Unidentifiable Event log entries..?

Hi,
sorry if this is not the right thread-group to post but I'm losing it.
I keep getting the following event log descriptions for svcListener and svcListener Prof in my Event log. Does anyone know where this comes from?
svcListener
The description for Event ID ( 0 ) in Source ( svcListener ) cannot be found.
The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer.
You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details.
The following information is part of the event: Cannot perform this operation on a closed dataset.svcListener - Prof
The description for Event ID ( 0 ) in Source ( svcListener- Prof ) cannot be found.
The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer.
You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details.
The following information is part of the event: Exception in Oracle Connection- 12560 EOracleError.Edited by: user574699 on 20-mei-2009 5:53

Exception in Oracle Connection- 12560 EOracleError.12560, 00000, "TNS:protocol adapter error"
// *Cause: A generic protocol adapter error occurred.
// *Action: Check addresses used for proper protocol specification. Before
// reporting this error, look at the error stack and check for lower level
// transport errors. For further details, turn on tracing and reexecute the
// operation. Turn off tracing when the operation is complete.

Similar Messages

  • Create an Event log entry in Event Viewer in Windows 7, when processor exceeds a set percentage of usage

    Hi, I am trying to create an Event log entry in Event viewer in Windows 7 when the processor exceeds a set percentage of usage. I have unsuccessfully tried doing this through a Data Collection Set in the User Defined folder to monitor CPU usage
    and to trigger an Alert and log an entry when the CPU exceeds a set percentage of usage.  Any suggestions, and please if possible keep them simple and easy to follow, I am not to familar with Windows 7.  

    Hi, I am trying to create an Event log entry in Event viewer in Windows 7 when the processor exceeds a set percentage of usage. I have unsuccessfully tried doing this through a Data Collection Set in the User Defined folder to monitor CPU usage
    and to trigger an Alert and log an entry when the CPU exceeds a set percentage of usage.  Any suggestions, and please if possible keep them simple and easy to follow, I am not to familar with Windows 7.  

  • Large number of event Log entries: connection open...

    Hi,
    I am seeing a large number of entries in the event log of the type:
    21:49:17, 11 Mar.
    IN: ACCEPT [57] Connection closed (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [81.154.101.160:51163] CLOSED/TIME_WAIT ppp0 NAPT)
    21:49:15, 11 Mar.
    IN: ACCEPT [54] Connection opened (Port Forwarding: UDP 192.168.1.78:14312 <-->86.128.58.172:14312 [81.154.101.160:41820] ppp0 NAPT)
    Are these anything I should be concerned about? I have tried a couple of forum and Google searches, but I don't quite know where to start beyond pasting the first bit of the message. I haven't found anything obvious from those searches.
    DHCP table lists 192.168.1.78 as the desktop PC on which I'm writing this.
    Please could you point me in the direction of any resources that will help me to work out if I should be worried about this?
    A slightly longer extract is shown below:
    21:49:17, 11 Mar.
    IN: ACCEPT [57] Connection closed (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [81.154.101.160:51163] CLOSED/TIME_WAIT ppp0 NAPT)
    21:49:15, 11 Mar.
    IN: ACCEPT [54] Connection opened (Port Forwarding: UDP 192.168.1.78:14312 <-->86.128.58.172:14312 [81.154.101.160:41820] ppp0 NAPT)
    21:49:15, 11 Mar.
    IN: ACCEPT [54] Connection opened (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [81.154.101.160:51163] CLOSED/SYN_SENT ppp0 NAPT)
    21:49:11, 11 Mar.
    IN: ACCEPT [57] Connection closed (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [213.205.231.156:51027] TIME_WAIT/CLOSED ppp0 NAPT)
    21:49:03, 11 Mar.
    IN: ACCEPT [54] Connection opened (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [178.190.63.75:55535] CLOSED/SYN_SENT ppp0 NAPT)
    21:49:00, 11 Mar.
    IN: ACCEPT [57] Connection closed (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [2.96.4.85:23939] TIME_WAIT/CLOSED ppp0 NAPT)
    21:48:59, 11 Mar.
    IN: ACCEPT [57] Connection closed (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [78.144.143.222:21617] CLOSED/TIME_WAIT ppp0 NAPT)
    21:48:58, 11 Mar.
    IN: ACCEPT [54] Connection opened (Port Forwarding: UDP 192.168.1.78:14312 <-->86.128.58.172:14312 [41.218.222.34:28188] ppp0 NAPT)
    21:48:57, 11 Mar.
    IN: ACCEPT [54] Connection opened (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [41.218.222.34:28288] CLOSED/SYN_SENT ppp0 NAPT)
    21:48:57, 11 Mar.
    IN: ACCEPT [54] Connection opened (Port Forwarding: UDP 192.168.1.78:14312 <-->86.128.58.172:14312 [86.132.123.255:18048] ppp0 NAPT)
    21:48:57, 11 Mar.
    IN: ACCEPT [54] Connection opened (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [86.132.123.255:54199] CLOSED/SYN_SENT ppp0 NAPT)
    21:48:55, 11 Mar.
    IN: ACCEPT [57] Connection closed (Port Forwarding: UDP 192.168.1.78:14312 <-->86.128.58.172:14312 [86.144.91.49:60704] ppp0 NAPT)
    21:48:55, 11 Mar.
    IN: ACCEPT [57] Connection closed (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [80.3.100.12:50875] TIME_WAIT/CLOSED ppp0 NAPT)
    21:48:45, 11 Mar.
    IN: ACCEPT [57] Connection closed (Port Forwarding: UDP 192.168.1.78:14312 <-->86.128.58.172:14312 [78.150.251.216:57656] ppp0 NAPT)
    21:48:39, 11 Mar.
    IN: ACCEPT [54] Connection opened (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [78.150.251.216:56975] CLOSED/SYN_SENT ppp0 NAPT)
    21:48:29, 11 Mar.
    IN: ACCEPT [54] Connection opened (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [79.99.145.46:8368] CLOSED/SYN_SENT ppp0 NAPT)
    21:48:27, 11 Mar.
    IN: ACCEPT [54] Connection opened (Port Forwarding: UDP 192.168.1.78:14312 <-->86.128.58.172:14312 [90.192.249.173:45250] ppp0 NAPT)
    21:48:16, 11 Mar.
    IN: ACCEPT [57] Connection closed (Port Forwarding: UDP 192.168.1.78:14312 <-->86.128.58.172:14312 [212.17.96.246:62447] ppp0 NAPT)
    21:48:10, 11 Mar.
    IN: ACCEPT [57] Connection closed (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [82.16.198.117:49942] TIME_WAIT/CLOSED ppp0 NAPT)
    21:48:08, 11 Mar.
    IN: ACCEPT [54] Connection opened (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [213.205.231.156:51027] CLOSED/SYN_SENT ppp0 NAPT)
    21:48:04, 11 Mar.
    IN: ACCEPT [57] Connection closed (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [89.153.251.9:53729] TIME_WAIT/CLOSED ppp0 NAPT)
    21:47:54, 11 Mar.
    IN: ACCEPT [54] Connection opened (Port Forwarding: UDP 192.168.1.78:14312 <-->86.128.58.172:14312 [80.3.100.12:37150] ppp0 NAPT)

