T410 2516CTO random freezes without anything in Windows Event Viewer! :(
I used Update Retriever + Thin Installer (virtually System Update 4.0 but a server + client version of it) to download drivers and install Windows 7 Ultimate x64 with SP1 on this machine. A hard power off is required by pressing on the power button for 5+ seconds
Core i7 620M
8GB RAM
320GB 7.2k rpm HDD
Optimus graphics
Gobi2000 WWAN
uPek Fingerprint reader
The machine freezes without any warning and has done so with both the factory install (more frequent) and with the HDD wiped and using Microsoft's Windows 7 Ultimate SP1 x64 slipstreamed (freezes much less frequently). Are there tools that I can use to help diagnose this problem?
I have also used a 90W AC adaptor and 65W adaptor on this machine. The random freezes happen on either adaptor as well.
I read of other people who have the same frustrations over freezes but no other situation described is exactly the same as mine unfortunately -- most other occasions you can find something in Windows Event Viewer!!
Solved!
Go to Solution.
Hi again
Found out that it was the Intel WiFi 6300 that was locking the machine. Disabled it via h/w switch or BIOS made the freezing disappear altogether.
So there we go. A once off incident of a failed 6300 WLAN card.
Similar Messages
-
Labview 2010 randomly restarts computer - windows event viewer points to nap agent
When running my current VI that I am working on, the computer will ranomly reboot. There is no freeze, or blue screen, just a reboot. When examining the windows event viewer after the reboot, the following warning is listed immediately preceding the reboot:
Event ID 39
The Network Access Protection Agent was unable to determine which HRAs to request a health certificate from.
A network change or if GP is configured, a configuration change will prompt further attempts to acquire a health certificate. Otherwise no further attempts will be made.
Contact the HRA administrator for more information.
Previous to getting this warning before a reboot, I was getting the following error:
Event ID 10016
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
This is a DCOM service eror and the CLSID is referring to NAPAGENT. So I configured DCOM to allow the NAPAGENT to start and now I get the Event ID 39 warning and still get the reboot.
I am not sure why labview is even asking for DCOM or NAPAGENT to start at all. My VI is simply reading information from two serial instruments.
This reboot behavior does not occur when the computer is not running labview.
I am attaching a copy of the main VI, if it will be helpful I can post the sub VI's as well.
Thanks in advance for your help.
-Justin Lee
Attachments:
testscan10.8.vi 179 KBHi Joe,
Thanks for the reply.
I am running windows XP pro service pack 3.
I am running a standard instal of labview 2010 with the latest VISA drivers, no other modules or options installed.
I am only reading and writing to the serial ports (com) in my code. I don't believe that virus/spyware/malware is to blame for several reasons.
1. This only occurs when running this VI in labview.
2. I have replicated this problem on another computer.
3. I am behind a government (DOE) firewall and virus scans and checks are performed constantly.
4. If I take out the serial portion of my code via a T/F case structure, it will not crash.
The code will run fine for sevetral hours sometimes and then crash, other times it will crash after only a few minutes.
Please let me know what other information you require.
Thanks!
Justin Lee -
Illustrator CC crashes on startup(windows event viewer message included)
Windows event viewer shows like this...
System
Provider
[ Name]
Application Error
EventID
1000
[ Qualifiers]
0
Level
2
Task
100
Keywords
0x80000000000000
TimeCreated
[ SystemTime]
2013-12-09T06:35:08.000000000Z
EventRecordID
71639
Channel
Application
Computer
HPNB-dhleeNB
Security
EventData
Illustrator.exe
17.0.0.260
52822426
ntdll.dll
6.1.7601.18247
521ea8e7
c0000374
000ce753
a690
01cef4a8afb2dd09
C:\Program Files (x86)\Adobe\Adobe Illustrator CC\Support Files\Contents\Windows\Illustrator.exe
C:\Windows\SysWOW64\ntdll.dll
0b8a3ab7-609c-11e3-8e0d-005056c00008
Please help.Problem solved. Refer to below.
3 posts
Nov 25, 2013
2.AlanDrVita,
Nov 26, 2013 9:16 AM in reply to outdoorz
Report
I may have been able to resolve my issue. I held shift while opening Illustrator and opened it in a bare bones mode, then closed it and reopened it without getting the error message. Good luck to you.
Was this helpful? Yes No -
Error in starting nidevldu and nipxirmu services (windows event viewer)
A computer running Windows XP SP1 and a Visual basic (V6.0) application that I've developped had crashed several times. I've seen lots of errors in the Windows event viewer saying that the nidevldu and nipxirmu services were trying to start (exact french message : Le service nidevldu est en attente de démarrage et Le service nipxirmu est en attente de démarrage). These messages are real errors (not warning or informations).
I use a 6034E PCI card, Visual basic V6.0 and NI-DAQ 7.4.
The crashes I've seen may be linked with this problem.
