[solved] No sound and AMD-Vi: Event logged
Hello,
Today I started to migrate my HTPC from openElec to Arch Linux since several things started to annoy me.
For now, I have made a fresh install and installed XBMC but I can't get audio. It is a AMD setup and has an Asus Xonar XD PCIe card installed. Integrated HD Audio is disabled.
The user xbmc is in the audio group and when I ssh into the HTPC and try to play a file with aplay I get tons of these on the TV:
[ 46.215678] AMD-Vi: Event logged [IO_PAGE_FAULT device=02:00.0 domain=0x0000 address=0x0000000000100000 flags=0x0050]
Channels are unmuted and I priorized the output with the following alsa-base.conf:
options snd slots=snd_virtuoso
options snd_virtuoso index=0
Alsamixer shows the desired sound card as default.
xbmc@xbmc ~ % LANG= aplay -l
**** List of PLAYBACK Hardware Devices ****
card 0: DX [Xonar DX], device 0: Multichannel [Multichannel]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 0: DX [Xonar DX], device 1: Digital [Digital]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 1: HDMI [HDA ATI HDMI], device 3: HDMI 0 [HDMI 0]
Subdevices: 1/1
Subdevice #0: subdevice #0
xbmc@xbmc ~ % aplay -L
null
Discard all samples (playback) or generate zero samples (capture)
default:CARD=DX
Xonar DX, Multichannel
Default Audio Device
sysdefault:CARD=DX
Xonar DX, Multichannel
Default Audio Device
front:CARD=DX,DEV=0
Xonar DX, Multichannel
Front speakers
surround40:CARD=DX,DEV=0
Xonar DX, Multichannel
4.0 Surround output to Front and Rear speakers
surround41:CARD=DX,DEV=0
Xonar DX, Multichannel
4.1 Surround output to Front, Rear and Subwoofer speakers
surround50:CARD=DX,DEV=0
Xonar DX, Multichannel
5.0 Surround output to Front, Center and Rear speakers
surround51:CARD=DX,DEV=0
Xonar DX, Multichannel
5.1 Surround output to Front, Center, Rear and Subwoofer speakers
surround71:CARD=DX,DEV=0
Xonar DX, Multichannel
7.1 Surround output to Front, Center, Side, Rear and Woofer speakers
iec958:CARD=DX,DEV=0
Xonar DX, Multichannel
IEC958 (S/PDIF) Digital Audio Output
hdmi:CARD=HDMI,DEV=0
HDA ATI HDMI, HDMI 0
HDMI Audio Output
Setting iommu=pt as suggested here did not do any trick...
Does anyone here have a hint of what can be wrong?
Maybe this is interesting, too. The device, the AMD-Vi-Event refers to, is the mentioned sound card.
xbmc@xbmc ~ % lspci
00:00.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 15h (Models 10h-1fh) Processor Root Complex
00:00.2 IOMMU: Advanced Micro Devices, Inc. [AMD] Family 15h (Models 10h-1fh) I/O Memory Management Unit
00:01.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Trinity [Radeon HD 7480D]
00:01.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Trinity HDMI Audio Controller
00:02.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] Family 15h (Models 10h-1fh) Processor Root Port
00:04.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] Family 15h (Models 10h-1fh) Processor Root Port
00:10.0 USB controller: Advanced Micro Devices, Inc. [AMD] FCH USB XHCI Controller (rev 03)
00:10.1 USB controller: Advanced Micro Devices, Inc. [AMD] FCH USB XHCI Controller (rev 03)
00:11.0 SATA controller: Advanced Micro Devices, Inc. [AMD] FCH SATA Controller [AHCI mode] (rev 40)
00:12.0 USB controller: Advanced Micro Devices, Inc. [AMD] FCH USB OHCI Controller (rev 11)
00:12.2 USB controller: Advanced Micro Devices, Inc. [AMD] FCH USB EHCI Controller (rev 11)
00:13.0 USB controller: Advanced Micro Devices, Inc. [AMD] FCH USB OHCI Controller (rev 11)
00:13.2 USB controller: Advanced Micro Devices, Inc. [AMD] FCH USB EHCI Controller (rev 11)
00:14.0 SMBus: Advanced Micro Devices, Inc. [AMD] FCH SMBus Controller (rev 14)
00:14.2 Audio device: Advanced Micro Devices, Inc. [AMD] FCH Azalia Controller (rev 01)
00:14.3 ISA bridge: Advanced Micro Devices, Inc. [AMD] FCH LPC Bridge (rev 11)
00:14.4 PCI bridge: Advanced Micro Devices, Inc. [AMD] FCH PCI Bridge (rev 40)
00:14.5 USB controller: Advanced Micro Devices, Inc. [AMD] FCH USB OHCI Controller (rev 11)
00:18.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 15h (Models 10h-1fh) Processor Function 0
00:18.1 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 15h (Models 10h-1fh) Processor Function 1
00:18.2 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 15h (Models 10h-1fh) Processor Function 2
00:18.3 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 15h (Models 10h-1fh) Processor Function 3
00:18.4 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 15h (Models 10h-1fh) Processor Function 4
00:18.5 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 15h (Models 10h-1fh) Processor Function 5
01:00.0 PCI bridge: PLX Technology, Inc. PEX8112 x1 Lane PCI Express-to-PCI Bridge (rev aa)
02:04.0 Multimedia audio controller: C-Media Electronics Inc CMI8788 [Oxygen HD Audio]
03:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168 PCI Express Gigabit Ethernet controller (rev 06)
Last edited by And1G (2013-08-20 13:43:11)
Can't anyone help on this one? I just checked with a Fedora 19 Live image (Kernel 3.9.5) and I get the same error messages in dmesg as in this Arch installation, also no audio.
