxxx.com:443/SMS_DP_SMSPKG$/1fd86ee1-ece0-41ae-a2b8-5a2b305746d4') failed with code 0x800704cf. DataTransferService 4/5/2013 11:51:59 AM 4200 (0x1068)
  Error retrieving manifest (0x800704cf).  Will attempt retry 7 in 1920 seconds. DataTransferService 4/5/2013 11:51:59 AM 4200 (0x1068)
  my query is how some of the clients are communicating primary site server for updates even though the boundary details are properly configured and Secondary site is configured with sup. Also need to know (as per the log "DataTransferService.log")how
  come the clients are communicating SSL port for updates. Plz help in resolving the issue.

  Hi Kent,
  Thanks for the reply.
  Primary and secondary sites are connected over WAN and we have around 2000 clients which are reporting to Secondary site.
  Considering the WAN bandwidth utiliztaion and number of clients on secondary site we have configured the SUP role.
  Not all the clients are with the above error message around 40%-50% of the clients are with above stated error message.
  Plz let me know what is the error message indicates and do we need to reffer any other logs for indepth analysis.
  Locationservices.log is with fluctuating connectivity
  2 proxy MP errors in the last 10 minutes, threshold is 5. LocationServices 4/5/2013 11:35:59 AM 768 (0x0300)
  Executing Task LSSiteRoleCycleTask LocationServices 4/5/2013 11:51:59 AM 4200 (0x1068)
  1 proxy MP errors in the last 10 minutes, threshold is 5. LocationServices 4/5/2013 11:51:59 AM 4200 (0x1068)
  Executing Task LSSiteRoleCycleTask LocationServices 4/5/2013 11:51:59 AM 5648 (0x1610)
  2 proxy MP errors in the last 10 minutes, threshold is 5. LocationServices 4/5/2013 11:51:59 AM 5648 (0x1610)
  how come the clients are communicating SSL port for updates. Plz help in resolving the issue.

• Recommended SCCM 2012 R2 Minimum Hardware Requirements For Small Environment?

  We plan to deploy SCCM 2012 R2  CU1 and SQL 2012 SP2 for the following purposes and want to use the minimum hardware to do the job reliably:
  Keep reports on hardware and software inventory and monitor performance and events on clients and servers. 
  Deploy operating systems with MDT integration.
  Install and uninstall applications on clients on the local LAN (as replacement for GPO software installation during reboots) as well remote laptops on the Internet (we do not have Direct Access do not have Direct Access and do not want to depend on remote
  laptops needing to being logged into VPN to reach them).
  Install Windows Updates and third party patches and updates (Adobe/Java updates etc.) on local LAN as well as to remote laptops on the Internet.
  We only have about 500 clients.  80 percent are on the local LAN all in one building and the rest are laptops for people working on the road and at home who only sporadically connect to VPN.
  Can we do it all on one server or will we need a separate server for LAN clients and a different server in the DMZ to reach remote clients?
  Will we need separate disks for OS, SCCM and SQL with such a small environment or can it be all on a single physical disk or VM VHD?
  Is 8GB RAM, 1 CPU and 500GB disk space enough for this (assuming 50 GB WSUS database and similar amount is OS deployment space for MDT)?

  It will work, no doubt. My point was that if you want fast and responsive system, focus on the disk speed. You're good to go with single server, all in the same box.
  I understand that it will "work" because I just installed SCCM 2012R2 and SQL 2012 CU10 in a lab in a VM using a single VHD and it is working fine with zero clients.
  Should it still work with reasonable performance on a fast hard drive (10-15K drive or SSD) with 500 clients without having to break it out into separate dedicated disks for OS, page file, SCCM, SQL and logs?

• SCCM 2012: enable powershell execution policy for SCCM 2012 console

  Hi,
  I always get stuck settings up the remote sccm 2012 powershell (cd psdrive sitecode:). Maybe not a real sccm 2012 question but Powershell but wonder what steps you take to make it work (it works on our production environment, setting up in a lab always gives
  me headaches, will defintely write the solution down this time :-)).
  Please advise what the steps are in configuring remote powershell for SCCM 2012.
  1.my personal account "Myuser" has admin-rights in sccm 2012
  2.I can open Powershell logged on to the sccm 2012 server then opening sccm 2012 console, connect via powershell
  3.however, when I connect remote to the sccm server, I get the error:
  . : File C:\Users\Myuser\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 cannot be loaded. The file C:\Use
  rs\MyUser\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 is not digitally signed. You cannot run this scr
  ipt on the current system. For more information about running scripts and setting execution policy, see about_Execution
  _Policies at http://go.microsoft.com/fwlink/?LinkID=135170.
  4.So I connect to the sccm-server and ask for the execution policy to unrestricted, I get this:
  set-executionpolicy unrestricted
  [Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): y
  Set-ExecutionPolicy : Windows PowerShell updated your execution policy successf
  ully, but the setting is overridden by a policy defined at a more specific scope
  There is no policy which sets any powershell configs.
  Please advise.
  J.
  Jan Hoedt