Is there a solution?Hi,
I think that you are not going to be starting and stopping the devldu service in normal circumstances... due to crashes !
The firsts steps you have to focus on is to optimize your program in order to avoid crashes, which is not a normal way of work I guess. Then you will be able to avoid these messages!
Regards,
David D. - Application Engineer - NI -
B570 windows event viewer errors
I've just noticed these errors in windows 7 event viewer, does anyone know what would be causing the problem and if there's a fix to resolve it?
http://i.imgur.com/Imljb.png
thanks.
link to image image(s) >50k converted to link(s)Hi B570,
Well, let's see. Running the AV scan isn't really stressing the CPU and your temps look okay.
Did running the scan trigger a warning?
Do you get any warnings just running on battery?
To find out whether it's the same problem as your links, the CPU will have to be stressed while you're on AC power and the battery is charging. Check the temp then and whether doing this triggers a warning.
It's like I said above, not knowing what the machine is doing during one of those warnings makes it hard to tell what's causing this.
I would discharge the battery to the point when it will charge. Plug in the AC and open a browser and watch a youtube movie full screen, play some music in the background, have a couple of browser windows open. That should stress it enough to raise the temp. and "maybe" give you a warning.
If doing this does give you a warning, then charge the battery up so it doesn't charge and do the same thing as above and see if that gives you a warning. If you get the same warning doing this, then the warning isn't the same as described in those other threads.
If none of this gives you a warning, then we'll have to figure something else out.
Dave
T430u, x301, x200T, x61T, x61, x32, x41T, x40, U160, ThinkPad Tablet 1838-22R, Z500 touch, Yoga Tab 2 Windows 8.1, Yoga Tablet 3 Pro
Did someone help you today? Press the star on the left to thank them with a Kudo!
If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"!
If someone helped you today, pay it forward. Help Someone Else!
English Community Deutsche Community Comunidad en Español Русскоязычное Сообщество -
Name der fehlerhaften Anwendung: PhotoshopElementsOrganizer.exe, Version: 12.0.0.0, Zeitstempel: 0x5314d4d4
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.30319.1, Zeitstempel: 0x4ba1dbbe
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002357
ID des fehlerhaften Prozesses: 0x1a30
Startzeit der fehlerhaften Anwendung: 0x01d06594ad77b481
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsOrganizer.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Adobe\Elements 12 Organizer\MSVCR100.dll
Berichtskennung: f21b3990-d187-11e4-82f5-448a5b82d1a6
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Any hints how to solve this issue are welcome!Ah, I was able to delete it that time. You're right, it was just a matter of timing.
Sadly, the problem persists-- after deleting the preferences file, I opened up a picture and tried to add text with the text tool, and Photoshop crashed again.
Edit: Okay, I tried to reset the text tool, but Photoshop crashes before I can reset it (basically, right after I click). I tried resetting all the tools, but that didn't work. I also held shift to start without third-party tools, but there was no change. Pretty sure I don't have any third-party tools installed, unless they were bundled with Photoshop. -
Windows event viewer error related to Bonjour??
The description for Event ID ( 1 ) in Source ( Bonjour Service ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: mDNSResponder started
what is this i even installed full version of Bonjour how i fix this error is this related to it not finding Bonjour stuff or just a general error?ok i removed bonjour now safari docent like to work right ***? its slow now i don't want to put Bonjour back on till i know if and how to fix that error someone has to know.
-
Friends i am looking for script to extract server 2008 event logs from network in csv format. I have around 12 server and i want to extract all server daily logs in one location, also i am new into this field and i am asked for this project. I hope
i will be able to achieve with all ur guidance.
Please do revert Thanks in advance
This is the script i am using.
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where LogFile='Application' and
TimeGenerated > '20140414000000.000000-000'")
Set objFSO = CreateObject("Scripting.
FileSystemObject")
Set objFile = objFSO.CreateTextFile("C:\Scripts\Events.txt")
For Each objEvent in colEvents
strTimeWritten = objEvent.TimeWritten
dtmTimeWritten = CDate(Mid(strTimeWritten, 5, 2) & "/" & _
Mid(strTimeWritten, 7, 2) & "/" & Left(strTimeWritten, 4) _
& " " & Mid (strTimeWritten, 9, 2) & ":" & _
Mid(strTimeWritten, 11, 2) & ":" & Mid(strTimeWritten, 13, 2))
dtmDate = FormatDateTime(dtmTimeWritten, vbShortDate)
dtmTime = FormatDateTime(dtmTimeWritten, vbLongTime)
strEvent = dtmDate & vbTab
strEvent = strEvent & dtmTime & vbTab
strEvent = strEvent & objEvent.SourceName & vbTab
strEvent = strEvent & objEvent.Type & vbTab
strEvent = strEvent & objEvent.Category & vbTab
strEvent = strEvent & objEvent.EventCode & vbTab
strEvent = strEvent & objEvent.User & vbTab
strEvent = strEvent & objEvent.ComputerName & vbTab
strDescription = objEvent.Message
If IsNull(strDescription) Then
strDescription = "The event description cannot be found."