I believe the problem here might not be directly audio related, but where could I search for the cause?
Also, I don't really think it's a hardware failure since audio is working nice with openElec (using Kernel 3.10, if I remember that right)...
Edit: So I've set up openELEC to boot (over PXE, so I don't have to reinstall everything) and sound is working out of the box. Here is some data for comparison to the above statements from the Arch system:
xbmc:~ # cat /proc/cmdline
root=/dev/ram0 rdinit=/init BOOT_IMAGE=openelec/KERNEL ip=dhcp boot=NFS=192.168.178.20:/srv/nfs/openelec disk=NFS=192.168.178.20:/srv/nfs/openelec overlay
xbmc:~ # uname -r
3.10.5
xbmc:~ # lspci
00:00.0 Host bridge: Advanced Micro Devices [AMD] Family 15h (Models 10h-1fh) Processor Root Complex
00:00.2 IOMMU: Advanced Micro Devices [AMD] Family 15h (Models 10h-1fh) I/O Memory Management Unit
00:01.0 VGA compatible controller: Advanced Micro Devices [AMD] nee ATI Device 9993
00:01.1 Audio device: Advanced Micro Devices [AMD] nee ATI Device 9902
00:02.0 PCI bridge: Advanced Micro Devices [AMD] Family 15h (Models 10h-1fh) Processor Root Port
00:04.0 PCI bridge: Advanced Micro Devices [AMD] Family 15h (Models 10h-1fh) Processor Root Port
00:10.0 USB controller: Advanced Micro Devices [AMD] Hudson USB XHCI Controller (rev 03)
00:10.1 USB controller: Advanced Micro Devices [AMD] Hudson USB XHCI Controller (rev 03)
00:11.0 SATA controller: Advanced Micro Devices [AMD] Hudson SATA Controller [AHCI mode] (rev 40)
00:12.0 USB controller: Advanced Micro Devices [AMD] Hudson USB OHCI Controller (rev 11)
00:12.2 USB controller: Advanced Micro Devices [AMD] Hudson USB EHCI Controller (rev 11)
00:13.0 USB controller: Advanced Micro Devices [AMD] Hudson USB OHCI Controller (rev 11)
00:13.2 USB controller: Advanced Micro Devices [AMD] Hudson USB EHCI Controller (rev 11)
00:14.0 SMBus: Advanced Micro Devices [AMD] Hudson SMBus Controller (rev 14)
00:14.2 Audio device: Advanced Micro Devices [AMD] Hudson Azalia Controller (rev 01)
00:14.3 ISA bridge: Advanced Micro Devices [AMD] Hudson LPC Bridge (rev 11)
00:14.4 PCI bridge: Advanced Micro Devices [AMD] Hudson PCI Bridge (rev 40)
00:14.5 USB controller: Advanced Micro Devices [AMD] Hudson USB OHCI Controller (rev 11)
00:18.0 Host bridge: Advanced Micro Devices [AMD] Family 15h (Models 10h-1fh) Processor Function 0
00:18.1 Host bridge: Advanced Micro Devices [AMD] Family 15h (Models 10h-1fh) Processor Function 1
00:18.2 Host bridge: Advanced Micro Devices [AMD] Family 15h (Models 10h-1fh) Processor Function 2
00:18.3 Host bridge: Advanced Micro Devices [AMD] Family 15h (Models 10h-1fh) Processor Function 3
00:18.4 Host bridge: Advanced Micro Devices [AMD] Family 15h (Models 10h-1fh) Processor Function 4
00:18.5 Host bridge: Advanced Micro Devices [AMD] Family 15h (Models 10h-1fh) Processor Function 5
01:00.0 PCI bridge: PLX Technology, Inc. PEX8112 x1 Lane PCI Express-to-PCI Bridge (rev aa)
02:04.0 Multimedia audio controller: C-Media Electronics Inc CMI8788 [Oxygen HD Audio]
03:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 06)
xbmc:~ # aplay -l
**** List of PLAYBACK Hardware Devices ****
card 0: DX [Xonar DX], device 0: Multichannel [Multichannel]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 0: DX [Xonar DX], device 1: Digital [Digital]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 1: HDMI [HDA ATI HDMI], device 3: HDMI 0 [HDMI 0]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 2: Generic [HD-Audio Generic], device 0: ALC887-VD Analog [ALC887-VD Analog]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 2: Generic [HD-Audio Generic], device 1: ALC887-VD Digital [ALC887-VD Digital]
Subdevices: 1/1
Subdevice #0: subdevice #0
xbmc:~ # aplay -L
null
Discard all samples (playback) or generate zero samples (capture)
default:CARD=DX
Xonar DX, Multichannel
Default Audio Device
sysdefault:CARD=DX
