VB Scripting to monitor application event log based on specific words.
Hi All,
I Have written, vb script to monitor application event log based on specific word in the message. when I have included same script in monitor, after running this script at specific time once in day, I am getting run time error in the server, where it
supposed to run, could you please check the command where I have highlighted in below script.
Dim VarSize
Dim objMOMAPI
Dim objBag
Set objMOMAPI = CreateObject("MOM.ScriptAPI")
Set objBag = objMOMAPI.CreateTypedPropertyBag(StateDataType)
Set objFSO = CreateObject("Scripting.FileSystemObject")
Const CONVERT_TO_LOCAL_TIME = True
Set dtmStartDate = CreateObject("WbemScripting.SWbemDateTime")
dtmStartDate.SetVarDate dateadd("n", -1440, now)' CONVERT_TO_LOCAL_TIME
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery _
("SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'Application' AND " _
& "EventCode = '100'")
For Each objEvent in colLoggedEvents
If InStr(LCase(colLoggedEvents.Message), "Message :Application A3 has been successfully processed for today") Then
X= "Success"
end if
Next
if X="Success" then
call objBag.AddValue("State","GOOD")
call objMOMAPI.Return(objBag)
wscript.quit()
Else
call objBag.AddValue("State","BAD")
call objMOMAPI.Return(objBag)
wscript.quit()
End If
By programming standards since as long as I can remember the use of the value of a variable to detect its Boolean state has been used.
Cast your mind back to strongly typed languages, e.g. Pascal.
I'll cast back to the very early days of the "C" language where all variables could be treated as "bool" without a cast. The is no more strongly type language than "C". "C" practically invented the standards for all modern languages.
When I was writin machine language we also used zero as false but many machines only tested the high bit for truthieness. The HP machines and Intel allowed a test to aggregate to the sign bit. Adding that flag to the test alloed tru for
an numeric value that was non-zero. A boool test was also used for a negative e switch. If you study micro language implementation you will find that this hardware design and the companion compiler design is ... well... by design. It is a
way of improving the completeness and usefulness of an instruction set.
Other langauges may require further decoration due to some mistaken desire to be better than perfect. That is like trying to change number theory by renaming addition to be "gunking" and forcing everyone to use multiplication when adding the same number
more than once. A Boolean test os a test of the flag bit with to without aggregation. Even if we test a bit in a word we still mask and aggregate. It is always the most primitive operation. It is also the most useful
operation when you finally realize that it is like an identity in math.
Use the language features that are designed in. They can help to make code much more flexible and logical.
By the way, Pascal also treats everything as Boolean when asked to.
¯\_(ツ)_/¯
Similar Messages
-
Hi
I wonder to know what is the enterprise solution for windows and application event log management and analyzer.
I have recently research and find two application that seems to be profession ,1-manageengine eventlog analyzer, 2- Solarwinds LEM(Solarwind Log & Event Manager).
I Want to know the point of view of Microsoft expert and give me their experience and solutions.
thanks in advance.Consider MS System Center 2012.
Rgds -
Hello,
This is regarding the following event logged by my application (MyApp.exe) to the application event log:
Log Name: Application
Source: MyApp
Date: 03/2/2015 12:00:09 PM
Event ID: 0
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Rajesh
Description:
The description for Event ID 0 from source MyApp cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
I have confirmed that the key "EventMessageFile" in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\MyApp correctly specifies the "dll" responsible for displaying events.
I would appreciate suggestions on the above.
Best Regards,
Rajesh K SinghHi All,
can you provide solution on below error.
The description for Event ID 17052 from source MSSQLSERVER cannot be found
Severity: 16 Error:0, OS: 0 [Microsoft][SQL Server Native Client 10.0]Unable to complete login process due to delay in opening server connection
Thanks in advance.
Vijay
Check below thread, information is not complete to actually comment what were you doing when you got this message.refer errorlog for more details
http://social.msdn.microsoft.com/Forums/en-US/9a41ced9-19ad-4c4f-83ac-7e877b699a8f/login-failure-error-in-event-log-daily
Please mark this reply as answer if it solved your issue or vote as helpful if it helped so that other forum members can benefit from it.
My TechNet Wiki Articles -
LocalDrive, remoteDrive error being logged to Windows Application event log
Post Author: yday
CA Forum: Data Integration
Hi all,We are finding the following error messages being constantly logged to the Windows application event log:Event ID: 4096Source: Data Integrator"The error: localDrive: LocalDrive1; localDriveValue: "andEvent ID: 4096
Source: Data Integrator
"The error: remoteDrive: RemoteDrive1; remoteDriveValue: "Another user noted as having the same problem in the old BO Support Forum:http://support.businessobjects.com/forums/message.asp?fid=568&mid=171195 We are also running Data Quality XI R2 (11.5.1.0) on the same server. This problem has been happening for as long as I can remember. It does not appear to cause any jobs to fail, but we would like to resolve this to prevent error messages being logged to computer management. Can anyone suggest a solution? Product: Data Integrator XI R2
Version: 11.7.0.0
Patches Applied: None
Operating System(s): Windows Server 2003 w SP1
Database(s): Oracle 10gR2
Error Messages: remoteDrive, localDrive error (as above)Steps to Reproduce: Restart the job server and the error appearsThanks and regards,York DAYPost Author: yday
CA Forum: Data Integration
Ben,
I have just installed DI 11.7.2.0 and it is still an issue! The bug has not been listed in the release notes in either the resolved issues section, or the known issues section.
Australia support told me it would be fixed in the next service release. This was well before 11.7.2.0 was released.
I've opened another support case as I closed the last one, believing it was resolved. From our perspective, it is not even being shown as a known issue with the product at this stage - so I will be keeping my support issue open this time until I see it is fixed.
My support case number is 302810798 FYI.
Rgds,York -
SQL Server monitoring error event log 4001
hello Experts ,
We have SCOM 2012 R2 environment ,I have installed SQL SERVER MPs 6.5.0.1 and installed SCOM agent on some of SQL Server. Some of the SQL Server are monitoring working properly not all SQL Server but getting error for some of SQL Server in event log
Event :4001
Management Group: SCOMMgtGroup. Script: Main Module: CPUUsagePercentDataSource.ps1 :
Computer Name = 'MHSSCOM01.memnet.org' WMI = 'ComputerManagement11' Service Name = 'MSSQLSERVER' SQL Instance Name = 'MSSQLSERVER'
Exception calling "Fill" with "1" argument(s): "The user does not have permission to perform this action."Error occured during CPU Usage for SQL Instances data source executing.
Computer:MHSSCOM01
Reason: Exception calling "Fill" with "1" argument(s): "The user does not have permission to perform this action."
also not getting Database information within the SQL Server instances for these SQL Server within "Instances Summary "
for resolution ,I have created a Run as account (windows)for SQL monitoring then associated it with Run as profile with SQL Server default account,Discovery account and Monitoring account and distribute it securely to each SQL Server health service object
.The run as account have added to local admin group on each SQL server.
How to resolved the event log error and how to get database information for all instances of sql server.
Thanks
RICHAHi,
It seems like that the action account that run the script does not have enough permissions on the monitored SQL server, I would like to suggest you follow the below link to check your runas account configuration:
http://blogs.technet.com/b/kevinholman/archive/2010/09/08/configuring-run-as-accounts-and-profiles-in-r2-a-sql-management-pack-example.aspx
And make sure the action account also have SQL admin account to the SQL server.
Here is also a link that may be helpful for you:
http://blogs.technet.com/b/momteam/archive/2014/05/12/kb-event-4001-in-the-operations-manager-log-during-sql-server-2012-monitoring.aspx
Regards,
Yan Li
Regards, Yan Li -
Create Project Web App Site - Failed - see the Application event Log
Hi, we have installed MS Project Server 2010 on our LAB SharePoint 2010 Server (Single Server and SQL Server Database).