End If
strDescription = Replace(strDescription, vbCrLf, " ")
strEvent = strEvent & strDescription
objFile.WriteLine strEvent
Next
objFile.Close
Prayers & Regards, Damodar Regmi -
Randomly Freezing and Running Hot
Hi all,
So my MBP mid-2009 seems to randomly freeze without warning and after no particular operation or amount of time. It could be idling with no programs open or be under heavy use and can take anywhere from 15 minutes to over an hour, but it is guaranteed to freeze up and require a hard shutdown. I've been running Mavericks since late 2013 and have only had this problem recently (about the past 3 weeks). I've tried many little things but nothing too drastic (like disabling the hard disk sleep option and the Google Drive "show file sync status" option). I have an SSD and a 500GB HDD installed and am running rEFIt because I have 3 bootable partitions (2 were originally clones of OS X and the other is Windows 8 BOOTCAMP). I have noticed that the CPU is running much hotter than it should ( >80C with no load and the fan doesn't seem to spin up until it hits about 87C unless I use SMCFanControl).
Anyway I downloaded and ran EtreCheck and have pasted the output below. I know I'm a little heavy on the RAM usage, but that shouldn't cause this kind of instability. Also I'm not 100% sure (because activity moniter freezes up when I get the beachball), but it seems like Finder and Safari are the culprits of the crash.
Let me know if you need anymore info and thanks for your time!
Hardware Information:
MacBook Pro (13-inch, Mid 2009)
MacBook Pro - model: MacBookPro5,5
1 2.26 GHz Intel Core 2 Duo CPU: 2 cores
4 GB RAM
Video Information:
NVIDIA GeForce 9400M - VRAM: 256 MB
System Software:
OS X 10.9.2 (13C64) - Uptime: 0 days 0:15:26
Disk Information:
M4-CT128M4SSD2 disk0 : (128.04 GB)
EFI (disk0s1) <not mounted>: 209.7 MB
macSSD (disk0s2) / [Startup]: 96.48 GB (27.04 GB free)
Recovery HD (disk0s3) <not mounted>: 650 MB
BOOTCAMP (disk0s4) <not mounted>: 30.69 GB
ST9500325AS disk1 : (500.11 GB)
EFI (disk1s1) <not mounted>: 209.7 MB
Storage (disk1s2) /Volumes/Storage: 399.81 GB (96.63 GB free)
notSSD (disk1s3) /Volumes/notSSD: 99.3 GB (91.78 GB free)
USB Information:
Apple Inc. Built-in iSight
Apple Internal Memory Card Reader
Apple Inc. Apple Internal Keyboard / Trackpad
Apple Computer, Inc. IR Receiver
Apple Inc. BRCM2046 Hub
Apple Inc. Bluetooth USB Host Controller
FireWire Information:
Thunderbolt Information:
Kernel Extensions:
se.coolbook.driver2 (2.0.9)
Startup Items:
rEFItBlesser: Path: /Library/StartupItems/rEFItBlesser
Launch Daemons:
[System] com.adobe.fpsaud.plist 3rd-Party support link
[System] com.bjango.istatserver.plist 3rd-Party support link
[System] com.bombich.ccc.plist 3rd-Party support link
[System] com.google.keystone.daemon.plist 3rd-Party support link
[System] com.microsoft.office.licensing.helper.plist 3rd-Party support link
[System] com.oracle.java.Helper-Tool.plist 3rd-Party support link
[System] gpsd.plist 3rd-Party support link
[System] org.eyebeam.SelfControl.plist 3rd-Party support link
[System] org.macosforge.xquartz.privileged_startx.plist 3rd-Party support link
Launch Agents:
[System] com.google.keystone.agent.plist 3rd-Party support link
[System] com.hp.messagecenter.launcher.plist 3rd-Party support link
[System] com.oracle.java.Java-Updater.plist 3rd-Party support link
[System] org.macosforge.xquartz.startx.plist 3rd-Party support link
User Launch Agents:
[not loaded] com.apple.CSConfigDotMacCert-[...]@me.com-SharedServices.Agent.plist
[not loaded] com.facebook.videochat.[redacted].plist 3rd-Party support link
[not loaded] com.google.GoogleContactSyncAgent.plist 3rd-Party support link
[not loaded] com.macpaw.CleanMyMac.helperTool.plist 3rd-Party support link
[not loaded] com.macpaw.CleanMyMac.trashSizeWatcher.plist 3rd-Party support link
[not loaded] com.macpaw.CleanMyMac.volumeWatcher.plist 3rd-Party support link
[not loaded] com.netputing.airprintactivator.plist 3rd-Party support link
[not loaded] com.valvesoftware.steamclean.plist 3rd-Party support link
User Login Items:
Google Drive
Internet Plug-ins:
FlashPlayer-10.6: Version: 12.0.0.77 - SDK 10.6 3rd-Party support link