Xonar DX, Multichannel
Default Audio Device
front:CARD=DX,DEV=0
Xonar DX, Multichannel
Front speakers
surround40:CARD=DX,DEV=0
Xonar DX, Multichannel
4.0 Surround output to Front and Rear speakers
surround41:CARD=DX,DEV=0
Xonar DX, Multichannel
4.1 Surround output to Front, Rear and Subwoofer speakers
surround50:CARD=DX,DEV=0
Xonar DX, Multichannel
5.0 Surround output to Front, Center and Rear speakers
surround51:CARD=DX,DEV=0
Xonar DX, Multichannel
5.1 Surround output to Front, Center, Rear and Subwoofer speakers
surround71:CARD=DX,DEV=0
Xonar DX, Multichannel
7.1 Surround output to Front, Center, Side, Rear and Woofer speakers
iec958:CARD=DX,DEV=0
Xonar DX, Multichannel
IEC958 (S/PDIF) Digital Audio Output
hdmi:CARD=HDMI,DEV=0
HDA ATI HDMI, HDMI 0
HDMI Audio Output
default:CARD=Generic
HD-Audio Generic, ALC887-VD Analog
Default Audio Device
sysdefault:CARD=Generic
HD-Audio Generic, ALC887-VD Analog
Default Audio Device
front:CARD=Generic,DEV=0
HD-Audio Generic, ALC887-VD Analog
Front speakers
surround40:CARD=Generic,DEV=0
HD-Audio Generic, ALC887-VD Analog
4.0 Surround output to Front and Rear speakers
surround41:CARD=Generic,DEV=0
HD-Audio Generic, ALC887-VD Analog
4.1 Surround output to Front, Rear and Subwoofer speakers
surround50:CARD=Generic,DEV=0
HD-Audio Generic, ALC887-VD Analog
5.0 Surround output to Front, Center and Rear speakers
surround51:CARD=Generic,DEV=0
HD-Audio Generic, ALC887-VD Analog
5.1 Surround output to Front, Center, Rear and Subwoofer speakers
surround71:CARD=Generic,DEV=0
HD-Audio Generic, ALC887-VD Analog
7.1 Surround output to Front, Center, Side, Rear and Woofer speakers
iec958:CARD=Generic,DEV=0
HD-Audio Generic, ALC887-VD Digital
IEC958 (S/PDIF) Digital Audio Output
Not a single one of these AMD-Vi Events is in the dmesg output.
Does anyone have a clue on how I could figure out if they installed uncommon patches or use weird parameters to get all this running?
Edit #2:
So I've searched through some of these odd IOMMU options and found this: https://www.kernel.org/doc/Documentatio … ptions.txt
I tried iommu=soft as a kernel parameter and I get audio output and the AMD-Vi Events are no longer present. But can anyone explain to me what exactly I have done here? Using a "software bounce buffering" seems weird to me if I have some hardware present, that can do such things (The IOMMU, I assume)...
Since this really does not look like only audio-related problem, can someone perhaps move the thread to the right place. Although I'm not quite sure which this will be.
Last edited by And1G (2013-08-19 22:12:20)
Similar Messages
-
Allow Non-Administrator accounts to create event sources and write to event logs
We are setting up BizTalk 2013 in Windows Server 2012 and one of the requirements is to allow the service account to create sources and write in event logs (Application) of the BizTalk servers. We have found what it seems to be a simple solution for this
without giving service accounts local admin rights.
Give Full control for the following registry keys to the service accounts or groups to allow creating of event sources and write to event logs:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security
Note: when changing permissions for EventLog key, the child keys will inherit the permissions by default except Security key which must be done manually.
Initial tests using a .net test app seems to work as expected. New event sources are being created in the event logs and writing to the event logs after that works perfectly.
The above method has been deployed in production and this is the most suitable solution for us.Hi Keong6806,
Thanks a lot for posting and sharing here.
Do you have any other questions regarding this topic? If not I would change the type as 'Discussion' then.
Best Regards,
Elaine
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Battery drain and error in event log!!!