My farm admin account have all server roles in SQL, it is runng the OWSTimer also and it is the AppPool Service App.
No specific error in the Application log from eventvwr on SharePoint Server.
No specific error log from SQL
This is the log information from SharePoint ULS :
04/09/2015 10:56:47.01 OWSTIMER.EXE (0x1464) 0x0728 Project Server Provisioning 6935 Critical Error provisioning database. Script: C:\Program Files\Microsoft Office Servers\14.0\Sql\Project Server\Core\addpublishsps12.sql,
Line: 0, Error: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote
connections. (provider: TCP Provider, error: 0 - An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.), Line: grant execute on dbo.MSP_RESTORE_WEB_SECURITY_SP_CAT_PERMISSIONS to ProjectServerRole
. 5141bd37-50f2-495c-bcd6-d0804f08e3f0
04/09/2015 10:56:47.01 OWSTIMER.EXE (0x1464) 0x0728 Project Server Provisioning 6580 Critical Failed to provision database LAV-SP2010LAB-SQL.ProjectServer_Published as Published because of exception grant execute on dbo.MSP_RESTORE_WEB_SECURITY_SP_CAT_PERMISSIONS
to ProjectServerRole . 5141bd37-50f2-495c-bcd6-d0804f08e3f0
04/09/2015 10:56:47.01 OWSTIMER.EXE (0x1464) 0x0728 Project Server Provisioning 6993 Critical Provisioning 'PWA': Failed to provision databases. An exception occurred: grant execute on dbo.MSP_RESTORE_WEB_SECURITY_SP_CAT_PERMISSIONS
to ProjectServerRole . 5141bd37-50f2-495c-bcd6-d0804f08e3f0
04/09/2015 10:56:47.01 OWSTIMER.EXE (0x1464) 0x0728 Project Server Provisioning 6958 Critical Provisioning 'PWA': Database provisioning failed. 5141bd37-50f2-495c-bcd6-d0804f08e3f0
04/09/2015 10:56:47.01 OWSTIMER.EXE (0x1464) 0x0728 Project Server Provisioning 6971 Critical Failed to provision site PWA with error: Microsoft.Office.Project.Server.Administration.ProvisionException: Failed to provision
databases. ---> Microsoft.Office.Project.Server.Administration.ProvisionException: grant execute on dbo.MSP_RESTORE_WEB_SECURITY_SP_CAT_PERMISSIONS to ProjectServerRole ---> System.Data.SqlClient.SqlException: A network-related or instance-specific
error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 0 - An operation
on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) at System.Data.SqlClient.TdsParser.Connect(ServerInfo serverInfo, SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 timerExpire,
Boolean encrypt, Boolean trustServerCert, Boolean integratedSecurity, SqlConnection owningObject) at System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, Boolean ignoreSniOpenTimeout,
Int64 timerExpire, SqlConnection owningObject) at System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(String host, String newPassword, Boolean redirectedUserInstance, SqlConnection owningObject, SqlConnectionString connectionOptions,
Int64 timerStart) at System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance) at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity
identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance) at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions
options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection) at System.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup)
at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection) at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory)
at System.Data.SqlClient.SqlConnection.Open() at Microsoft.Office.Project.Server.Data.SqlSession.OpenConnection() at Microsoft.Office.Project.Server.Data.SqlSession.ExecuteNonQuery(SqlCommand command)
at Microsoft.Office.Project.Server.Administration.ProjectDatabase.ExecuteScript(SqlSession session, TextReader textReader, Int32 commandTimeout) --- End of inner exception stack trace --- at Microsoft.Office.Project.Server.Administration.ProjectDatabase.ExecuteScript(SqlSession
session, TextReader textReader, Int32 commandTimeout) at Microsoft.Office.Project.Server.Administration.ProjectDatabase.ExecuteScript(SqlSession session, String path, Int32 commandTimeout) at Microsoft.Office.Project.Server.Administration.ProjectDatabase.Provision(ProjectDatabaseType
databaseType, PjSqlConnectionString databaseConnectString, String installpath, Int32 lcid) at Microsoft.Office.Project.Server.Administration.ProjectDatabase.Provision(PjSqlConnectionString databaseConnectString, Int32 lcid, ProjectDatabaseType
databaseType, Guid collectionGuid) at Microsoft.Office.Project.Server.Administration.ProjectSite.ProvisionDatabases(String pubConn, String wrkConn, String verConn, String repConn, String adminUsername, String adminName, String adminEmail,
Int32 lcid, Guid collectionGuid) at Microsoft.Office.Project.Server.Administration.PsiServiceApplication.EnsureDatabases(ProjectProvisionSettings provset, SPSite pwaSite, String adminName, String adminEmail, ProjectDatabaseStateType&
originalDatabaseState, Guid& adminGuid) --- End of inner exception stack trace --- at Microsoft.Office.Project.Server.Administration.PsiServiceApplication.EnsureDatabases(ProjectProvisionSettings provset,
SPSite pwaSite, String adminName, String adminEmail, ProjectDatabaseStateType& originalDatabaseState, Guid& adminGuid) at Microsoft.Office.Project.Server.Administration.PsiServiceApplication.CreateSite(ProjectProvisionSettings
provset) 5141bd37-50f2-495c-bcd6-d0804f08e3f0
Social Technet Microsoft.We have found the problem. The organisation was asking us to reduce the number of Dynamic TCP Port.
Our setup was only 3,975
Netsh Int IPv4 Show Dyn TCP
Protocol tcp Dynamic Port Range
Start Port : 1025
Number of Ports : 3975
We have use this command to raise the number of port available to 60,000
netsh int ipv4 set dyn tcp start=1025 num=60000
Everything is working now.
Social Technet Microsoft. -
Oracle 11g R2 write audit record to application event log in Windows server
Hi,
I have a oracle 11g R1 database in windows 2003 server,
I set the init parameter audit_trail=db,extended,
but some auditing record still keep writting to windows application log
Event Type: Information
Event Source: Oracle.test
Event Category: None
Event ID: 34
Date: 9/7/2011
Time: 3:36:38 PM
User: N/A
Computer: test
Description:
Audit trail: LENGTH: "226" SESSIONID:[7] "3875588" ENTRYID:[1] "1" USERID:[8] "test" ACTION:[3] "102" RETURNCODE:[1] "0" LOGOFF$PREAD:[1] "1" LOGOFF$LREAD:[3] "755" LOGOFF$LWRITE:[2] "26" LOGOFF$DEAD:[1] "0" DBID:[10] "1613217480" SESSIONCPU:[1] "0".
Is there any way to disable this?
Thanks
Vincentoh really, dont you say?
maybe next time read the whole note, not just the title
"In 11g these 'logoff by cleanup' audit records are not logged in DBA_AUDIT_TRAIL. The connection record remains as 'logon' record. It is not updated to 'logoff by cleanup'. *In these cases, the log off information like logoff_time, logoff_lread etc are written to an OS audit file as 'logoff by cleanup' audit record.* " -
Long list of warnings in Application event log
I'm using windows XP SP2, Nokia PC-Suite 6.84.10.4 and a Nokia 6822 phone. I have full administration rights of the machine.
Every time I start my laptop up I get about 62 or 63 application log entries all saying the following. . .
Detection of product '{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}', feature 'PCSuite', component '{9B373FD2-8E0A-4A76-80C7-63B6521FD237}' failed. The resource 'HKEY_CURRENT_USER\Software\Nokia\' does not exist.
I have de and re-installed the software, mainly to try to overcome bluetooth connection issues but this doesn't make any difference.
Any advice?It's a known problem with 6.84.
Your only option is to wait for a new version or, as I did, switch back to using 6.83 which is far more stable. -
How to monitoring IPS event logs !