    Hi,
    Thank you for the response. I think, but can't remember for sure, that UPnP was already switched off when I captured that log. Anyway, even if it wasn't, it is now. So I will see what gets captured in my logs.
    I've just had to restart my Home Hub because of other connection issues and I notice that the first few entries are also odd:
    19:35:16, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49250->173.194.78.125:5222 on ppp0)
    19:34:45, 12 Mar.
    OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP 192.168.1.78:49266->173.194.34.101:443 on ppp0)
    19:34:31, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49250->173.194.78.125:5222 on ppp0)
    19:34:31, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49266->173.194.34.101:443 on ppp0)
    19:34:04, 12 Mar.
    OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP 192.168.1.78:49462->199.59.149.232:443 on ppp0)
    19:33:46, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49250->173.194.78.125:5222 on ppp0)
    19:33:46, 12 Mar.
    IN: BLOCK [12] Spoofing protection (IGMP 86.164.178.188->224.0.0.22 on ppp0)
    19:33:45, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49266->173.194.34.101:443 on ppp0)
    19:33:39, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49462->199.59.149.232:443 on ppp0)
    19:33:33, 12 Mar.
    OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP 192.168.1.78:49463->199.59.149.232:443 on ppp0)
    19:33:29, 12 Mar.
    IN: BLOCK [15] Default policy (UDP 111.252.36.217:26328->86.164.178.188:12708 on ppp0)
    19:33:16, 12 Mar.
    IN: BLOCK [15] Default policy (TCP 193.113.4.153:80->86.164.178.188:49572 on ppp0)
    19:33:14, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49266->173.194.34.101:443 on ppp0)
    19:33:14, 12 Mar.
    IN: BLOCK [15] Default policy (TCP 66.193.112.93:443->86.164.178.188:44266 on ppp0)
    19:33:14, 12 Mar.
    ( 164.240000) CWMP: session completed successfully
    19:33:13, 12 Mar.
    ( 163.700000) CWMP: HTTP authentication success from https://pbthdm.bt.mo
    19:33:05, 12 Mar.
    BLOCKED 106 more packets (because of Default policy)
    19:33:05, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49462->199.59.149.232:443 on ppp0)
    19:33:05, 12 Mar.
    IN: BLOCK [15] Default policy (TCP 213.1.72.209:80->86.164.178.188:49547 on ppp0)
    19:33:05, 12 Mar.
    BLOCKED 94 more packets (because of Default policy)
    19:33:05, 12 Mar.
    OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP 192.168.1.78:49330->173.194.67.94:443 on ppp0)
    19:33:05, 12 Mar.
    IN: BLOCK [15] Default policy (TCP 199.59.148.87:443->86.164.178.188:49531 on ppp0)
    19:33:05, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49250->173.194.78.125:5222 on ppp0)
    19:33:04, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49266->173.194.34.101:443 on ppp0)
    19:33:04, 12 Mar.
    ( 155.110000) CWMP: Server URL: https://pbthdm.bt.mo; Connecting as user: ACS username
    19:33:04, 12 Mar.
    ( 155.090000) CWMP: Session start now. Event code(s): '1 BOOT,4 VALUE CHANGE'
    19:32:59, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49266->173.194.34.101:443 on ppp0)
    19:32:54, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49462->199.59.149.232:443 on ppp0)
    19:32:53, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49330->173.194.67.94:443 on ppp0)
    19:32:52, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49463->199.59.149.232:443 on ppp0)
    19:32:51, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49266->173.194.34.101:443 on ppp0)
    19:32:48, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49330->173.194.67.94:443 on ppp0)
    19:32:47, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49266->173.194.34.101:443 on ppp0)
    19:32:46, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49330->173.194.67.94:443 on ppp0)
    19:32:46, 12 Mar.
    BLOCKED 4 more packets (because of First packet is Invalid)
    19:32:45, 12 Mar.
    OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP 192.168.1.78:49461->199.59.149.232:443 on ppp0)
    19:32:44, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49330->173.194.67.94:443 on ppp0)
    19:32:44, 12 Mar.
    BLOCKED 1 more packets (because of First packet is Invalid)
    19:32:43, 12 Mar.
    OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP 192.168.1.78:49398->193.113.4.153:80 on ppp0)
    19:32:42, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49330->173.194.67.94:443 on ppp0)
    19:32:42, 12 Mar.
    BLOCKED 3 more packets (because of First packet is Invalid)
    19:32:42, 12 Mar.
    OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP 192.168.1.78:49277->119.254.30.32:443 on ppp0)
    19:32:41, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49330->173.194.67.94:443 on ppp0)
    19:32:41, 12 Mar.
    BLOCKED 1 more packets (because of First packet is Invalid)
    19:32:41, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49330->173.194.67.94:443 on ppp0)
    19:32:38, 12 Mar.
    OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP 192.168.1.78:49280->119.254.30.32:443 on ppp0)
    19:32:36, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49330->173.194.67.94:443 on ppp0)
    19:32:34, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49463->199.59.149.232:443 on ppp0)
    19:32:30, 12 Mar.
    IN: BLOCK [15] Default policy (TCP 66.193.112.93:443->86.164.178.188:47022 on ppp0)
    19:32:30, 12 Mar.
    ( 120.790000) CWMP: session closed due to error: WGET TLS error
    19:32:30, 12 Mar.
    ( 120.140000) NTP synchronization success!
    19:32:30, 12 Mar.
    BLOCKED 1 more packets (because of Default policy)
    19:32:29, 12 Mar.
    OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP 192.168.1.78:49458->217.41.223.234:80 on ppp0)
    19:32:28, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49280->119.254.30.32:443 on ppp0)
    19:32:26, 12 Mar.
    ( 116.030000) NTP synchronization start
    19:32:25, 12 Mar.
    OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP 192.168.1.78:49442->74.125.141.91:443 on ppp0)
    19:32:25, 12 Mar.
    OUT: BLOCK [15] Default policy (TCP 192.168.1.78:49310->204.154.94.81:443 on ppp0)
    19:32:25, 12 Mar.
    IN: BLOCK [15] Default policy (TCP 88.221.94.116:80->86.164.178.188:49863 on ppp0)