So I recently got a curve 9360, but battery life wasn't the 1 and a half days I expected. Doesn't last more than 5 hrs on normal use, and it falls drastically when doing slightly heavy work like now, bridged to my PlayBook like now, it turns of radio at about 30% then blacks out in under 5 minutes. So i did some digging around and most people said it was the OS, so I downloaded the os that most people say fixed there curve's, got a response for 7.1.0.190 and 7.1.0.258, bug still no difference. Out of curiosity I checked my event long and found this error ,
Name: System
Severity: Error
GUID: 97c9f5f641d25e5f
Time: "the date and time shown"
JVM:INFOp=mypin,a='7.1.0.190',o='9.6.0.24',h=e001507
So when I changed the os to 7.1.0.190, still got the same error and it's always at the top of the event log so am guess its what's causing the battery drain. Changed batteries, and wiped the OS and reinstalled but no solution.
Any help people!Hi,
The Certificate Chain you installed on the FE server did not have "Enable all purposes for this certificat" enabled.
Run MMC--Add\Remove Snap-ins--certificates--Local Computer--Trusted Root Certificate Authorities--Certificates, find the certificate chain you installed--Properties--General, check the "Enable all purposes for this certificate".
Restart Lync FE server and check the problem is solved.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
Oh, I'm on my phone because if the problem, so I put the whole question in the title. But, the problem is that my computer acts like I've got the alt key down I start up, and gives me an error sound when I hit certain keys (e i, u, and a few othes) so I can't log in. Help?
You showed a kernel panic file from OS X, apprantly Log Me In is installed into OS X or running when you log in.
You should be using the developers installer/unistaller to remove Log Me In from OS X.
Somehow it's in OS X, I don't know, but it's there and you need to remove it. I'm not dealing with Windows, just OS X.
Talk to Log Me In people and find out what is installed where so you can do a manual deletion out of OS X.
If that doesn't work, you have to reboot holding the Shift key down manually search for any Log Me In or Himachi files on your computer, in your System/Library/Extensions folder too, use the free Easy Find.
https://s3.amazonaws.com/DTWebsiteSupport/download/freeware/easyfind/4.9/EasyFin d.app.zip -
[SOLVED]Are X11 and AMD catalyst drivers friends again?
last time i installed linux on my laptop X11 had dropped support fro amd catalyst drivers (proprietary video card drivers), did amd do something about it? did X11 team reconsider? can i use the catalyst drivers on X11 again now? my laptop and it's stupid APU or "dual graphics" aren't playing so nice with the open source radeon drivers.
Last edited by rabcor (2013-06-20 19:16:00)If wine supported skype, i would be more dead set on using linux than using the amd proprietary drivers.
The reason this isn't a big deal to me is mostly because i only use this laptop for 3 things, regardless of OS. Teamspeak 3, Skype, Playing Videos.
I have it set up on a dual boot because neither windows nor linux seem to be reliable on this laptop, the reason is hardware-side, this APU is driving me nuts.
The reason i'm having problems with the radeon drivers is that even if i set my computer to disable the "switchable graphics" on boot it sometimes seems to randomly re-enable it without even notifying me. The reason this is bad is because the switchable graphics cause my laptopt to overheat. If this happens in windows it usually just enters hibernation mode while the heat levels are just barely critical, in linux however it keeps running for a while at critical levels before it'll finally just overeat. I'm hoping that the AMD proprietary drivers can help me solve this on the linux side.
Whichever operating system i can manage to make stop ever using the switchable graphics (thus preventing all overheating) will be the one i will use in the end, but i'm not in any big rush, windows is working decently for me on the laptop right now, and i can patiently wait for the amd proprietary drivers to support X again, since i don't interact much with the computer at all anyways. Using linux would mostly just be to make the laptop look better. Linux seems to be the more likely one to succeed with this task in the end however (because i can optimize/customize it a whole lot more than i ever could windows, and because i'm scared of updating the catalyst drivers in windows because my laptop has often just completely broken upon catalyst driver update in windows.) -
[solved] No sound with AMD Fusion C-60
I have a freshly-installed headless server with a Fusion C-60 APU (http://www.newegg.com/Product/Product.a … 6813131843). It's mostly a NAS box, but I'm also trying to set it up to run MPD. However, I apparently have no sound at all:
sir ~ # aplay -l
aplay: device_list:268: no soundcards found...