Hi ,
We have Some Cisco IPS and also juniper IDP sensors in our networks ,with juniper i use NSM for analyzing network logs,attacks,generating different kind of graphs and stuff like that,its so easy to work with and also its informative, but with cisco IPS devices i dont know what tools are available for online monitoring network logs, attacks and also generating graphs for my boss .I see IDM but it doesn't have the features that we need ,does any one know anything else for analyzing and monitoring logs ?
Warm regards,
OmidIME (IPS Manager Express) provides more information and reporting tool than IDM, and it can support up to 10 IPS devices/modules.
Here is the URL for IME for your reference:
http://www.cisco.com/en/US/products/ps9610/index.html
Please check the system requirement for IME on the following release notes:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5715/ps9610/data_sheet_c78-459033.html
Hope that helps. -
How do "you" monitor event logs in SCOM 2012? Need opinions.
Fairly new to SCOM. Do you monitor all event logs? Just warnings and critical? How do you filter out things you don't want to see?
Looking for opinions here not just a "how-to".
Thanks,Steps in creating a Event based Alerting Rule.
1. Open the Operations Manager Console.
2. Go to Authoring.
3. Under Authoring - Management Pack Objects - Select Rules
4. Right click on Rules and select - Create a new rule
5. Select Alert Generating Rules - Event Based - NT Event Log (Alert)
6. On the same screen select your destination management pack and click Next
7. Give a name to your Rule and optionally give it a Description.
8. Rule Category can be anything you like.
9. Select the Rule Target as the class of your choice, normally it can be Windows Computer.
10. Make sure the Rule is Enabled and select Next.
11. Select the Event log name from where event will be monitored and click Next. (for example Application or System
or Security)
12. Build the Expression to filter the events with the below details:
a. Parameter Name = Event ID, Operator = Equals and Value = (any event id of your choice)
b. Parameter Name = Event Source, Operator = Equals and Value = (any source of your choice) (you
may delete this filter if you want)
c. Click on Insert button at Top and it will put the cursor at Parameter Name, click square button
with 3 dots [...] and it will popup another screen.
d. In that box, select the 3rd radio button named 'Use parameter name not specified above' and there
manually type 'EventDescription' (without quotes) and click OK.
e. Then come back to filter screen, now here you will see Parameter Name = EventDescription, and
for Operator select Contains and then for Value you can type any word you want to key on from the Event description.
13. After building the desired Expression, click Next.
14. Configure Alerts as you like and click the Create button.
To get the Alerting event details. Go to Start menu and in Run window type eventvwr.
And put the details on the wizard as per the below screenshot.
Refer: http://blogs.technet.com/b/operationsmgr/archive/2008/11/12/opsmgr-2007-how-to-create-an-alert-rule-based-on-an-event-description.aspx
Gautam.75801 -
Dear Team,
I want a powershell script to export servers event logs into excel and it send that file to IT administrators.
Excel format:
Server Name, Log Name, Time, Source, Event ID and Message.
Require logs:
Application, Security, System, DFS Replication and Directory service.
And these excel file has to be send to Email address.
And it would be good, if i get a script same for Hard disk space and RAM and CPU utilization.Here are some examples:
http://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=logs&f%5B0%5D.Text=Logs%20and%20monitoring&f%5B1%5D.Type=SubCategory&f%5B1%5D.Value=eventlogs&f%5B1%5D.Text=Event%20Logs
¯\_(ツ)_/¯ -
Script to Export Pervious Day Events Logs to CSV
HI,
I am trying to export all the previous day's application event logs to a CSV file. I found the following script on net. But for this script to work I need to enter in the Event ID's I wont to export. Does anyone have any idea how I can change thsi script
to export all event ID's or have another script that can?
'Description : This script queries the event log for...whatever you want it to! Just set the event 'log name and event ID's!
'Initialization Section
Option Explicit
Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8
Dim objDictionary, objFSO, wshShell, wshNetwork
Dim scriptBaseName, scriptPath, scriptLogPath
Dim ipAddress, macAddress, item, messageType, message
On Error Resume Next
Set objDictionary = NewDictionary
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set wshShell = CreateObject("Wscript.Shell")
Set wshNetwork = CreateObject("Wscript.Network")
scriptBaseName = objFSO.GetBaseName(Wscript.ScriptFullName)
scriptPath = objFSO.GetFile(Wscript.ScriptFullName).ParentFolder.Path
scriptLogPath = scriptPath & "\" & IsoDateString(Now)
If Err.Number <> 0 Then
Wscript.Quit
End If
On Error Goto 0
'Main Processing Section
On Error Resume Next
PromptScriptStart
ProcessScript
If Err.Number <> 0 Then
MsgBox BuildError("Processing Script"), vbCritical, scriptBaseName
Wscript.Quit
End If
PromptScriptEnd
On Error Goto 0
'Functions Processing Section
'Name : ProcessScript -> Primary Function that controls all other script processing.
'Parameters : None ->
'Return : None ->
Function ProcessScript
Dim hostName, logName, startDateTime, endDateTime
Dim events, eventNumbers, i
hostName = wshNetwork.ComputerName
logName = "application"
eventNumbers = Array("1001","1")
startDateTime = DateAdd("n", -21600, Now)
'Query the event log for the eventID's within the specified event log name and date range.
If Not QueryEventLog(events, hostName, logName, eventNumbers, startDateTime) Then
Exit Function
End If
'Log the scripts results to the scripts
For i = 0 To UBound(events)
LogMessage events(i)
Next
End Function
'Name : QueryEventLog -> Primary Function that controls all other script processing.
'Parameters : results -> Input/Output : Variable assigned to an array of results from querying the event log.
' : hostName -> String containing the hostName of the system to query the event log on.
' : logName -> String containing the name of the Event Log to query on the system.
' : eventNumbers -> Array containing the EventID's (eventCode) to search for within the event log.
' : startDateTime -> Date\Time containing the date to finish searching at.
' : minutes -> Integer containing the number of minutes to subtract from the startDate to begin the search.
'Return : QueryEventLog -> Returns True if the event log was successfully queried otherwise returns False.
Function QueryEventLog(results, hostName, logName, eventNumbers, startDateTime)
Dim wmiDateTime, wmi, query, eventItems, eventItem
Dim timeWritten, eventDate, eventTime, description
Dim eventsDict, eventInfo, errorCount, i
QueryEventLog = False
errorCount = 0
If Not IsArray(eventNumbers) Then
eventNumbers = Array(eventNumbers)
End If
'Construct part of the WMI Query to account for searching multiple eventID's
query = "Select * from Win32_NTLogEvent Where Logfile = " & SQ(logName) & " And (EventCode = "
For i = 0 To UBound(eventNumbers)
query = query & SQ(eventNumbers(i)) & " Or EventCode = "
Next
On Error Resume Next
Set eventsDict = NewDictionary
If Err.Number <> 0 Then
LogError "Creating Dictionary Object"
Exit Function
End If
Set wmi = GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!\\" & hostName & "\root\cimv2")
If Err.Number <> 0 Then
LogError "Creating WMI Object to connect to " & DQ(hostName)
Exit Function
End If
'Create the "SWbemDateTime" Object for converting WMI Date formats. Supported in Windows Server 2003 & Windows XP.
Set wmiDateTime = CreateObject("WbemScripting.SWbemDateTime")
If Err.Number <> 0 Then
LogError "Creating " & DQ("WbemScripting.SWbemDateTime") & " object"
Exit Function
End If
'Build the WQL query and execute it.
wmiDateTime.SetVarDate startDateTime, True
query = Left(query, InStrRev(query, "'")) & ") And (TimeWritten >= " & SQ(wmiDateTime.Value) & ")"
Set eventItems = wmi.ExecQuery(query)
If Err.Number <> 0 Then
LogError "Executing WMI Query " & DQ(query)
Exit Function
End If
'Convert the property values of Each event found to a comma seperated string and add it to the dictionary.