  • Since applying Feb 2013 Sharepoint 2010 CUs - Critical event log entries for Blob cache and missing images

    Hi,
    Since applying the February 2013 SharePoint 2010 updates, we are getting lots of entries in our event logs along the following:
    Content Management     Publishing Cache         
    5538     Critical 
    An error occurred in the blob cache.  The exception message was 'The system cannot find the file specified. (Exception from HRESULT: 0x80070002)’
    In pretty much all of these cases the image/ file in question that is reported in the ULS logs as missing is not actually in the collaboration site, master page / html etc so the fix needs to go back to the site owner to make the correction to avoid
    the 404 (if they make it!). This has only started happening, I believe since feb 2013 sp2010 cumulative updates updates
    I didn’t see this mentioned as a change / in the Fix list of the February updates. i.e. it flags up a critical error in our event logs. So with a lot of sites and a lot of missing images your event log can quickly fill up.
    Obviously you can suppress them in the monitoring -> web content management ->publishing cache = none & none which is not ideal.
    So my question is... are others seeing this and was a change made by Microsoft to flag a 404 missing image / file up a critical error in event log when blob cache is enabled?
    If i log this with MS they will just say, you need to fix it up the missing files in the site but would be nice to know this had changed prior! I also deleted and recreated the blob cache and this made no diffference
    thanks
    Brad