Is the C-60 just too new to be supported? Do I need to be running a GUI of some sort to make the audio work?
sir ~ # lsmod
Module Size Used by
acpi_cpufreq 10470 0
mperf 1267 1 acpi_cpufreq
kvm_amd 51746 0
kvm 388889 1 kvm_amd
eeepc_wmi 4552 0
asus_wmi 15520 1 eeepc_wmi
sparse_keymap 3114 1 asus_wmi
rfkill 15633 1 asus_wmi
video 11170 1 asus_wmi
pci_hotplug 22930 1 asus_wmi
evdev 9912 2
microcode 14196 0
psmouse 76297 0
pcspkr 2027 0
serio_raw 5041 0
radeon 896820 1
r8169 56439 0
mii 4059 1 r8169
k10temp 3050 0
sp5100_tco 5784 0
i2c_piix4 10311 0
ttm 64499 1 radeon
drm_kms_helper 35090 1 radeon
drm 223795 3 ttm,drm_kms_helper,radeon
i2c_algo_bit 5391 1 radeon
processor 27239 3 acpi_cpufreq
i2c_core 22774 5 drm,i2c_piix4,drm_kms_helper,i2c_algo_bit,radeon
wmi 8379 1 asus_wmi
button 4701 0
ext4 471524 2
crc16 1359 1 ext4
jbd2 77224 1 ext4
mbcache 5930 1 ext4
sd_mod 30818 4
ahci 22096 2
libahci 20503 1 ahci
libata 168037 2 ahci,libahci
ohci_hcd 26544 0
ehci_pci 4120 0
ehci_hcd 47407 1 ehci_pci
usbcore 173007 3 ohci_hcd,ehci_hcd,ehci_pci
scsi_mod 129231 2 libata,sd_mod
usb_common 954 1 usbcore
sir ~ # lspci
00:00.0 Host bridge: Advanced Micro Devices [AMD] Family 14h Processor Root Complex
00:01.0 VGA compatible controller: Advanced Micro Devices [AMD] nee ATI Wrestler [Radeon HD 6290]
00:04.0 PCI bridge: Advanced Micro Devices [AMD] Family 14h Processor Root Port
00:11.0 SATA controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 SATA Controller [AHCI mode] (rev 40)
00:12.0 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
00:12.2 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB EHCI Controller
00:13.0 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
00:13.2 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB EHCI Controller
00:14.0 SMBus: Advanced Micro Devices [AMD] nee ATI SBx00 SMBus Controller (rev 42)
00:14.3 ISA bridge: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 LPC host controller (rev 40)
00:14.4 PCI bridge: Advanced Micro Devices [AMD] nee ATI SBx00 PCI to PCI Bridge (rev 40)
00:14.5 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB OHCI2 Controller
00:15.0 PCI bridge: Advanced Micro Devices [AMD] nee ATI SB700/SB800/SB900 PCI to PCI bridge (PCIE port 0)
00:15.1 PCI bridge: Advanced Micro Devices [AMD] nee ATI SB700/SB800/SB900 PCI to PCI bridge (PCIE port 1)
00:16.0 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
00:16.2 USB controller: Advanced Micro Devices [AMD] nee ATI SB7x0/SB8x0/SB9x0 USB EHCI Controller
00:18.0 Host bridge: Advanced Micro Devices [AMD] Family 12h/14h Processor Function 0 (rev 43)
00:18.1 Host bridge: Advanced Micro Devices [AMD] Family 12h/14h Processor Function 1
00:18.2 Host bridge: Advanced Micro Devices [AMD] Family 12h/14h Processor Function 2
00:18.3 Host bridge: Advanced Micro Devices [AMD] Family 12h/14h Processor Function 3
00:18.4 Host bridge: Advanced Micro Devices [AMD] Family 12h/14h Processor Function 4
00:18.5 Host bridge: Advanced Micro Devices [AMD] Family 12h/14h Processor Function 6
00:18.6 Host bridge: Advanced Micro Devices [AMD] Family 12h/14h Processor Function 5
00:18.7 Host bridge: Advanced Micro Devices [AMD] Family 12h/14h Processor Function 7
04:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168 PCI Express Gigabit Ethernet controller (rev 09)
sir ~ # uname -a
Linux sir 3.8.8-2-ARCH #1 SMP PREEMPT Tue Apr 23 10:28:14 CEST 2013 x86_64 GNU/Linux
Last edited by rabidfurby (2013-05-10 16:22:46)Thanks, apparently it was disabled in the BIOS. Never thought to check there because I've never had a motherboard ship with sound disabled by default.
-
Event 7000 and 7001 in event log; cannot verify signature
On the user's system, the Workstation service will not start, preventing access to network drives through UNC paths.
The dependencies for the Workstation service (Browser Support service, SMB 1 redirect, SMB 2 redirect) are not starting because the system detects a problem with the digital signature for a file. For example:
The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
I've run sfc /scannow a number of times, but that does not resolve the issue.
Suggestions, please!I tried updating bowser.sys at an elevated command prompt using the following commands:
takeown /f C:\windows\system32\drivers\bowser.sys
icacls C:\windows\system32\drivers\bowser.sys /grant administrators:F
copy file-from-working-system C:\windows\system32\drivers\bowser.sys
The CBS.log from sfc doesn't indicate the directory in C:\Windows\winsxs to copy the file. There are multiple directories for the file, each tagged with multiple IDs. I used the same commands on the latest directory in \Winsxs, copied bowser.sys there, but
sigcheck shows that the file is still not signed.