Loki: Version: 3.0 3rd-Party support link
Flash Player: Version: 12.0.0.77 - SDK 10.6 3rd-Party support link
Default Browser: Version: 537 - SDK 10.9
o1dbrowserplugin: Version: 5.1.7.17873 3rd-Party support link
QuickTime Plugin: Version: 7.7.3
npgtpo3dautoplugin: Version: 0.1.44.29 - SDK 10.5 3rd-Party support link
googletalkbrowserplugin: Version: 5.1.7.17873 3rd-Party support link
Mathematica: Version: 9.0.1.4055068 3rd-Party support link
JavaAppletPlugin: Version: Java 7 Update 51 3rd-Party support link
Safari Extensions:
Evernote Web Clipper: Version: 6.1
Audio Plug-ins:
BluetoothAudioPlugIn: Version: 1.0 - SDK 10.9
AirPlay: Version: 2.0 - SDK 10.9
AppleAVBAudio: Version: 203.2 - SDK 10.9
iSightAudio: Version: 7.7.3 - SDK 10.9
iTunes Plug-ins:
Quartz Composer Visualizer: Version: 1.4 - SDK 10.9
User Internet Plug-ins:
fbplugin_1_0_3: Version: (null) 3rd-Party support link
3rd Party Preference Panes:
BassJump 3rd-Party support link
Fan Control 3rd-Party support link
Flash Player 3rd-Party support link
Flip4Mac WMV 3rd-Party support link
Growl 3rd-Party support link
Java 3rd-Party support link
SynergyKM 3rd-Party support link
teleport 3rd-Party support link
TeXDistPrefPane 3rd-Party support link
Old Applications:
Microsoft Language Register: Version: 14.2.3 - SDK 10.5 3rd-Party support link
/Applications/Microsoft Office 2011/Additional Tools/Microsoft Language Register/Microsoft Language Register.app
AirPrintDaemon: Version: 1.0b5 - SDK 10.0 3rd-Party support link
/Users/[redacted]/Library/Application Support/AirPrintActivator/AirPrintDaemon.app
SLLauncher: Version: 1.0 - SDK 10.5 3rd-Party support link
/Library/Application Support/Microsoft/Silverlight/OutOfBrowser/SLLauncher.app
/Applications/Microsoft Office 2011
Microsoft PowerPoint: Version: 14.2.3 - SDK 10.5 3rd-Party support link
Microsoft Excel: Version: 14.2.3 - SDK 10.5 3rd-Party support link
Microsoft Word: Version: 14.2.3 - SDK 10.5 3rd-Party support link
Microsoft Outlook: Version: 14.2.3 - SDK 10.5 3rd-Party support link
Microsoft Document Connection: Version: 14.2.3 - SDK 10.5 3rd-Party support link
/Applications/Microsoft Office 2011/Office
Open XML for Excel: Version: 14.2.3 - SDK 10.5 3rd-Party support link
Microsoft Office Setup Assistant: Version: 14.2.0 - SDK 10.5 3rd-Party support link
Microsoft Alerts Daemon: Version: 14.2.3 - SDK 10.5 3rd-Party support link
SyncServicesAgent: Version: 14.2.3 - SDK 10.5 3rd-Party support link
Microsoft Database Daemon: Version: 14.2.3 - SDK 10.5 3rd-Party support link
Microsoft Graph: Version: 14.2.3 - SDK 10.5 3rd-Party support link
Microsoft Database Utility: Version: 14.2.3 - SDK 10.5 3rd-Party support link
Microsoft Office Reminders: Version: 14.2.3 - SDK 10.5 3rd-Party support link
Microsoft Upload Center: Version: 14.2.3 - SDK 10.5 3rd-Party support link
My Day: Version: 14.2.3 - SDK 10.5 3rd-Party support link
Microsoft Chart Converter: Version: 14.2.3 - SDK 10.5 3rd-Party support link
Microsoft Clip Gallery: Version: 14.2.3 - SDK 10.5 3rd-Party support link
Rivet: Version: 2.8.0 - SDK 10.5 3rd-Party support link
/Applications/TeX
BibDesk: Version: 1.5.9 - SDK 10.5 3rd-Party support link
LaTeXiT: Version: 2.5.0 - SDK 10.5 3rd-Party support link
Microsoft AutoUpdate: Version: 2.3.5 - SDK 10.4 3rd-Party support link
/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app
/Library/Application Support/Microsoft/MERP2.0
Microsoft Error Reporting: Version: 2.2.8 - SDK 10.4 3rd-Party support link
Microsoft Ship Asserts: Version: 1.1.3 - SDK 10.4 3rd-Party support link
Time Machine:
Skip System Files: NO
Auto backup: YES
Volumes being backed up:
macSSD: Disk size: 89.86 GB Disk used: 64.67 GB
Destinations:
Time Machine [Local]
Total size: 232.83 GB
Total number of backups: 25
Oldest backup: 2013-01-03 19:27:22 +0000
Last backup: 2014-03-17 04:52:14 +0000
Size of backup disk: Adequate
Backup size 232.83 GB > (Disk used 64.67 GB X 3)
notSSD [Local] (Last used)
Total size: 92.48 GB
Total number of backups: (null)
Size of backup disk: Too small
Backup size 92.48 GB < (Disk used 64.67 GB X 3)
Time Machine details may not be accurate.