    I'm facing the same error on our SharePoint 2013 farm. We are on Aug 2013 CU and if the Dec CU (which is supposed to be the latest) doesn't solve it then what else could be done.
    Some users started getting the message "Server is busy now try again later" with a corelation id. I looked up ULS with that corelation id and found these two errors in addition to hundreds of "Micro Trace Tags (none)" and "forced
    due to logging gap":
    "GetFileFromUrl: FileNotFoundException when attempting get file Url /favicon.ico The system cannot find the file specified. (Exception from HRESULT: 0x80070002)"
    "Error in blob cache. System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)"
    "Unable to cache URL /FAVICON.ICO.  File was not found" 
    Looks like this is a bug and MS hasn't fixed it in Dec CU..
    &quot;The opinions expressed here represent my own and not those of anybody else&quot;

  • HH3A event log entries - firewall

    I have recently received a replacement hub and in the event log am getting loads of the following entries - is this usual (IP address is my laptop)
    23:59:57, 15 May.
    (458348.960000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->49744, internal ports: 49744, internal client: 192.168.1.64
    23:59:16, 15 May.
    (458308.430000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->49744, internal ports: 49744, internal client: 192.168.1.64
    Also when I do a tracert I get the following as the first line
    1     3 ms     2 ms     1 ms  api.home [192.168.1.254]
    I am only confused because on the old hub the firewall entries were
    20:50:11, 30 Apr.
    BLOCKED 1 more packets (because of Spoofing protection)
    20:50:09, 30 Apr.
    IN: BLOCK [12] Spoofing protection (IGMP 86.157.215.96->224.0.0.22 on ppp0)
    and the tracert was
    1     1 ms    <1 ms    <1 ms  BThomehub.home [192.168.1.254]
    I presume that nothing is amiss
    Solved!
    Go to Solution.

    conrad wrote:
    Many thanks DS - have turned UPnP off.  
    Why is this comment displayed   "It is recommended to keep the Extended UPnP security enabled to ensure the security of your home network." Presumably not having it enabled is ok.
    The spoofing stuff was obviously caused by me switching between wired/wireless as part of my line problems but thanks for the info as no doubt it will occur again.
    No problem
    The extended UPnP is a new item that BT have added to the latest firmware on the hub3. TBH I've not looked in to what this actually means as I've always turned UPnP off, even from when I was using the HH2.
    The spoofing events will return if you flick between each method of connecting, unless you delete the method not in use
    -+-No longer a forum member-+-

  • Event log entries missing in PoSh but visible in Eventvwr

    Hi,
    I've noticed the following issue on about 10 out of 2500 computers which run a script on our domain, so its minor, but I'd like to understand why its happening.
    When I query the event log using the eventvwr GUI I can filter on event ID 7001 and all the events list fine. However when I run 'get-eventlog -logname system -instanceid 7001' it shows all the events except the last 3 or so most recent ones (which are visible
    in the GUI).
    I've cross referenced this with an event visible in the GUI that had an EventRecordID of 32029. But when querying this via PowerShell 'get-eventlog -logname system -index 32029' it returns 'no matches found'.
    Its a weird problem, because if I was to query to logs in a few hours time after a few more people have logged on/off the computer then the event would show in PowerShell, but the new most recent ones wouldn't.
    Is there a caching mechanism at work, and if so how could I disable it? Its interesting that these machines are all built from the same WDS image with the same GPO's applied but only a very small percentage exhibit this issue, all other machines show recent
    event logs in PowerShell instantly.
    I should also mention that these are all Windows 7 x64 computers.
    Any help appreciated.
    Thanks,
    Phil

    Hi,
    Based on my understanding, only some of your computers have this issue. And when use WMI, we could query all of the events, but when use powershell command, some logs are missing.
    I would like to know that when we use 'get-eventlog -logname system -instanceid 7001| out-file c:\result.txt', how many logs are there?
    What I think it may caused by there are so many logs information, and could not be dispalyed out. We may try some other logs also.
    Regards,
    Yan Li
    TechNet Subscriber Support
    If you are
    TechNet Subscription
    user and have any feedback on our support quality, please send your feedback
    here.
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • HH3 event log entries?