Sigcheck v2.1 - File version and signature viewer
Copyright (C) 2004-2014 Mark Russinovich
Sysinternals - www.sysinternals.com
c:\windows\system32\drivers\bowser.sys:
Verified: Unsigned
Link date: 11:55 PM 2/22/2011
Publisher: Microsoft Corporation
Description: NT Lan Manager Datagram Receiver Driver
Product: Microsoft« Windows« Operating System
Prod version: 6.1.7601.17565
File version: 6.1.7601.17565 (win7sp1_gdr.110222-1630)
MachineType: 64-bit
Binary Version: 6.1.7601.17565
Original Name: browser.sys
Internal Name: browser.sys
Copyright: ⌐ Microsoft Corporation. All rights reserved.
Comments: n/a
Entropy: 6.178 -
[partially solved] Kernel upgrade and longer udev events
Hi guys,
Well this isn't actually a problem, but nevertheless I'm curious about why the time to finish the 'udev events' during boot seems to be increasing after the two previous kernel upgrades.
kernel26-2.6.25.11-1 : around 3.5 seconds
kernel26-2.6.26.2-1 : around 5.7 seconds
kernel26-2.6.26.3-1 : around 9.5 seconds
Any idea?
Last edited by new2arch (2008-08-29 12:11:26)zyghom wrote:on mine with 26.3 is 3.5 sec
Back to ~5.5 seconds again by applying this 'how to':
http://wiki.archlinux.org/index.php/Speedup_udev
I opted for option 1. -
HH3A event log entries - firewall
I have recently received a replacement hub and in the event log am getting loads of the following entries - is this usual (IP address is my laptop)
23:59:57, 15 May.
(458348.960000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->49744, internal ports: 49744, internal client: 192.168.1.64
23:59:16, 15 May.
(458308.430000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->49744, internal ports: 49744, internal client: 192.168.1.64
Also when I do a tracert I get the following as the first line
1 3 ms 2 ms 1 ms api.home [192.168.1.254]
I am only confused because on the old hub the firewall entries were
20:50:11, 30 Apr.
BLOCKED 1 more packets (because of Spoofing protection)
20:50:09, 30 Apr.
IN: BLOCK [12] Spoofing protection (IGMP 86.157.215.96->224.0.0.22 on ppp0)
and the tracert was
1 1 ms <1 ms <1 ms BThomehub.home [192.168.1.254]
I presume that nothing is amiss
Solved!
Go to Solution.conrad wrote:
Many thanks DS - have turned UPnP off.
Why is this comment displayed "It is recommended to keep the Extended UPnP security enabled to ensure the security of your home network." Presumably not having it enabled is ok.
The spoofing stuff was obviously caused by me switching between wired/wireless as part of my line problems but thanks for the info as no doubt it will occur again.
No problem
The extended UPnP is a new item that BT have added to the latest firmware on the hub3. TBH I've not looked in to what this actually means as I've always turned UPnP off, even from when I was using the HH2.
The spoofing events will return if you flick between each method of connecting, unless you delete the method not in use
-+-No longer a forum member-+- -
Methods for Remote Event Log Collection (WMI vs RPC vs WinRM)
Hi,
I'm currently evaluating several 3rd party tools (SIEMs) to help me with log management in a large (mostly) Windows domain environment. Each tool uses a different approach to collecting the event log from remote systems, and I'd like help understanding the
pros and cons of each approach. I've dropped this in the scripting forum as the tools are essentially running different scripts and it's this part I would like to understand.
WMI: An agent installed on a windows server connects to each monitored box and grabs their event logs via WMI. Our legacy SIEM already collects from over 2000 servers using this method.
RPC: As above, but using RPC. No changes required on the remote machines.
WinRM: An appliance integrates with AD and collects event logs remotely using WinRM. This is reasonably new to me (i'm a security guy, not a sys admin) but I seem to have to enable an additional remote management tool, and open a new listening port on every
single machine I want to collect the event log from.
I read the following blog entry, which seemed to indicate that RPC was the best choice for performance, considering I'm going to be making high frequency connections to over 2000 targets:
http://blogs.technet.com/b/josebda/archive/2010/04/02/comparing-rpc-wmi-and-winrm-for-remote-server-management-with-powershell-v2.aspx
However, everything I have found on the subject of remote event collection seems to suggest that WinRM is the "approved" method for event log collection. The vendor using the WinRM approach is also suggesting that it is the only official MS supported
way of doing this.
So I would like to ask, is there a reason that WMI and RPC should not be used for this purpose, since they clearly work and don't require any changes to my environment? Is there some advantage to WinRM that justifies touching my entire estate and opening
an additional port (increasing my attack surface)?