All volumes being backed up may not be listed.
Top Processes by CPU:
24% backupd
17% WindowServer
6% com.apple.WebKit.Networking
4% Activity Monitor
4% mds
Top Processes by Memory:
238 MB com.apple.IconServicesAgent
188 MB mds_stores
74 MB PluginProcess
74 MB Safari
70 MB Google Drive
Virtual Memory Information:
92 MB Free RAM
1.63 GB Active RAM
1.56 GB Inactive RAM
472 MB Wired RAM
908 MB Page-ins
0 B Page-outsThanks, I'm notorious for not updating things.
I think I may have found the solution, my Crucial M4 was on firmware 0009, the latest is 070H. Apparently the 0309 update fixed a freezing issue:
http://www.tomshardware.com/news/Crucial-m4-Firmware-BSOD,14544.html
Did the update to the latest, seems quicker already. Will know within a couple of hours if it worked or not.
Cheers! -
P45 Neo3-FR Freezing/lock ups in Windows
Specs:
P45 Neo3-FR using 1.3 BIOS
E8400 w/ Thermalright Ultra 120 Extreme
2x1GB GSkill 1066Mhz RAM
EVGA 8800GT 512MB
Cosair HX520W PSU
Antec Nine Hundred case
2x SATA HDD
1x DVDRW
Windows XP SP3
I'm having random freezing/lock ups in Windows. It can happen anywhere between 1 minute to 5+ hours. It's completely random, doesn't matter what I'm doing.
I have the latest chipset and nVidia drivers.
Memtest passes 8+ hours
Orthos passes 3+ hours
I've cleared the CMOS and loaded optimized defaults
I've tried both IDE and AHCI
What happens is everything just freezes, I can't move the mouse and can't ctrl-alt-del.
Anyone have any ideas?
Update: I switched to BIOS 1.2 and so far everything seems OK, though I lost the option to change the command rate on the RAM. I'll post back in a couple of days or if it happens to lock up again.Quote
2x1GB GSkill 1066Mhz RAM
Reduce memory clock speed to 800 MHz in BIOS, set Memory voltage to 1.9-1.95V and retest. -
Windows is Scanning and repairing drive... (- Errors in Event Viewer)
Long post, please be patient... :)
I have a fairly new (purchased 8/2013) Lenovo ThinkPad T431s with Windows 8.1 Pro 64-bit (updated from 8.0 -> 8.1). It has a very tricky error coming basically 8 / 10 boots:
Windows is Scanning and repairing drive...
Error details from Windows Event Viewer (a new similar error appears on every boot to event viewer):
A corruption was discovered in the file system structure on volume \?\Volume{f62db2cf-efe4-4b55-a3f7-0e7db991a984}.
A file on the volume is no longer reachable from its parent directory. The parent file reference number is 0x2000000000002. The name of the parent directory is "". The parent index attribute is ":$I30:$INDEX_ALLOCATION". The file reference
number of the file that needs to be reconnected is 0x400000003db80. There may be additional files on the volume that also need to be reconnected to this parent directory.
What has been done 1st trying to fix that:
SSD disk has been changed (image from previous SSD copied back) ->
no solution, error remains
chkdsk /F /R -> no solution, error remains
SFC /scannow -> no solution, error remains
dism /online /cleanup-image /restorehealth -> no solution, error remains after a few boots
TRIED using Windows 8.1 "Update & Recovery -> Refresh Your PC without affecting your files" -> Inserted the Lenovo "Operating System Recovery Disk Windows 8 Pro (OEM Activation 3.0 Required)" BUT Windows did not accept
that DVD claiming "The media inserted is not valid"... ???