    Can anyone tell me what's going on with my hub's firewall as there suddenly seem to be a lot of unusual entries, as well as a large number of blocked outgoing packets. What is "ath3" and "OpenWifi IPsec"?
    16:58:34, 27 Mar.
    BLOCKED 43 more packets (because of Advanced Filter Rule)
    16:58:33, 27 Mar.
    OUT: BLOCK [44] Advanced Filter Rule (fw/policy/0/chain/fw_ath3_out/rule/0: UDP [fe80:0000:0000:0000:414c:062b:ddbf:1bee]:56097->[​ff02:0000:0000:0000:0000:0000:0001:0003]:5355 on ath3)
    16:58:33, 27 Mar.
    BLOCKED 21 more packets (because of Advanced Filter Rule)
    16:58:32, 27 Mar.
    OUT: BLOCK [44] Advanced Filter Rule (fw/policy/0/chain/fw_ath3_out/rule/0: UDP [10.182.64.138]:137->[10.182.64.143]:137 on ath3)
    16:58:32, 27 Mar.
    BLOCKED 25 more packets (because of Advanced Filter Rule)
    16:58:31, 27 Mar.
    OUT: BLOCK [44] Advanced Filter Rule (fw/policy/0/chain/fw_ath3_out/rule/0: UDP [10.182.64.138]:137->[10.182.64.143]:137 on ath3)
    16:58:31, 27 Mar.
    BLOCKED 151 more packets (because of Advanced Filter Rule)
    16:58:30, 27 Mar.
    OUT: BLOCK [44] Advanced Filter Rule (fw/policy/0/chain/fw_ath3_out/rule/0: UDP [10.182.64.138]:137->[10.182.64.143]:137 on ath3)
    16:58:30, 27 Mar.
    BLOCKED 39 more packets (because of Advanced Filter Rule)
    16:58:29, 27 Mar.
    OUT: BLOCK [44] Advanced Filter Rule (fw/policy/0/chain/fw_ath3_out/rule/0: UDP [10.182.64.138]:137->[10.182.64.143]:137 on ath3)
    16:58:29, 27 Mar.
    BLOCKED 83 more packets (because of Advanced Filter Rule)
    16:58:28, 27 Mar.
    OUT: BLOCK [44] Advanced Filter Rule (fw/policy/0/chain/fw_ath3_out/rule/0: UDP [10.182.64.138]:138->[10.182.64.143]:138 on ath3)
    16:58:28, 27 Mar.
    BLOCKED 89 more packets (because of Advanced Filter Rule)
    16:58:27, 27 Mar.
    OUT: BLOCK [44] Advanced Filter Rule (fw/policy/0/chain/fw_ath3_out/rule/0: UDP [10.182.64.138]:137->[10.182.64.143]:137 on ath3)
    16:58:27, 27 Mar.
    BLOCKED 55 more packets (because of Advanced Filter Rule)
    16:58:26, 27 Mar.
    OUT: BLOCK [44] Advanced Filter Rule (fw/policy/0/chain/fw_ath3_out/rule/0: UDP [10.182.64.138]:137->[10.182.64.143]:137 on ath3)
    16:58:26, 27 Mar.
    BLOCKED 78 more packets (because of Advanced Filter Rule)
    16:58:25, 27 Mar.
    OUT: BLOCK [44] Advanced Filter Rule (fw/policy/0/chain/fw_ath3_out/rule/0: UDP [fe80:0000:0000:0000:414c:062b:ddbf:1bee]:1900->[f​f02:0000:0000:0000:0000:0000:0000:000c]:1900 on ath3)
    16:58:25, 27 Mar.
    BLOCKED 15 more packets (because of Advanced Filter Rule)
    16:58:25, 27 Mar.
    OUT: BLOCK [44] Advanced Filter Rule (fw/policy/0/chain/fw_ath3_out/rule/0: UDP [10.182.64.138]:1900->[239.255.255.250]:1900 on ath3)
    16:58:25, 27 Mar.
    BLOCKED 58 more packets (because of Advanced Filter Rule)
    16:58:24, 27 Mar.
    OUT: BLOCK [44] Advanced Filter Rule (fw/policy/0/chain/fw_ath3_out/rule/0: UDP [10.182.64.138]:1900->[239.255.255.250]:1900 on ath3)
    16:58:21, 27 Mar.
    BLOCKED 52 more packets (because of Advanced Filter Rule)
    16:58:19, 27 Mar.
    OUT: BLOCK [44] Advanced Filter Rule (fw/policy/0/chain/fw_ath3_out/rule/0: IGMP 10.182.64.138->224.0.0.22 on ath3)
    16:58:19, 27 Mar.
    BLOCKED 10 more packets (because of Advanced Filter Rule)
    16:58:19, 27 Mar.
    OUT: BLOCK [44] Advanced Filter Rule (fw/policy/0/chain/fw_ath3_out/rule/0: IGMP 192.168.1.86->224.0.0.22 on ath3)
    16:57:58, 27 Mar.
    IN: BLOCK [15] Default policy (TCP [108.61.8.197]:80->[109.154.74.144]:1234 on ppp1)

    Hi benjp88,
    Another forum user has discussed this before and that seems to be just a log of the firewall working as it should.  Check out this forum post for more info.
    Cheers
    Neil
    BTCare Community Mod
    If we have asked you to email us with your details, please make sure you are logged in to the forum, otherwise you will not be able to see our ‘Contact Us’ link within our profiles.
    We are sorry but we are unable to deal with service/account queries via the private message(PM) function so please don't PM your account info, we need to deal with this via our email account :-)
    If someone answers your question correctly please let other members know by clicking on ’Mark as Accepted Solution’.