For Each eventItem In eventItems
Do
timeWritten = ""
eventDate = ""
eventTime = ""
eventInfo = ""
timeWritten = ConvertWMIDateTime(eventItem.TimeWritten)
eventDate = FormatDateTime(timeWritten, vbShortDate)
eventTime = FormatDateTime(timeWritten, vbLongTime)
eventInfo = eventDate &
eventInfo = eventInfo & eventTime & ","
eventInfo = eventInfo & eventItem.SourceName & ","
eventInfo = eventInfo & eventItem.Type & ","
eventInfo = eventInfo & eventItem.Category & ","
eventInfo = eventInfo & eventItem.EventCode & ","
eventInfo = eventInfo & eventItem.User & ","
eventInfo = eventInfo & eventItem.ComputerName & ","
description = eventItem.Message
'Ensure the event description is not blank.
If IsNull(description) Then
description = "The event description cannot be found."
End If
description = Replace(description, vbCrLf, " ")
eventInfo = eventInfo & description
'Check if any errors occurred enumerating the event Information
If Err.Number <> 0 Then
LogError "Enumerating Event Properties from the " & DQ(logName) & " event log on " & DQ(hostName)
errorCount = errorCount + 1
Err.Clear
Exit Do
End If
'Remove all Tabs and spaces.
eventInfo = Trim(Replace(eventInfo, vbTab, " "))
Do While InStr(1, eventInfo, " ", vbTextCompare) <> 0
eventInfo = Replace(eventInfo, " ", " ")
Loop
'Add the Event Information to the Dictionary object if it doesn't exist.
If Not eventsDict.Exists(eventInfo) Then
eventsDict(eventsDict.Count) = eventInfo
End If
Loop Until True
Next
On Error Goto 0
If errorCount <> 0 Then
Exit Function
End If
results = eventsDict.Items
QueryEventLog = True
End Function
'Name : ConvertWMIDateTime -> Converts a WMI Date Time String into a String that can be formatted as a valid Date Time.
'Parameters : wmiDateTimeString -> String containing a WMI Date Time String.
'Return : ConvertWMIDateTime -> Returns a valid Date Time String otherwise returns a Blank String.
Function ConvertWMIDateTime(wmiDateTimeString)
Dim integerValues, i
'Ensure the wmiDateTimeString contains a "+" or "-" character. If it doesn't it is not a valid WMI date time so exit.
If InStr(1, wmiDateTimeString, "+", vbTextCompare) = 0 And _
InStr(1, wmiDateTimeString, "-", vbTextCompare) = 0 Then
ConvertWMIDateTime = ""
Exit Function
End If
'Replace any "." or "+" or "-" characters in the wmiDateTimeString and check each character is a valid integer.
integerValues = Replace(Replace(Replace(wmiDateTimeString, ".", ""), "+", ""), "-", "")
For i = 1 To Len(integerValues)
If Not IsNumeric(Mid(integerValues, i, 1)) Then
ConvertWMIDateTime = ""
Exit Function
End If
Next
'Convert the WMI Date Time string to a String that can be formatted as a valid Date Time value.
ConvertWMIDateTime = CDate(Mid(wmiDateTimeString, 5, 2) & "/" & _
Mid(wmiDateTimeString, 7, 2) & "/" & Left(wmiDateTimeString,
4) & " " & _
Mid(wmiDateTimeString, 9, 2) & ":" & _
Mid(wmiDateTimeString, 11, 2) & ":" & _
Mid(wmiDateTimeString, 13, 2))
End Function
'Name : NewDictionary -> Creates a new dictionary object.
'Parameters : None ->
'Return : NewDictionary -> Returns a dictionary object.
Function NewDictionary
Dim dict
Set dict = CreateObject("scripting.Dictionary")
dict.CompareMode = vbTextCompare
Set NewDictionary = dict
End Function
'Name : SQ -> Places single quotes around a string
'Parameters : stringValue -> String containing the value to place single quotes around
'Return : SQ -> Returns a single quoted string
Function SQ(ByVal stringValue)
If VarType(stringValue) = vbString Then
SQ = "'" & stringValue & "'"
End If
End Function
'Name : DQ -> Place double quotes around a string and replace double quotes
' : -> within the string with pairs of double quotes.
'Parameters : stringValue -> String value to be double quoted
'Return : DQ -> Double quoted string.
Function DQ (ByVal stringValue)
If stringValue <> "" Then
DQ = """" & Replace (stringValue, """", """""") & """"
Else
DQ = """"""
End If
End Function
'Name : IsoDateTimeString -> Generate an ISO date and time string from a date/time value.
'Parameters : dateValue -> Input date/time value.
'Return : IsoDateTimeString -> Date and time parts of the input value in "yyyy-mm-dd hh:mm:ss" format.
Function IsoDateTimeString(dateValue)
IsoDateTimeString = IsoDateString (dateValue) & " " & IsoTimeString (dateValue)
End Function
'Name : IsoDateString -> Generate an ISO date string from a date/time value.
'Parameters : dateValue -> Input date/time value.
'Return : IsoDateString -> Date part of the input value in "yyyy-mm-dd" format.
Function IsoDateString(dateValue)
If IsDate(dateValue) Then
IsoDateString = Right ("000" & Year (dateValue), 4) & "-" & _
Right ( "0" & Month (dateValue), 2) & "-" & _
Right ( "0" & Day (dateValue), 2)
Else
IsoDateString = "0000-00-00"
End If
End Function
'Name : IsoTimeString -> Generate an ISO time string from a date/time value.
'Parameters : dateValue -> Input date/time value.
'Return : IsoTimeString -> Time part of the input value in "hh:mm:ss" format.
Function IsoTimeString(dateValue)
If IsDate(dateValue) Then
IsoTimeString = Right ("0" & Hour (dateValue), 2) & ":" & _
Right ("0" & Minute (dateValue), 2) & ":" & _
Right ("0" & Second (dateValue), 2)
Else
IsoTimeString = "00:00:00"
End If
End Function
'Name : LogMessage -> Writes a message to a log file.
'Parameters : logPath -> String containing the full folder path and file name of the Log file without with file extension.
' : message -> String containing the message to include in the log message.
'Return : None ->
Function LogMessage(message)
If Not LogToCentralFile(scriptLogPath & ".csv", IsoDateTimeString(Now) & "," & message) Then
Exit Function
End If
End Function
'Name : LogError -> Writes an error message to a log file.
'Parameters : logPath -> String containing the full folder path and file name of the Log file without with file extension.
' : message -> String containing a description of the event that caused the error to occur.
'Return : None ->
Function LogError(message)
If Not LogToCentralFile(scriptLogPath & ".err", IsoDateTimeString(Now) & "," & BuildError(message)) Then
Exit Function
End If
End Function
'Name : BuildError -> Builds a string of information relating to the error object.
'Parameters: message -> String containnig the message that relates to the process that caused the error.
'Return : BuildError -> Returns a string relating to error object.
Function BuildError(message)
BuildError = "Error " & Err.Number & " (Hex " & Hex(Err.Number) & ") " & message & ". " & Err.Description
End Function
'Name : LogToCentralFile -> Attempts to Appends information to a central file.
'Parameters : logSpec -> Folder path, file name and extension of the central log file to append to.
' : message -> String to include in the central log file
'Return : LogToCentralFile -> Returns True if Successfull otherwise False.
Function LogToCentralFile(logSpec, message)
Dim attempts, objLogFile
LogToCentralFile = False
'Attempt to append to the central log file up to 10 times, as it may be locked by some other system.
attempts = 0
Do
On Error Resume Next
Set objLogFile = objFSO.OpenTextFile(logSpec, ForAppending, True)
If Err.Number = 0 Then
objLogFile.WriteLine message
objLogFile.Close
LogToCentralFile = True
Exit Function
End If
On Error Goto 0
Randomize
Wscript.sleep 1000 + Rnd * 100
attempts = attempts + 1
Loop Until attempts >= 10
End Function
'Name : PromptScriptStart -> Prompt when script starts.