  Those client settings are only for the actions performed by the ConfigMgr client. Normal PowerShell actions are restricted to the configured execution policy on the machine.
  Have a look at this post:
  http://blogs.msdn.com/b/pasen/archive/2011/12/07/set-executionpolicy-windows-powershell-updated-your-execution-policy-successfully-but-the-setting-is-overridden-by-a-policy-defined-at-a-more-specific-scope.aspx
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Sccm 2012 create report from recently installed software on clients

  As stated in this thread for 2007. Has anyone had any luck with this type of report in 2012?
  http://social.technet.microsoft.com/Forums/en-US/fecbe492-6d9d-4a8e-8d6d-ac12b3364b32/sccm-2007-create-report-from-recently-installed-software-on-clients?forum=configmgrreporting

  As stated in this thread for 2007. Has anyone had any luck with this type of report in 2012?
  http://social.technet.microsoft.com/Forums/en-US/fecbe492-6d9d-4a8e-8d6d-ac12b3364b32/sccm-2007-create-report-from-recently-installed-software-on-clients?forum=configmgrreporting
  It worked perfectly in CM12. What is the problem?
  http://www.enhansoft.com/

• How do I create an Event Handler for an Execute SQL Task in SSIS if its result set is empty

  So the precedence on my entire package executing is based on my first SELECT of my Table and an updatable column. If that SELECT results in an empty result set, how do I create an Event Handler to handle an empty result set?
  A Newbie to SSIS.
  I appreciate your review and am hopeful for a reply.
  PSULionRP

  Depends upon what you want to do in the eventhandler. this is what you can do
  Store the result set from the Select to a user variable.
  Pass this user variable to a Script task.
  In the Script task do whatever you want to do including failing the package this can be done by failing the script task, which in turns fails the package. something like
  Dts.TaskResult = Dts.Results.Failure
  Abhinav http://bishtabhinav.wordpress.com/

• Home Hub 3 - no event log for a month

  I tried and failed to access the Hub Manager home page yesterday.
  I tried several PCs / operating systems / browsers without success.
  Eventually, I rebooted the router and managed to access the page.
  Having logged in I found that no entries had been added to the event log since the early hours of November 18th (just over a month ago) although the broadband has been working fine.
  Has anybody else had similar experiences? As a generally paranoid individual I am not too happy that there are missing event log items!!
  Thanks
  Brian

  Hi oldbak,
  Is this issue still apparent? Have you tried resetting the hub?
  Chris
  BT Mod team
  If you like a post, or want to say thanks for a helpful answer, please click on the Ratings star on the left-hand side of the post.
  If someone answers your question correctly please let other members know by clicking on ’Mark as Accepted Solution’.

• SCCM 2012 R2 MP Registation log error "Rejecting the registration request because Agent Type is ISV Proxy (4). This Agent Type is no longer supported."

  Any idea what this message is trying to tell me? ISV Proxy Client Registrations ad worked fine in SCCM 2012 prior to R2.  This message in the title is present in MP_RegistrationManager.log.  The ISV Proxy Certificate lists as "unblocked". 
  If this is true, then that was a pretty sleathy move to remove this support.
  BAE

  Hi BEnsinger,
  You should set your proxy agent type = 8.  Everything should work correctly if you do.  The change wasn't intended to be a "stealthy" move. 
   This was originally documented in in ConfigMgr 2007 and remains the same in ConfigMgr 2012:
  http://msdn.microsoft.com/en-us/library/cc146744.aspx
  The error text may be a little odd - but I'm assuming you're actually registering a client, and according to the SDK docs, you should be using type = 8. 
  Dave Randall [MSFT]
  - Dave

• SCCM 2012 R2 OS: central logging?

  Hi,
  We would like to have OSD logfiles in a central shared location instead on the pc itself.
  This way we can find out issues without having to dig into the machine (when machine is down, blue screen ...).
  J.
  Jan Hoedt

  This is what I was looking for, great article: http://schadda.blogspot.be/2012/01/sccm-2012-how-to-catch-errors-in-task.html
  Jan Hoedt
  This is basically the same as the MDT (CM integrated) task sequences already provide out of the box.
  Torsten Meringer | http://www.mssccmfaq.de

• Event log for events from function module BP_EVENT_RAISE

  Hello experts,
  where can I look at the event log which where raised with the
  function modul BP_EVENT_RAISE.
  Thanks.
  Regards, Lars.

  this function module does not write a log by itself. and actually i would not know what should be in that log. usually you set up an event to trigger a follow-up process, so there's either the event was successfully triggered and your follow-up process has been started ... or it hasn't, which means: something went wrong ...
  Edited by: Mylene Euridice Dorias on Apr 16, 2008 10:42 AM
  i was just sap-netting with your problem and i found note [919458|https://websmp230.sap-ag.de/sap(bD1kZSZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=919458&nlang=EN&smpsrv=https%3a%2f%2fwebsmp205%2esap-ag%2ede] where they use program BTC_EVENT_RAISE instead of BP_EVENT_RAISE. the note says this program writes at least a line in the job-log so it might fulfill your requirements ...