  • WMI stops returning event log entries

    A little bit of a strange issues with Server 2008. We've been trying to implement cisco CDA for a customer which uses wmi to read the security log on a DC and then matches the users up with the devices that are connecting to the network. Every week or so
    the CDA would stop receiving mappings from 2 out of 3 domain controllers. Once the wmi service is restarted on the DC the events start going through again.
    I've been able to replicate the behaviour using a script:
    strComputer = "dc-001.domain.local"
    Set objWMIService = GetObject("winmgmts:{(Security)}\\" & _
    strComputer & "\root\cimv2")
    Set colMonitoredEvents = objWMIService.ExecNotificationQuery _    
    ("Select * from __InstanceCreationEvent Where " _
    & "TargetInstance ISA 'Win32_NTLogEvent' " _
    & "and TargetInstance.EventCode=4768")
    Do While True
    Set objLatestEvent = colMonitoredEvents.NextEvent()
    Wscript.Echo objLatestEvent.TargetInstance.User
    Wscript.Echo objLatestEvent.TargetInstance.TimeWritten
    wscript.Echo objLatestEvent.TargetInstance.Message
    Wscript.Echo
    Loop
    This hotfix http://support.microsoft.com/kb/2705357 seems to match what I'm seeing as there
    are no errors ...just no events returned back. Unfortunately installing the hotfix made no difference at all.
    It's also worth noting I can run different wmi queries while the one above isn't working so wmi service is up and running.
    Has anyone else come across this, or have I missed another patch somewhere?

    Hi Kacenka,
    On current situation, please use
    WMI Diagnosis Tool to ascertain the current state of the WMI service. For more details, please refer to the following article.
    WMIDiag 2.1 is here!
    Meanwhile, please post the above script in the
    Official Scripting Guys Forum, then confirm if it can help you to achieve that target correctly.
    If any more detail, please feel free to let me know.
    Hope this helps.
    Best regards,
    Justin Gu

  • Wireless ThinkPad 11abgn for Windows XP, 2000 ver.7.4.2.105 - new event log entries since update

    On 10/17/08, I updated my wireless ThinkPad 11abgn driver from version 6.0.3.94 to 7.4.2.105.  The update was a nice improvement as I now connect faster than with the older driver.  However, although no impact to my T60 performance, ever since the new driver was installed, the following has occurred:
    1. A new entry in the Event Viewer called ACS
    2. Multiple "ccxroaming" entries are generated every time my laptop comes out of standby (anywhere from 4 to 7 entries each time!)
    3. Since 10/17/08, I have generated 951 ACS events!!
    For example, this morning, after coming out of standby (AC mode), the following entries were generated from oldest to newest:
    The description for Event ID ( 1 ) in Source ( ccxroaming ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: <15> Oct 28 8:28:57 (my computer name) Wireless Adapter removed...
    The description for Event ID ( 1 ) in Source ( ccxroaming ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: <15> Oct 28 8:28:57 (my computer name) New Wireless Adapter detected..
    The description for Event ID ( 1 ) in Source ( ccxroaming ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: <15> Oct 28 8:29:02 (my computer name) System resumed from suspend state..
    The description for Event ID ( 1 ) in Source ( ccxroaming ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: <15> Oct 28 8:29:02 (my computer name) New Wireless Adapter detected..
    The description for Event ID ( 1 ) in Source ( ccxroaming ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: <15> Oct 28 8:29:03  (my computer name) System resumed from suspend state..
    The description for Event ID ( 1 ) in Source ( ccxroaming ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: <15> Oct 28 8:29:06 (my computer name) Wireless Adapter associated successfully..
    I can understand Lenovo possibly wanting to generate this information when testing a new driver in-house, but does this really need to be passed on the end user?
    T60, 8744-5BU: 2.0 GHz T7200, 4 GB RAM, 15.4" WSXGA+, 1680x1050 ATI Mobility Radeon X1400, Win 7 Ultimate w/SP1 - 64-bit

    I downgraded upower, and it didn't fix the problem, so I re-upgraded it and built/installed xfce4-power-manager-git. It's now reporting the correct battery level but the systray icon is missing (replaced by the 'blank screen' icon).
    EDIT: in fact, no, it's still not reporting correctly.
    Last edited by markhadman (2014-04-19 12:35:08)

  • Event Log Help Links No Longer Working?

    Have the help links in the Windows XP event log entries been discontinued?
    They used to open up the Help and Support Center with further information about the Event Log error if it was available.
    For some time now they have all just given a "page not found" error, which then re-directs to Bing with offered results that are no use at all!
    This happens now on every XP system I've tried it on.
    As a user of Windows 8.1 as well as XP, I'm well aware that the Windows 8 Event Log help links have never worked so far, but the XP ones always did, and despite the looming "End of Support" I can see no reason for all that information to have been
    removed.
    Any explanation for this?
    Thanks, Dave Hawley.