'Parameters : None
'Return : None
Function PromptScriptStart
MsgBox "Now processing the " & DQ(Wscript.ScriptName) & " script.", vbInformation, scriptBaseName
End Function
'Name : PromptScriptEnd -> Prompt when script has completed.
'Parameters : None
'Return : None
Function PromptScriptEnd
MsgBox "The " & DQ(Wscript.ScriptName) & " script has completed successfully.", vbInformation, scriptBaseName
End Function
ThanksHere is a script that will copy the previous days events and save them to "C:\". The file name be yesterdays date ex "04-18-2010-Events.csv"
Const strComputer = "."
Dim objFSO, objWMIService, colEvents, objEvent, outFile
Dim dtmStartDate, dtmEndDate, DateToCheck, fileDate
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set dtmStartDate = CreateObject("WbemScripting.SWbemDateTime")
Set dtmEndDate = CreateObject("WbemScripting.SWbemDateTime")
'change the date form "/" to "-" so it can be used in the file name
fileDate = Replace(Date - 1,"/","-")
Set outFile = objFSO.CreateTextFile("C:\" & fileDate & "-Events.csv",True)
DateToCheck = Date - 1
dtmEndDate.SetVarDate Date, True
dtmStartDate.SetVarDate DateToCheck, True
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where TimeWritten >= '" _
& dtmStartDate & "' and TimeWritten < '" & dtmEndDate & "'")
For each objEvent in colEvents
outFile.WriteLine String(100,"-")
outFile.WriteLine "Category = " & objEvent.Category
outFile.WriteLine "ComputerName = " & objEvent.ComputerName
outFile.WriteLine "EventCode = " & objEvent.EventCode
outFile.WriteLine "Message = " & objEvent.Message
outFile.WriteLine "RecordNumber = " & objEvent.RecordNumber
outFile.WriteLine "SourceName = " & objEvent.SourceName
outFile.WriteLine "TimeWritten = " & objEvent.TimeWritten
outFile.WriteLine "Type = " & objEvent.Type
outFile.WriteLine "User = " & objEvent.User
outFile.WriteLine String(100,"-")
Next
outFile.Close
MsgBox "Finished!"
v/r LikeToCode....Mark the best replies as answers. -
Monitored Application Crashes at Launch
I created a UEV template for Skype 6.9.106, however, whenever the template is deployed, Skype crashes at launch; Disabling the template allows Skype to function properly. The template was also validated using the UEV Generator and the problem persists even
with a blank template. I have copies of the UEV Analytical and Debug Logs as well, however I can't seem to find anything out of the ordinary. Has anyone else experienced this issue?
I found a Skype UEV template in the TechNet Gallery, for version 6.1, installed an earlier version of Skype (6.1.0.129) and received the same results. I also uninstalled App-V 5 SP1, Symantec Workspace Virtualization and Symantec Endpoint Protection from
my test machine, however, none of those actions had any effect. I did attempt to install the UEV 2.0 Beta, just to see what would happen, but it too caused Skype to crash at launch.
Skype logs the following error (ACCESS_VIOLATION) in the Application Event Logs:
Faulting application name: Skype.exe, version: 6.9.0.106, time stamp: 0x524bef36
Faulting module name: Skype.exe, version: 6.9.0.106, time stamp: 0x524bef36
Exception code: 0xc0000005
Fault offset: 0x001e3fc9
Faulting process id: 0xa78
Faulting application start time: 0x01cece9fcffa593f
Faulting application path: C:\Program Files (x86)\Skype\Phone\Skype.exe
Faulting module path: C:\Program Files (x86)\Skype\Phone\Skype.exe
Report Id: 0e313553-3a93-11e3-80a5-000c29d145fb
Error Displayed by WerFault.exe:
Problem signature:
Problem Event Name: APPCRASH
Application Name: Skype.exe
Application Version: 6.9.0.106
Application Timestamp: 524bef36
Fault Module Name: Skype.exe
Fault Module Version: 6.9.0.106
Fault Module Timestamp: 524bef36
Exception Code: c0000005
Exception Offset: 001e3fc9
OS Version: 6.1.7601.2.1.0.256.4
Locale ID: 1033
Additional Information 1: 9573
Additional Information 2: 957302d7cbf8d53bf7482f36c320f36f
Additional Information 3: 9dc5
Additional Information 4: 9dc52694f97bd8de0e7c104cb1ddeb29David,
The issue seems to be happening when the AppAgent calls the "monitored application's main entry point." Other than that, nothing seemed to jump out at me as potentially being out-of-the-norm. I've posted the trace file output below.
[3]0C94.065C::2013-11-22 13:10:55.800 [Microsoft-User Experience Virtualization-Agent Driver]The Agent Driver trapped the start of process Skype.exe (ID 1644).
[2]03AC.03E8::2013-11-22 13:10:55.800 [Microsoft-User Experience Virtualization-App Agent]AgentService.CreateProcNotificationListener::ProcessNotification: Entry
[2]03AC.03E8::2013-11-22 13:10:55.800 [Microsoft-User Experience Virtualization-App Agent]AgentService.CreateProcNotificationListener::ProcessNotification: ProcessId = 0x66C
[2]03AC.03E8::2013-11-22 13:10:55.800 [Microsoft-User Experience Virtualization-App Agent]AgentService.CreateProcNotificationListener::InjectIntoProcessNeeded: Entry
[2]03AC.03E8::2013-11-22 13:10:55.800 [Microsoft-User Experience Virtualization-App Agent]AgentService.Util::OpenUserHive: Entry
[2]03AC.03E8::2013-11-22 13:10:55.800 [Microsoft-User Experience Virtualization-App Agent]AgentService.Util::GetUserSid: Entry
[2]03AC.03E8::2013-11-22 13:10:55.800 [Microsoft-User Experience Virtualization-App Agent]AgentService.Util::GetUserSid: Exit ['S-1-5-21-872334846-580189086-2614858207-19879']
[2]03AC.03E8::2013-11-22 13:10:55.800 [Microsoft-User Experience Virtualization-App Agent]AgentService.Util::OpenUserHive: Exit
[2]03AC.03E8::2013-11-22 13:10:55.800 [Microsoft-User Experience Virtualization-App Agent]AgentService.Util::IsLowIntegrityProcess: Entry
[2]03AC.03E8::2013-11-22 13:10:55.800 [Microsoft-User Experience Virtualization-App Agent]AgentService.Util::GetProcessIntegrityLevel: Entry
[2]03AC.03E8::2013-11-22 13:10:55.800 [Microsoft-User Experience Virtualization-App Agent]AgentService.Util::GetProcessIntegrityLevel: Exit
[2]03AC.03E8::2013-11-22 13:10:55.800 [Microsoft-User Experience Virtualization-App Agent]AgentService.Util::IsLowIntegrityProcess: Exit, retVal = 0x0
[2]03AC.03E8::2013-11-22 13:10:55.800 [Microsoft-User Experience Virtualization-App Agent]AgentService.Util::CheckForMatchingApplicationTemplate: Entry( 'C:\Program Files (x86)\Skype\Phone\Skype.exe' )
[0]03AC.03E8::2013-11-22 13:10:56.921 [Microsoft-User Experience Virtualization-App Agent]AgentService.Util::CheckForMatchingApplicationTemplate: File description: 'Skype'
[0]03AC.03E8::2013-11-22 13:10:56.921 [Microsoft-User Experience Virtualization-App Agent]AgentService.Util::CheckForMatchingApplicationTemplate: File name: 'Skype.exe'
[0]03AC.03E8::2013-11-22 13:10:56.921 [Microsoft-User Experience Virtualization-App Agent]AgentService.Util::CheckForMatchingApplicationTemplate: File version: '6.9.32.106'
[0]03AC.03E8::2013-11-22 13:10:56.921 [Microsoft-User Experience Virtualization-App Agent]AgentService.Util::CheckForMatchingApplicationTemplate: Product name: 'Skype'
[0]03AC.03E8::2013-11-22 13:10:56.921 [Microsoft-User Experience Virtualization-App Agent]AgentService.Util::CheckForMatchingApplicationTemplate: Product version: '6.9'
[2]03AC.03E8::2013-11-22 13:10:56.927 [Microsoft-User Experience Virtualization-App Agent]AgentService.Util::CheckForMatchingApplicationTemplate: Exit( 'True' )
[2]03AC.03E8::2013-11-22 13:10:56.927 [Microsoft-User Experience Virtualization-App Agent]AgentService.CreateProcNotificationListener::InjectIntoProcessNeeded: Process has been identified as a monitored program.