Ended up calling Lenovo Support and they instructed me to order the Recovery DVD from
Lenovorecovery.com -> Unfortunatelly Windows does not recognice the DVD(s)...
mountvol returns:
\\?\Volume{4d337687-0033-42f7-8a8e-b6968b533cb3}\
(This is my C:\ drive where Windows installation resides)
\\?\Volume{e010cf9d-c04d-4c82-b517-3cda1b647fe7}\
*** NO MOUNT POINTS ***
\\?\Volume{f62db2cf-efe4-4b55-a3f7-0e7db991a984}\
*** NO MOUNT POINTS ***
\\?\Volume{33f0062f-0aff-4fd2-8402-1c7911d86897}\
*** NO MOUNT POINTS ***
Then running fsutil dirty query on each returns:
Volume - \\?\Volume{4d337687-0033-42f7-8a8e-b6968b533cb3} is NOT Dirty
Volume - \\?\Volume{e010cf9d-c04d-4c82-b517-3cda1b647fe7} is NOT Dirty
Volume - \\?\Volume{f62db2cf-efe4-4b55-a3f7-0e7db991a984} is Dirty
Volume - \\?\Volume{33f0062f-0aff-4fd2-8402-1c7911d86897} is NOT Dirty
The chkdsk on the dirty volume
\\?\Volume{f62db2cf-efe4-4b55-a3f7-0e7db991a984}\ returned:
The type of the file system is NTFS.
Insufficient storage available to create either the shadow copy storage file or
other shadow copy data.
A snapshot error occured while scanning this drive. Run an offline scan and fix.
Diskpart output on the same volume:
DISKPART> lis par
Partition ### Type Size Offset
Partition 1 Reserved 128 MB 17 KB
Partition 2 Recovery 1000 MB 129 MB
Partition 3 System 260 MB 1129 MB
Partition 4 Primary 146 GB 1389 MB
Partition 5 Recovery 350 MB 147 GB
Partition 6 Recovery 19 GB 148 GB
Questions:
1) Are my Partitions OK, haven't "touched" anything?
2) Excluded the dirty volume from boot checking with chkntfs /x
-> still the Error appears in Event viewer log (but Scanning is skipped/not shown anymore during the boot).
What is causing the error?
3) Why do I have three (3) recovery partitions?What has happened in the past days:
A) Lenovo on-site-Support changed the motherboard -> had no impact on the error (which I expected).
B) I found
instructions how to manually create USB Flash stick with a booting Custom (OEM) Recovery Image.
C) Booted with USB and performed "Refresh your PC without affecting your files."
D) Windows was refreshed but...
-->>
Still the error remains (Windows scanning and repairing drive \?\Volume{f62db2cf-efe4-4b55-a3f7-0e7db991a984} on each and every boot.
1) Related Error in Event viewer (NTFS):
A corruption was discovered in the file system structure on volume \?\Volume{f62db2cf-efe4-4b55-a3f7-0e7db991a984}.
A file on the volume is no longer reachable from its parent directory. The parent file reference number is 0x2000000000002. The name of the parent directory is "". The parent index attribute is ":$I30:$INDEX_ALLOCATION". The file reference number of the
file that needs to be reconnected is 0x400000003db80. There may be additional files on the volume that also need to be reconnected to this parent directory.
2) Related Error in Event viewer (NTFS - Microsoft Windows NTFS):
Volume \\?\Volume{f62db2cf-efe4-4b55-a3f7-0e7db991a984} (\Device\HarddiskVolume5) needs to be taken offline to perform a Full Chkdsk. Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via
PowerShell.
-->>
Now Lenovo support is proposing a full re-install (to be performed by myself) of Windows as this is SW issue.
Summary:
- Refreshing my T431s with OEM Image does not help
- The error remains on \?\Volume{f62db2cf-efe4-4b55-a3f7-0e7db991a984} (\Device\HarddiskVolume5; Lenovo Recovery partition) OR at least Windows thinks so... -
How to write to windows event logs from determinations-server under IIS
This is just an FYI technical bit of information I wish someone had shared with me before I started trying to write OPA errors to the windows event log... Most problems writing to the windows event log from log4net occur because of permissions. Some problems are because determinations-server does not have permissions to create some registry entries. Some problems cannot be resolved unless specific registry entry permissions are actually changed. We had very little consistency with the needed changes across our servers, but some combination of the following would always get the logging to the windows event log working.
To see log4net errors as log4net attempts to utilize the windows event log, temporarily add the following to the web.config:
<appSettings>
<!-- uncomment the following line to send diagnostic messages about the log configuration file to the debug trace.
Debug trace can be seen when attached to IIS in a debugger, or it can be redirected to a file, see
http://logging.apache.org/log4net/release/faq.html in the section "How do I enable log4net internal debugging?" -->
<add key="log4net.Internal.Debug" value="true"/>
</appSettings>
<system.diagnostics>
<trace autoflush="true">
<listeners>
<add
name="textWriterTraceListener"
type="System.Diagnostics.TextWriterTraceListener"
initializeData="logs/InfoDSLog.txt" />
</listeners>
</trace>
</system.diagnostics>
To add an appender for the windows event viewer, try the following in the log4net.xml:
<appender name="EventLogAppender" type="log4net.Appender.EventLogAppender" >
<param name="ApplicationName" value="OPA" />
<param name="LogName" value="OPA" />
<param name="Threshold" value="all" />
<layout type="log4net.Layout.PatternLayout">
<conversionPattern value="%date [%thread] %-5level %logger [%property{NDC}] - %message%newline" />
</layout>
<filter type="log4net.Filter.LevelRangeFilter">
<levelMin value="WARN" />
<levelMax value="FATAL" />
</filter>
</appender>
<root>
<level value="warn"/>
<appender-ref ref="EventLogAppender"/>
</root>
To put the OPA logs under the Application Event Log group, try this:
Create an event source under the Application event log in Registry Editor. To do this, follow these steps:
1. Click Start, and then click Run.
2. In the Open text box, type regedit.
3. Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application
4. Right-click the Application subkey, point to New, and then click Key.
5. Type OPA for the key name.
6. Close Registry Editor.
To put the OPA logs under a custom OPA Event Log group (as in the demo appender above), try this:
Create an event log in Registry Editor. To do this, follow these steps:
1. Click Start, and then click Run.
2. In the Open text box, type regedit.
3. Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
4. Right-click the eventlog subkey, point to New, and then click Key.
5. Type OPA for the key name.
6. Right-click the new OPA key and add a new DWORD called "MaxSize" and set it to "1400000" which is about 20 Meg in order to keep the log file from getting too large.
7. The next steps either help or sometimes cause an error, but you can try these next few steps... If you get an error about a source already existing, then you can delete the key.
8. Right-click the OPA subkey, point to New, and then click Key.
9. Type OPA for the key name.
10. Close Registry Editor.
You might need to change permissions so OPA can write to the event log in Registry Editor. If you get permission errors, try following these steps:
1. Click Start, and then click Run.
2. In the Open text box, type regedit.
3. Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
4. Right-click the EventLog key, select Permissions.
5. In the dialog that pops up, click Add...
6. Click Advanced...
7. Click Locations... and select the current machine by name.
8. Click Find Now
9. Select both the Network user and IIS_IUSERS user and click OK and OK again. (We never did figure out which of those two users was the one that fixed our permission problem.)
10. Change the Network user to have Full Control
11. Click Apply and OK
To verify OPA Logging to the windows event logs from Determinations-Server:
Go to the IIS determinations-server application within Server Manager.
Under Manage Application -> Browse Application click the http link to pull up the local "Available Services" web page that show the wsdl endpoints.
Select the /determinations-server/server/soap.asmx?wsdl link
Go to the URL and remove the "?wsdl" from the end of the url and refresh. This will throw the following error into the logs:
ERROR Oracle.Determinations.Server.DSServlet [(null)] - Invalid get request: /determinations-server/server/soap.asmx
That error should show up in the windows event log, OR you can get a message explaining why security stopped you in "logs/InfoDSLog.txt" if you used the web.config settings from above.
http://msdn.microsoft.com/en-us/library/windows/desktop/aa363648(v=vs.85).aspx
Edited by: Paul Fowler on Feb 21, 2013 9:45 AMThanks for sharing this information Paul.
-
Urgent help needed on writing errors in to windows events application logs
Hi all,
we have web based application. Whenever there is critical errors encounters in our application we need to write that errors in to windows
event viewer, application logs. Please help me on how to do this.
do we have any specific API for this ?
thanks in advance
ShivakumarYou should use WinAPI to do so. Asking in JNI forum (or specialized WinAPI forum) for more details is good idea I think.
-
Essential event viewer bugs with "Forwarded Events" log in Windows Server 2008 R2 and Windows 7
To my general experience, Windows event viewer is one of the most problematic, faulty management tools in the case of extensive use of its more sophisticated capabilities. The sole description as well as reproduction of some entangled failures would require
remarkable effort.
With the "Forwarded Events" log however, the situation becomes particularly worse in that even simple functionality fails and workarounds are difficult to find. That’s what I’ll describe here in order to share my experience with interested users.
For precision: I’ve extensively used event viewer on a German Windows Server 2008 R2 SP1 (Windows SBS 2011 Standard SP1). The bugs I found on that system, I could reproduce on a German Windows 7 Professional 64-Bit SP1, too.
Problem 1: Failure of even simple event filtering
To reproduce this problem, execute these steps on a test machine with any of the two OS mentioned above:
(i) To prepare log contents, do either of the following:
(a) populate some events to your local "Forwarded Events" log (most simply by subscribing events from other logs of the same machine; stop subscription if you have collected some events)
Or
(b) copy a non-empty log file "ForwardedEvents.evtx" from another machine (with any of the two OS mentioned above) to your test machine and open the file in event viewer.
(ii) Navigate to your "Forwarded Events" test log and open the filtering dialog. In the "Includes/Excludes Event IDs" field, type: 1-9000. Click OK.
(iii) Look at the results pane: Surprise, 0 Events! Do you really have no event IDs between 1 and 9000 in your test log?
(iv) Another example, if you have forwarded security events in your test log: Clear filter, if any previous filter is in place. Open the filtering dialog. In "Keywords" sub-dialog, choose "Audit Success". Click OK.