    Hi - thank you DaveHawley for the report. Just wanted to confirm that I've passed this on to the team that looks after the redirect service behind the "More Info" link.
    There have been some major changes in how this redirection works over the years as well as in the last months. The most recent efforts added the option to enable use of the TechNet Wiki [sample]
    to allow the community to comment & contribute for a given component. I'm only guessing here, but this might have accidentally impacted XP.
    Thanks
    Bruno

  • Event logging in Parent-Child packages

    Hello,
    I have a set of Parent-Child SSIS packages. A Parent package invokes a bunch of child packages via "Execute Package Tasks".
    I have set up custom event logging (to a SQL table) inside both Parent and Child Packages' Event Handlers (OnPreExecute, OnPostExecute, OnError).
    I noticed that when a Child Package raises an event, both the Child Package's event handler and the Parent Package's event handler get fired, thereby creating duplicate event logging entries.
    So, as a quick work around, I disabled event handlers in Child packages hoping that the Parent Package's event handlers will catch and log all events nicely. However, when the Parent Package's event handler writes event details to the table, it uses the
    Parent Package's System::PackageId, System::PackageGUID and System::PackageName rather than that of the Child Package that originally raised the event!. So, my event log table records all events as if they were raised by the Parent Package!
    Is it possible to disbale event bubbling up from Child Packages to the Parent package?
    What options do I have to fix this problem?
    Thanks

    I came across this same issue and found a pretty nice workaround.
    In brief, I used a Stored Procedure to write the OnError to a Logging table. So when this stored procedure was called I checked if the error was already in the logging table, and if it was then no record would be inserted.
    I was already using the logging method 2 detailed here with a few changes.
    To the PackageLog table I added a ParemtExecutionID value, which was passed into the child package through a Parent Variable Configuration. So for the OnPreExecute handler, the Parent Package passed NULL for the ParemtExecutionID, but the Child Package passed
    in the Variable.
    In the ErrorLog table I added a SourceID column, which is the GUID of the task that generated the error. In the Parent/Child Package configuration, the SourceID is the same in both OnError handlers.
    So then when the Parent OnError handler calls the stored procedure, it checks if an ErrorLog record exists for the ParentExecutionID and SourceID combination.
    Below is the OnError Stored Procedure I used. (Note: In my example only the Child Package has a Queue ID value.)
    Create Procedure [dbo].[usp_Integration_Log_Error] (
    @Execution_Id UNIQUEIDENTIFIER,
    @Queue_Id INTEGER = NULL,
    @Source_Name VARCHAR(255),
    @Source_Id UNIQUEIDENTIFIER,
    @Err_Code INTEGER,
    @Err_Message NVARCHAR(MAX)
    AS
    BEGIN
    DECLARE @ErrorCount INTEGER
    IF @Queue_Id IS NULL
    SELECT
    @ErrorCount = Count(*)
    FROM
    INTEGRATION_ERROR IE
    INNER JOIN
    INTEGRATION_LOG IL ON IE.EXECUTION_ID = IL.EXECUTION_ID
    WHERE
    IL.PARENT_EXECUTION_ID = @Execution_Id AND
    IE.SOURCE_ID = @Source_Id
    IF ISNULL(@ErrorCount,0) = 0
    INSERT INTO
    INTEGRATION_ERROR (
    EXECUTION_ID,
    QUEUE_ID,
    SOURCE_NAME,
    SOURCE_ID,
    ERR_CODE,
    ERR_MESSAGE
    VALUES (
    @Execution_Id,
    @Queue_Id,
    @Source_Name,
    @Source_Id,
    @Err_Code,
    @Err_Message
    END

  • Thinking about using the Windows Event Logs as my main log store - looking for pros and cons

    I have been writing some larger scripts that write to physical log files.  Until today I have avoided trying to use the Windows Event logs, but, am beginning to rethink this and wondered if anyone has done this, and, what the strengths and weaknesses
    of this logging approach has been.  If I do it, I will probably write a function that accepts pipelined input and simply pass output to the log.  I wanted to get a feel for what I would be getting into before I started writing things up since this
    will probably take a little bit of work to get set up to run properly.

    At my company we use the Windows event log for many of our batch process logging for several reasons:
    Unlike logging to a central database, the Windows event log is always available. I've seen poorly thought out logging solution which log to a database and if the database happens to be unavailable the batch process would fail.
    Monitoring tool such as SCOM already have Windows event log watchers so adding alerts to take action based on message written to the Windows event log is easy
    Built-in support for writing Windows event log entries in the Powershell V2 write-eventlog cmdlet, a simple CLR can created in SQL Server or even command-line eventcreate.exe
    Easy to create a custom event log so you don't have to use the default application log in Windows 2008 and higher.
    Most shrink-wrap S/W already use the event log
    Issues I've seen:
    Windows 2008 with UAC on requires "registering" i.e. creating a new event log source with UAC. This can be done one time manually. Unfortunately there isn't a way to automate UAC--pure GUI. The Powershell command would be "New-EventLog -LogName Application
    -Source  mysource" if you're using the Application log and must be run as  administrator.
    Errant process writes many entries to the event log. Depending on the volume like for example writing stack dumps this can performance problems. I  think I recall an issue an Windows 2003 or Windows 2008 with UAC off  if you're creating a new
    event log source each time (which you shouldn't) then these results in many registry entries which can cause problems.
    I don't think the issues outweigh the benefits--just something to be aware of.