Thanks in advance,Hi,
I'm aware of the push method, and may indeed move to it in time, although I'm just as likely to install a 3rd party agent on the machines to perform this role with greater functionality and manageability for the same effort. I've only seen organisations
using commercial agents (snare, splunk, etc) or WMI for log collection in practice, so I don't think I'm the only one with reservations about it.
Anything that involves making configuration changes to a large and very varied estate is not something to do lightly. Particularly if alternatives exist that don't require this change to be carried out immediately. That is why I'm looking to properly understand
the pros and cons of these "legacy" approaches for use as an interim solution if nothing more.
Pulling probably is more resource intensive, although I've not seen an actual comparison, but it's not really that fragile in my experience. If a single pull fails, you just collect the logs you missed at the next pull cycle in a few seconds/minutes.
All logs are pulled directly into a SIEM for analysis, so that part is covered.
Anyway, I appreciate the input, but I'm still holding out for concrete reasons to move away from WMI/RPC or to embrace WinRM. Bear in mind I'm considering fixing something that doesn't look broken to me!
Cheers, -
Hi,
I want to create a PS script which will pick the server name from a text file and save the event logs one by one of all the server with server name in a shared folder in network
For this I tried to create below code, but not successful. I know there are some silly mistake in this code which i m not able to identify
Please help me because I’m new in scripting and have very little knowledge about this.
==================
$Computer_Name = Get-Content \\sharepath\name.txt
$logfile = ForEach ($Computer_Name)
Get-WmiObject -Class win32_NTEventlogFile -Filter "logFileName='Application'"
$logfile.ClearEventlog('Sharepath\%computername%_Application_Logs.evt')
========================Thanks !!!
The share path is working fine.
If I am running the below script it will save the logs files of local computer to the shared drive with computer name.
==============
$logfile = Get-WmiObject -Class win32_NTEventlogFile -Filter "logFileName='Application'"
$logfile.ClearEventlog('\\sharepath\%computername%_Application_Logs.evt')
================
Now, I want to create a script which will pick the server name from a text file and save that to a shared folder with respective computer name.
Also, is there any way to SAVE AS the log files rather than clearing the logs ?
You can export the logs using Get-EventLog and Export-Csv Get-EventLog can specify a filter of -after and -before to set a date range.
Help get-eventlog -full
You can specify an array or file of computer names on the commandline. You can specify credentials on the commandline.
You can also save eventlogs in their entirety but that is not a good practice as it produces too much overlap.
I suggest that weekly extractions ican be managed on an overnight basis. Monthly extracts are likely to take too much time.
LogParser is much better at extracting Eventlogs in many formats.
Logs should beset to rol lover on a size basis. I use 32 and 64 megabytes on bsic systems and much larger on busier systems. like to have a year online if possible.
¯\_(ツ)_/¯ -
I'm seeing some strange behavior with our RAID Admin event log. On Friday, I did a rebuild of our one of our RAIDs and, in the event log, there was an entry added that said "RAID Rebuild Started" or something along those lines.
Today I opened RAID Admin and that event entry was gone. All of the other events around it were still there (removing and reinserting a drive, etc.), but not the actual rebuild message (or the subsequent success message).
Is this normal behavior?Yes, that is normal behavior. If there were any problems with the rebuild, you would see error messages in the event log, but the message about starting the rebuild does disappear after the rebuild finishes.
-Phoenix -
I receive the following event.....
A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 42. I cannot find much information on this. does anyone have any insight?
Thank youHi,
Did there run IIS on the server? This error message indicates the computer received an SSL fatal alert message from the server. It may be caused by accessing web site or the installation of third party web browsers or others. Did you remember any specific
operation that had been done before this issue occurred? For examples, install any third-party application or others? Please refer to following thread and check if can help you.
Event ID: 36887 Source: Schannel, Error: The following
fatal alert was received: 0.
In addition, please also refer to following KB and enable Schannel event logging, then check if get more clues.
How to enable Schannel event logging in IIS
If any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
VM cannot get IP and shows host MAC in event logs
I have a strange issue where the VM on a user's laptop worked fine in the office with a Wireless NIC but when he got home we began having some problems (no network in the VM, only get 169.x.x.x IP in the VM, host network connection drops when we try
to access or configure the networking inside the VM).
Here is what I know so far:
Bridge exists on host (wireless NIC to virtual NIC) and is enabled
Adapter in VM has MAC of 00-15-5D-0A-A5-00, cannot get IP
VM settings for the wireless NIC show the MAC is Dynamic and the one assigned is within the range setup on the Virtual Switch
Adapter on host has MAC of 9C-4E-36-AC-83-68, gets IP of 192.168.0.14
In the VM, you cannot renew or assign an IP, it says the MAC exists on the network and has an address assigned. Network connectivity also drops if you try to renew the IP
In the system event logs on the VM, I see TCPIP event 4199, exact message is - The system detected an address conflict for IP address 192.168.0.14 with the system having hardware address 9C-4E-36-AC-83-68.