[2]03AC.03E8::2013-11-22 13:10:56.927 [Microsoft-User Experience Virtualization-App Agent]AgentService.CreateProcNotificationListener::InjectIntoProcessNeeded: Exit, retVal = 0x1
[2]03AC.03E8::2013-11-22 13:10:56.927 [Microsoft-User Experience Virtualization-App Agent]AgentService.CreateProcNotificationListener::ProcessNotification: Injecting AppAgent into process (PID 1644)
[2]03AC.03E8::2013-11-22 13:10:56.927 [Microsoft-User Experience Virtualization-App Agent]AgentService.CreateProcNotificationListener::InjectIntoProcess: Entry
[2]03AC.03E8::2013-11-22 13:10:56.927 [Microsoft-User Experience Virtualization-App Agent]AgentService.CreateProcNotificationListener::GetInjectionExePaths: Entry
[2]03AC.03E8::2013-11-22 13:10:56.927 [Microsoft-User Experience Virtualization-App Agent]AgentService.CreateProcNotificationListener::GetInjectionExePaths: x86 executables
[2]03AC.03E8::2013-11-22 13:10:56.927 [Microsoft-User Experience Virtualization-App Agent]AgentService.CreateProcNotificationListener::GetInjectionExePaths: Exit
[2]03AC.03E8::2013-11-22 13:10:56.927 [Microsoft-User Experience Virtualization-App Agent]AgentService.CreateProcNotificationListener::LaunchAndWaitForInjectionProcess: Entry
[2]03AC.03E8::2013-11-22 13:10:56.937 [Microsoft-User Experience Virtualization-App Agent]AgentService.CreateProcNotificationListener::ValidateDigitalSignature: The file 'C:\Program Files\Microsoft User Experience Virtualization\\Agent\x86\mavinject32.exe' is signed and the signature was verified.
[2]03AC.03E8::2013-11-22 13:10:56.949 [Microsoft-User Experience Virtualization-App Agent]AgentService.CreateProcNotificationListener::ValidateDigitalSignature: The file 'C:\PROGRA~1\MICROS~4\\Agent\x86\MICROS~1.DLL' is signed and the signature was verified.
[2]03AC.03E8::2013-11-22 13:10:56.949 [Microsoft-User Experience Virtualization-App Agent]AgentService.CreateProcNotificationListener::SetupLaunchCmdLine: Entry
[2]03AC.03E8::2013-11-22 13:10:56.949 [Microsoft-User Experience Virtualization-App Agent]AgentService.CreateProcNotificationListener::SetupLaunchCmdLine: Exit
[2]03AC.03E8::2013-11-22 13:10:56.949 [Microsoft-User Experience Virtualization-App Agent]AgentService.CreateProcNotificationListener::LaunchAndWaitForInjectionProcess: Injecting the AppAgent into process 1644
[2]03AC.03E8::2013-11-22 13:10:56.954 [Microsoft-User Experience Virtualization-Agent Driver]The Agent Driver trapped the start of process mavinject32.exe (ID 124).
[2]03AC.03E8::2013-11-22 13:10:56.997 [Microsoft-User Experience Virtualization-App Agent]AgentService.CreateProcNotificationListener::LaunchAndWaitForInjectionProcess: AppAgent succeessfully injected into process 1644
[2]03AC.03E8::2013-11-22 13:10:56.997 [Microsoft-User Experience Virtualization-App Agent]AgentService.CreateProcNotificationListener::LaunchAndWaitForInjectionProcess: Exit
[2]03AC.03E8::2013-11-22 13:10:56.997 [Microsoft-User Experience Virtualization-App Agent]AgentService.CreateProcNotificationListener::InjectIntoProcess: Exit
[2]03AC.03E8::2013-11-22 13:10:56.997 [Microsoft-User Experience Virtualization-App Agent]AgentService.CreateProcNotificationListener::ProcessNotification: Exit
[2]03AC.03E8::2013-11-22 13:10:56.997 [Microsoft-User Experience Virtualization-App Agent]AgentService.FilterConnection::SendReplyMessage: Entry
[2]03AC.03E8::2013-11-22 13:10:56.997 [Microsoft-User Experience Virtualization-App Agent]AgentService.FilterConnection::SendReplyMessage: Exit, retStatus = 0x0
[2]03AC.03E8::2013-11-22 13:10:56.997 [Microsoft-User Experience Virtualization-App Agent]AgentService.FilterConnection::PostReceiveBuffer: Entry
[2]03AC.03E8::2013-11-22 13:10:56.997 [Microsoft-User Experience Virtualization-App Agent]AgentService.FilterConnection::PostReceiveBuffer: Exit, retStatus = 0x800703E5
[3]066C.088C::2013-11-22 13:11:02.636 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgent: [2188]: INFO: The Event Log Service has been successfully enabled in the AppAgent.
[3]066C.088C::2013-11-22 13:11:02.636 [Microsoft-User Experience Virtualization-App Agent]Entering DLL_PROCESS_ATTACH for the AppAgent.
[3]066C.088C::2013-11-22 13:11:02.636 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgent: [2188]: SCOPE: --> SmartEvent::SmartEvent()
[3]066C.088C::2013-11-22 13:11:02.636 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgent: [2188]: DEBUG: Diagnostic event successfully created
[3]066C.088C::2013-11-22 13:11:02.636 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgent: [2188]: DEBUG: Assigning global access to the diagnostic event
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgent: [2188]: DEBUG: Global access was successfully assigned to the diagnostic event
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgent: [2188]: SCOPE: <-- SmartEvent::SmartEvent()^~^0
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgent: [2188]: SCOPE: --> DetourExeMain
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgent: [2188]: INFO: ExeMain trampoline details: RealTrampoline: 403700D8; RealTarget: 00373DD8; RealDetour: 6FFC1AF0; s_pRealExeMain: 00373DD8
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgent: [2188]: INFO: s_pRealExeMain after DetourTransactionCommit(): 403700D8
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgent: [2188]: SCOPE: <-- DetourExeMain [Success]^~^0
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]Exiting DLL_PROCESS_ATTACH for the AppAgent.
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgent: [2188]: SCOPE: <-- DllMainContext constructor^~^0
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgent: [2188]: SCOPE: <-- DllMainContext::ProcessAttach^~^0
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgent: [2188]: SCOPE: <-- DllMain(DLL_PROCESS_ATTACH)^~^0
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgent: [2188]: SCOPE: --> ExeMainDetour()
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]Entering AppAgent's ExeMain detour.