  • Version 6.84 produces many Event Logs

    I have just updated from 6.83 to 6.84 and, although the software appears to be working fine, I am getting several events logged in the Application Event Log when my 6131 synchronises.
    Event 1004
    User NT AUTHORITY\NETWORK SERVICE
    Detection of product '{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}', feature 'PCSuite', component '{9B373FD2-8E0A-4A76-80C7-63B6521FD237}' failed. The resource 'HKEY_CURRENT_USER\Software\Nokia\' does not exist.
    Event 1001
    User NT AUTHORITY\NETWORK SERVICE
    Detection of product '{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}', feature 'Platform' failed during request for component '{7BA39C00-ED40-417C-8C5C-3804B2DDD646}'
    Event 1004
    User JSSOLUTIONS\John Smith
    Detection of product '{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}', feature 'PCSuite', component '{9B373FD2-8E0A-4A76-80C7-63B6521FD237}' failed. The resource 'HKEY_CURRENT_USER\Software\Nokia\' does not exist.
    Event 1001
    User JSSOLUTIONS\John Smith
    Detection of product '{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}', feature 'Platform' failed during request for component '{7BA39C00-ED40-417C-8C5C-3804B2DDD646}'
    These 4 Event Log entries are repeated 3 more times.
    I have tried uninstalling and reinstalling but to no avail.
    I have checked the Registry and HKEY_CURRENT_USER\Software\Nokia\ does exist.
    I have tried adding premissions to this key for NETWORK SERVICE (John Smith already has full premissions) again to no avail.
    I am running version 6.84.10.3 of PC Suite and Windows XP Professional SP2.
    Whilst this is not a big issue as the software appears to be working fine, I do like to keep clear Event Logs so would appreciate any help in getting rid of these annoying entries.
    Many thanks.

    Hi,
    I tried to follow the post of miksu and patched with 6.84.10.4 but still the same problems...
    /discussions/board/message?board.id=pcsuite&message.id=19801
    So, like Jssolutions I reinstalled a previous version of Nokia PC Suite (v6.83.14.1). It works fine now... no more Event Logs
    This former version can be downloaded on http://nds1.nokia.com/files/support/global/phones/software/Nokia_PC_Suite_683_rel_14_1_eng_web.exeMessage Edited by rabbyn on 23-Sep-200706:44 PM

  • Active Sync Error in Event Logs - Generated by Health Monitor Mailbox.

    Receiving the event log entry below on an Exchange 2013 Mailbox Server (Server 2012 OS).  No policies have been configured yet.  Seems odd that by default the health mailbox would be blocked when default policy is allow. Anybody else seeing this?
    Log Name:      Application
    Source:        MSExchange ActiveSync
    Date:          10/1/2013 11:59:16 AM
    Event ID:      1021
    Task Category: Requests
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:      MYSERVER.mydomain.com
    Description:
    A non-compliant phone is trying to connect with Exchange ActiveSync. However, the Exchange ActiveSync mailbox policy for user [MYDOMAIN\HEALTLMAILBOXACCOUNT] and device ID [EASProbeDeviceId141] requires phones to be compliant before they synchronize with Exchange
    ActiveSync.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="MSExchange ActiveSync" />
        <EventID Qualifiers="32772">1021</EventID>
        <Level>3</Level>
        <Task>1</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-10-01T17:59:16.000000000Z" />
        <EventRecordID>136375</EventRecordID>
        <Channel>Application</Channel>
        <Computer>MYSERVER.mydomain.com</Computer>
        <Security />
      </System>
      <EventData>
        <Data>MYDOMAIN\HEALTLMAILBOXACCOUNT</Data>
        <Data>EASProbeDeviceId141</Data>
      </EventData>
    </Event>

    Did you find a solution for it? 
    I see the same error on our 4 Exchange 2013 Servers.
    I have not.  I just chalked it up to another broken item with Exchange 2013.  Maybe it will be fixed by next year. 

  • Event Log / ServiceNow

    Greetings,
    Recently the company started using the ServiceNow application for tracking IT incidents and request.  A new process in xMII BLS 14 is being requested that should create incidents in ServiceNow as they occur.
    The current process to make this happen is for the application to put an entry into the event log and then have  MS System Center Operation Manager populate the ServiceNow Incident.  I know this sounds round about but it is what it is...
    Can xMII BLS 14 create event log entries and if so, HOW?
    Thank you,
    Dennis W

    If your talking about service.now It looks like they do have some web services available for integration.
    SOAP Web Service - ServiceNow Wiki
    Regards,
    Christian

Maybe you are looking for