(v) Look at the results pane: Surprise, 0 Events! Do you really have no successful security monitoring events in your test log?
I’ll finish here. If you have a rich variety of events in your test log available, let your imagination run wild to test around. Finally include some simple manually created or modified XPath filters on the XML tab of the filtering dialog. I promise, you’ll
find a lot of additional strange results.
Problem 2: Cannot save manually selected events to .evtx file
Navigate to your "Forwarded Events" test log. In the results pane, select one or more events by highlighting them by mouse clicks. In context menu, choose "Save selected events". In the "save as" dialog, choose file type *.evtx
and save your file. Open the newly created file in event viewer. Result: Surprise, no events inside the new file!
Have more fun with forwarded events
HelmutDid you mean that right click Forwarded Event and select "Filter Current Log..."? Since I can filter correct event vai the "Filter Current Log..." in my Lab environment.
Hi Justin,
yes, I mean "Filter Current Log ... " (in my German systems: "Aktuelles Protokoll filtern ... ").
What do you mean with "my Lab environment" exactly?
In the meantime, I performed additional tests. I copied the "ForwardedEvents.evtx" test file from Server 2008 R2 resp. Windows 7 to
(i) German Windows 8 Pro 64-Bit RTM
(ii) German Windows 8.1 Pro 64-Bit, up-to-date
in order to view and filter the file there.
Results: Same event viewer problem on Windows 8 RTM, but correct behavior on Windows 8.1!
Best regards, Helmut -
snare agent is pushing event logs to MARS - certain event (e.g. generic application events) show up with log data in binary format - in the windows event viewer the data is also displayed as text so the details of the event are clear (e.g "application failure w3wp.exe...." or similar. On MARS we see this:
0000: 41 70 70 6c 69 63 61 74 0008: 69 6f 6e 20 46 61 69 6c 0010: 75 72 65 20 20 77 33 77 0018: 70 2e 65 78 65 20 36 2e 0020: 30 2e 33 37 39 30 2e 33 0028: 39 35 39 20 69 6e 20 75 0030: 6e 6b 6e 6f 77 6e 20 30 0038: 2e 30 2e 30 2e 30 20 61 0040: 74 20 6f 66 66 73 .... etc.
Is there something we can do to convert this to text as part of the event parsing / processing function? or am i dreaming....?
Some of the wintel admins would like to leverage MARS for specific alerts but if the event description is lost in the syslog process then they're probably going to look for another tool for the job - would like to help them if i can.
thankssnare agent is pushing event logs to MARS - certain event (e.g. generic application events) show up with log data in binary format - in the windows event viewer the data is also displayed as text so the details of the event are clear (e.g "application failure w3wp.exe...." or similar. On MARS we see this:
0000: 41 70 70 6c 69 63 61 74 0008: 69 6f 6e 20 46 61 69 6c 0010: 75 72 65 20 20 77 33 77 0018: 70 2e 65 78 65 20 36 2e 0020: 30 2e 33 37 39 30 2e 33 0028: 39 35 39 20 69 6e 20 75 0030: 6e 6b 6e 6f 77 6e 20 30 0038: 2e 30 2e 30 2e 30 20 61 0040: 74 20 6f 66 66 73 .... etc.
Is there something we can do to convert this to text as part of the event parsing / processing function? or am i dreaming....?
Some of the wintel admins would like to leverage MARS for specific alerts but if the event description is lost in the syslog process then they're probably going to look for another tool for the job - would like to help them if i can.
thanks
Maybe you are looking for
-
Error when using FND FORMAT_CURRENCY for XML Publisher report
XML_REPORTS_XENVIRONMENT is : /apps01/applclone/erpcloneora/8.0.6/guicommon6/tk60/admin/Tk2Motif_UTF8.rgb XENVIRONMENT is set to /apps01/applclone/erpcloneora/8.0.6/guicommon6/tk60/admin/Tk2Motif_UTF8.rgb Current NLS_LANG and NLS_NUMERIC_CHARACTERS E
-
I recently inherited a restored iPhone 5 from my uncle and its needs a sim to be activated, could i use my friends sim just to activate my iPhone and then give the sim back once its activated without affecting his contract and later on get a sim for
-
How to back up iTunes Library on external hard drive & computer, after purchasing new music?
I keep my iTunes library on my computer's hard drive and also backed up on an external hard drive. I have added more music to my library since my previous back up, and I want to back up the new music to my external drive. What's the best way to do th
-
Hello ! Sometimes when i wanna swipe with my magic mouse , nothing happen. I've figured out that the mission control crashes. I have to use "killall Dock" cmd in terminal. What can it be ?
-
Assigned User Role Mirgation from EP 6.0 SP2 to SAP NW2004s (EP 7.00 SP7)
Our users are stored in LDAP and their role assignment is driven by the roles assigned to the groups. For example... Manager Group : MSS and other role assigned Employee Group : ESS and other role assigned but some users are assigned addi