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgent: [2188]: INFO: Main EXE entry point called for: C:\Program Files (x86)\Skype\Phone\Skype.exe
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgentCommon: [2188]: SCOPE: --> GetCurrentProcessIntegrityLevel()
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgentCommon: [2188]: SCOPE: --> GetProcessIntegrityLevel()
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgentCommon: [2188]: SCOPE: --> GetTokenIntegrityLevel
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgentCommon: [2188]: SCOPE: <-- GetTokenIntegrityLevel [Success]^~^0
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgentCommon: [2188]: SCOPE: <-- GetProcessIntegrityLevel() [Success]^~^0
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgentCommon: [2188]: SCOPE: <-- GetCurrentProcessIntegrityLevel()^~^0
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgentCommon: [2188]: SCOPE: --> GetCurrentProcessIntegrityLevel()
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgentCommon: [2188]: SCOPE: --> GetProcessIntegrityLevel()
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgentCommon: [2188]: SCOPE: --> GetTokenIntegrityLevel
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgentCommon: [2188]: SCOPE: <-- GetTokenIntegrityLevel [Success]^~^0
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgentCommon: [2188]: SCOPE: <-- GetProcessIntegrityLevel() [Success]^~^0
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgentCommon: [2188]: SCOPE: <-- GetCurrentProcessIntegrityLevel()^~^0
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgent: [2188]: SCOPE: --> IsCurrentProcessTheShell
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgent: [2188]: SCOPE: --> IsShellReady
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgent: [2188]: SCOPE: <-- IsShellReady [true]^~^0
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgent: [2188]: SCOPE: <-- IsCurrentProcessTheShell [false]^~^0
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgentCommon: [2188]: SCOPE: --> InstallationMonitor constructor
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgentCommon: [2188]: DEBUG: UevUninstalled event successfully created
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgentCommon: [2188]: DEBUG: Global access was successfully assigned to the UevUninstalled event
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgentCommon: [2188]: SCOPE: <-- InstallationMonitor constructor [Success]^~^0
[3]066C.088C::2013-11-22 13:11:02.637 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.628 - AppAgent: [2188]: SCOPE: --> CoreContext constructor
[1]066C.088C::2013-11-22 13:11:02.638 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.643 - AppAgent: [2188]: DEBUG: Program Characteristics: File Name: Skype.exe File Description: Skype File Version: 6.9.32.106 Product Name: Skype Product Version: 6.9
[0]066C.088C::2013-11-22 13:11:02.655 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - AppAgent: [2188]: INFO: Matching template(s) were found (ID: Skype-Skype-v-6-9)
[0]066C.088C::2013-11-22 13:11:02.655 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - AppAgent: [2188]: SCOPE: --> CreateUevMonitoringProcessEvent()
[0]066C.088C::2013-11-22 13:11:02.655 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - AppAgent: [2188]: INFO: Creating/opening the IsMonitoring event
[0]066C.088C::2013-11-22 13:11:02.655 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - AppAgent: [2188]: DEBUG: IsMonitoring event successfully created
[0]066C.088C::2013-11-22 13:11:02.655 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - AppAgent: [2188]: DEBUG: Assigning global access to the IsMonitoring event
[0]066C.088C::2013-11-22 13:11:02.655 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - AppAgent: [2188]: DEBUG: Global access was successfully assigned to the IsMonitoring event
[0]066C.088C::2013-11-22 13:11:02.655 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - AppAgent: [2188]: SCOPE: <-- CreateUevMonitoringProcessEvent()^~^0
[0]066C.088C::2013-11-22 13:11:02.655 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - AppAgent: [2188]: SCOPE: <-- CoreContext constructor [Success]^~^31
[0]066C.088C::2013-11-22 13:11:02.655 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - AppAgent: [2188]: INFO: The application has a template and will therefore be monitored
[0]066C.088C::2013-11-22 13:11:02.655 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - AppAgent: [2188]: INFO: ExitProcess() detoured OK
[0]066C.088C::2013-11-22 13:11:02.655 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - AppAgent: [2188]: INFO: TerminateProcess() detoured OK
[0]066C.088C::2013-11-22 13:11:02.655 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - AppAgent: [2188]: INFO: Transaction committed OK
[0]066C.088C::2013-11-22 13:11:02.655 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - AppAgent: [2188]: SCOPE: --> SyncSettingsFromCentralStoreToLocalStore()
[0]066C.088C::2013-11-22 13:11:02.655 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - AppAgentCommon: [2188]: SCOPE: --> CurrentUserInformation::IsMemberOf()
[0]066C.088C::2013-11-22 13:11:02.655 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - AppAgentCommon: [2188]: SCOPE: <-- CurrentUserInformation::IsMemberOf() [Success]^~^0
[0]066C.088C::2013-11-22 13:11:02.655 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - AppAgent: [2188]: INFO: Sending the application START event to the Orchestrator.
[0]066C.088C::2013-11-22 13:11:02.655 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2188]: SCOPE: --> Orchestrator::ImportSettings(2)
[0]066C.088C::2013-11-22 13:11:02.655 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2188]: SCOPE: --> ImportSettingsWork::IsShellReady()
[0]066C.088C::2013-11-22 13:11:02.655 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2188]: SCOPE: <-- ImportSettingsWork::IsShellReady() [true]^~^0
[0]066C.088C::2013-11-22 13:11:02.655 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2188]: SCOPE: --> ImportSettingsWork::GetImportTimeout()
[0]066C.088C::2013-11-22 13:11:02.655 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2188]: DEBUG: ImportSettingsWork::GetImportTimeout() - The import timeout will be disabled because the offline files are not in use.
[0]066C.088C::2013-11-22 13:11:02.655 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2188]: DEBUG: ImportSettingsWork::GetImportTimeout() - Timeout = 4294967295 milliseconds.
[0]066C.088C::2013-11-22 13:11:02.655 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2188]: SCOPE: <-- ImportSettingsWork::GetImportTimeout()^~^0
[0]066C.088C::2013-11-22 13:11:02.655 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2188]: SCOPE: --> WorkToDo::StartWork()
[0]066C.088C::2013-11-22 13:11:02.655 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2188]: SCOPE: --> ImportNotify::SendMessage()
[0]066C.088C::2013-11-22 13:11:02.656 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2188]: DEBUG: ImportNotify::SendMessage() - Sending message: StartImport::ProcessId::1644
[0]066C.088C::2013-11-22 13:11:02.656 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2188]: SCOPE: <-- ImportNotify::SendMessage()^~^0
[0]066C.088C::2013-11-22 13:11:02.656 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2188]: SCOPE: --> WorkThreadGroup::JoinAll()
[0]066C.088C::2013-11-22 13:11:02.656 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2188]: SCOPE: <-- WorkThreadGroup::JoinAll()^~^0
[0]066C.088C::2013-11-22 13:11:02.656 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2188]: SCOPE: --> WorkToDo::SetPreWorkSynchronizationState()
[0]066C.088C::2013-11-22 13:11:02.656 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2188]: SCOPE: <-- WorkToDo::SetPreWorkSynchronizationState()^~^0
[0]066C.088C::2013-11-22 13:11:02.656 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2188]: SCOPE: --> WorkToDo::WaitForWorkerThread()
[0]066C.0B44::2013-11-22 13:11:02.656 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: SCOPE: --> WorkToDo::WorkerThread()
[0]066C.0B44::2013-11-22 13:11:02.656 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - CscChangeManager: [2884]: SCOPE: --> CscChangeManager::Initialize
[0]066C.0B44::2013-11-22 13:11:02.656 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - CscChangeManager: [2884]: INFO: The Remote Change Manager is initializing.
[0]066C.0B44::2013-11-22 13:11:02.656 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - CscChangeManager: [2884]: SCOPE: --> CscCache::CscCache
[0]066C.0B44::2013-11-22 13:11:02.656 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - CscChangeManager: [2884]: INFO: Offline files are disabled.