There are no errors in the event logs on the host.
Deleting the NIC inside the VM and removing/re-adding it to the VM settings does not resolve it
Deleting and recreating the virtual switch does not resolve it
The option to allow the management OS to also use the wireless NIC is enabled on the virtual switch.
The wired connection also worked in our office during the build and testing but he doesn't not have a cable at home for me to test the wired there.
We have another machine which is configured the same way and is working correctly, both in the office and offsite.
Why is the VM trying to use the host MAC to get an IP, shouldn't it be using the one assigned by Hyper-V? Could this be an issue with his home office network or maybe specifically with his WAP? What other items could cause this?
I have asked my user to go connect to a wireless network in a different location and test it but I haven't heard back from him yet.
Thanks in advance for any suggestions.Hi Milos,
1 - Unfortunately I can't test this, the router is supplied by his ISP and is not one that we have any management capabilities on.
2 - Any time I access network information in the VM (even just to run "ipconfig /all" at a command line), the network drops temporarily on the host and I loose access to it.
3 - I've not used this before, I'll check it out.
It seemed really odd to me that the VM showed the host MAC in the event logs when everything else in the VM shows the one assigned by Hyper-V.
Do you know if the "Virtual Networking and Wireless network adapters" entry in Ben Armstrong's Virtualization blog still applies in Windows 8.1? It won't let me post the link to it directly, sorry.
I've seen it referred to recent posts but it's from 2005.
It makes sense if it is since symptom #2 sounds like what I am seeing. -
Hi,
Since applying the February 2013 SharePoint 2010 updates, we are getting lots of entries in our event logs along the following:
Content Management Publishing Cache
5538 Critical
An error occurred in the blob cache. The exception message was 'The system cannot find the file specified. (Exception from HRESULT: 0x80070002)’
In pretty much all of these cases the image/ file in question that is reported in the ULS logs as missing is not actually in the collaboration site, master page / html etc so the fix needs to go back to the site owner to make the correction to avoid
the 404 (if they make it!). This has only started happening, I believe since feb 2013 sp2010 cumulative updates updates
I didn’t see this mentioned as a change / in the Fix list of the February updates. i.e. it flags up a critical error in our event logs. So with a lot of sites and a lot of missing images your event log can quickly fill up.
Obviously you can suppress them in the monitoring -> web content management ->publishing cache = none & none which is not ideal.
So my question is... are others seeing this and was a change made by Microsoft to flag a 404 missing image / file up a critical error in event log when blob cache is enabled?
If i log this with MS they will just say, you need to fix it up the missing files in the site but would be nice to know this had changed prior! I also deleted and recreated the blob cache and this made no diffference
thanks
BradI'm facing the same error on our SharePoint 2013 farm. We are on Aug 2013 CU and if the Dec CU (which is supposed to be the latest) doesn't solve it then what else could be done.
Some users started getting the message "Server is busy now try again later" with a corelation id. I looked up ULS with that corelation id and found these two errors in addition to hundreds of "Micro Trace Tags (none)" and "forced
due to logging gap":
"GetFileFromUrl: FileNotFoundException when attempting get file Url /favicon.ico The system cannot find the file specified. (Exception from HRESULT: 0x80070002)"
"Error in blob cache. System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)"
"Unable to cache URL /FAVICON.ICO. File was not found"
Looks like this is a bug and MS hasn't fixed it in Dec CU..
"The opinions expressed here represent my own and not those of anybody else"
Maybe you are looking for
-
Siri is not working in iPhone 5 even if i say properly
Siri is not working in iPhone 5 even if i say properly
-
Error while initializing CRS in Oracle Commerce 11.1
I did a ./initialize_services.sh --force after reading from a few other posts. And i get this error. Removing existing crawl configuration for crawl CRS-last-mile-crawl (ignore errors if crawl doesn't exist) Removing Record Store CRS-data (ignore err
-
SCOM 2012 RC - SCVMM 2012 RC - Virtual machine manager management group is not getting monitored
Hi All, I have integrated SCOM 2012 with SCVMM 2012 environment. I could see two strange behaviors. All these instance are running on Windows 2008 R2 + Sp1 OS along with SQL 2008 R2 for database. 1) I could see two instance of VirtualmanagerDB in t
-
Sapscriptwordtemplate.dot appears in popup box
sapscriptwordtemplate.dot Pop-up from MS Word Office Integration SAP ECC6.0 SAPKA70018 SAPKB70018 Our colleagues receive the pop-up from MS Word 2003 (Office Package) from the Word Editor in Ta ME23N " save this file" during the visit of standard t
-
How many photos are too many photos for iPhoto? When do I need to upgrade to Aperture?
How many photos are too many photos for iPhoto? When do I need to updgrade to Aperture?