[0]066C.0B44::2013-11-22 13:11:02.656 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - CscChangeManager: [2884]: SCOPE: <-- CscCache::CscCache^~^0
[0]066C.0B44::2013-11-22 13:11:02.656 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - CscChangeManager: [2884]: SCOPE: --> Repository::Initialize(2)
[0]066C.0B44::2013-11-22 13:11:02.656 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - CscChangeManager: [2884]: INFO: Successfully fetched 'SettingsStoragePath' from the registry. Value: \\fscluster2.ad.wku.edu\shared\CUSTOM-SHARED\UEV-SETTINGSSTORE\jms56519
[0]066C.0B44::2013-11-22 13:11:02.656 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - CscChangeManager: [2884]: SCOPE: --> Repository::IsRepositoryPathCurrent
[0]066C.0B44::2013-11-22 13:11:02.656 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - CscChangeManager: [2884]: SCOPE: --> Repository::GetCurrentRepositoryPath
[0]066C.0B44::2013-11-22 13:11:02.656 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - CscChangeManager: [2884]: SCOPE: <-- Repository::GetCurrentRepositoryPath^~^0
[0]066C.0B44::2013-11-22 13:11:02.656 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - CscChangeManager: [2884]: SCOPE: <-- Repository::IsRepositoryPathCurrent^~^0
[0]066C.0B44::2013-11-22 13:11:02.657 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - CscChangeManager: [2884]: INFO: The settings storage path has been set to: : \\fscluster2.ad.wku.edu\shared\CUSTOM-SHARED\UEV-SETTINGSSTORE\jms56519\SettingsPackages
[0]066C.0B44::2013-11-22 13:11:02.657 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - CscChangeManager: [2884]: SCOPE: <-- Repository::Initialize(2)^~^0
[0]066C.0B44::2013-11-22 13:11:02.657 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - CscChangeManager: [2884]: SCOPE: <-- CscChangeManager::Initialize^~^0
[0]066C.0B44::2013-11-22 13:11:02.657 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: SCOPE: --> WorkToDo::ProcessSynchronousWorkItems()
[0]066C.0B44::2013-11-22 13:11:02.657 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: SCOPE: --> WorkToDo::ProcessWorkItems()
[0]066C.0B44::2013-11-22 13:11:02.657 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: INFO: WorkToDo::ProcessWorkItems() - Orchestrator worker thread was created for settings location template ID Skype-Skype-v-6-9.
[0]066C.0B44::2013-11-22 13:11:02.657 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: SCOPE: --> ImportSettingsWork::WorkRoutine()
[0]066C.0B44::2013-11-22 13:11:02.657 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: INFO: Orchestrator::ImportSettings was called for settings location template Skype.
[0]066C.0B44::2013-11-22 13:11:02.657 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: SCOPE: --> Utility::CreateInitialPackage()
[0]066C.0B44::2013-11-22 13:11:02.657 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: DEBUG: Utility::CreateInitialPackage() - Initial package already exists
[0]066C.0B44::2013-11-22 13:11:02.657 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: SCOPE: <-- Utility::CreateInitialPackage()^~^0
[0]066C.0B44::2013-11-22 13:11:02.657 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: SCOPE: --> ImportSettingsWork::ImportSettings()
[0]066C.0B44::2013-11-22 13:11:02.657 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: SCOPE: --> SyncMonitor constructor
[0]066C.0B44::2013-11-22 13:11:02.657 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: INFO: SyncMonitor::SyncMonitor(): Bypass sync of overlapping app instances for templateId skype-skype-v-6-9: enabled
[0]066C.0B44::2013-11-22 13:11:02.657 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: SCOPE: <-- SyncMonitor constructor^~^0
[0]066C.0B44::2013-11-22 13:11:02.657 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: DEBUG: ImportSettingsWork::ImportSettings() - Allowing sync of recipeID Skype-Skype-v-6-9 because no other process are running.
[0]066C.0B44::2013-11-22 13:11:02.657 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - ChangeManager: [2884]: SCOPE: --> ChangeManager::SyncFromRepository
[0]066C.0B44::2013-11-22 13:11:02.657 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - CscChangeManager: [2884]: SCOPE: --> CscChangeManager::SyncFromRepository
[0]066C.0B44::2013-11-22 13:11:02.657 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - CscChangeManager: [2884]: SCOPE: --> CscChangeManager::ShouldUsePrefetchPackage
[0]066C.0B44::2013-11-22 13:11:02.657 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - CscChangeManager: [2884]: SCOPE: <-- CscChangeManager::ShouldUsePrefetchPackage^~^0
[0]066C.0B44::2013-11-22 13:11:02.657 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - CscChangeManager: [2884]: DEBUG: CscChangeManager::SyncFromRepository() - Using respository package for template Skype-Skype-v-6-9.
[0]066C.0B44::2013-11-22 13:11:02.660 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - CscChangeManager: [2884]: INFO: A SyncFromRepository request finished. A settings file for the requested settings location template was not found. Template ID: Skype-Skype-v-6-9
[1]066C.0B44::2013-11-22 13:11:02.661 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - CscChangeManager: [2884]: SCOPE: <-- CscChangeManager::SyncFromRepository^~^0
[1]066C.0B44::2013-11-22 13:11:02.661 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - ChangeManager: [2884]: SCOPE: <-- ChangeManager::SyncFromRepository^~^0
[1]066C.0B44::2013-11-22 13:11:02.661 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: INFO: An updated settings data package was not found to import for settings location template Skype.
[1]066C.0B44::2013-11-22 13:11:02.661 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: SCOPE: --> SyncMonitor constructor
[1]066C.0B44::2013-11-22 13:11:02.661 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: INFO: SyncMonitor::SyncMonitor(): Bypass sync of overlapping app instances for templateId skype-skype-v-6-9: enabled
[1]066C.0B44::2013-11-22 13:11:02.661 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: SCOPE: <-- SyncMonitor constructor^~^0
[1]066C.0B44::2013-11-22 13:11:02.661 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: SCOPE: <-- ImportSettingsWork::ImportSettings()^~^0
[1]066C.0B44::2013-11-22 13:11:02.662 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: DEBUG: ImportSettingsWork::WorkRoutine() - Returned 0.
[1]066C.0B44::2013-11-22 13:11:02.662 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: SCOPE: <-- ImportSettingsWork::WorkRoutine()^~^0
[1]066C.0B44::2013-11-22 13:11:02.662 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: SCOPE: <-- WorkToDo::ProcessWorkItems()^~^0
[1]066C.0B44::2013-11-22 13:11:02.662 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: SCOPE: <-- WorkToDo::ProcessSynchronousWorkItems()^~^0
[1]066C.0B44::2013-11-22 13:11:02.662 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: SCOPE: --> WorkToDo::ProcessAsynchronousWorkItems()
[1]066C.0B44::2013-11-22 13:11:02.662 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: SCOPE: <-- WorkToDo::ProcessAsynchronousWorkItems()^~^0
[1]066C.0B44::2013-11-22 13:11:02.662 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: DEBUG: WorkToDo::WorkerThread() - Setting result = 0.
[1]066C.0B44::2013-11-22 13:11:02.662 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - CscChangeManager: [2884]: INFO: The Remote Change Manager is shutting down.
[1]066C.0B44::2013-11-22 13:11:02.662 [Microsoft-User Experience Virtualization-App Agent]Settings data update check has been completed.
[1]066C.0B44::2013-11-22 13:11:02.662 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: SCOPE: --> WorkToDoEvent::SignalEvent()
[1]066C.0B44::2013-11-22 13:11:02.662 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: SCOPE: <-- WorkToDoEvent::SignalEvent()^~^0
[1]066C.0B44::2013-11-22 13:11:02.662 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2884]: SCOPE: <-- WorkToDo::WorkerThread()^~^0
[3]066C.088C::2013-11-22 13:11:02.662 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2188]: SCOPE: <-- WorkToDo::WaitForWorkerThread()^~^0
[3]066C.088C::2013-11-22 13:11:02.662 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2188]: DEBUG: WorkToDo::StartWork() - Returning = 0.
[3]066C.088C::2013-11-22 13:11:02.662 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2188]: SCOPE: --> ImportNotify::SendMessage()
[1]066C.088C::2013-11-22 13:11:02.662 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2188]: DEBUG: ImportNotify::SendMessage() - Sending message: StopImport::ProcessId::1644
[1]066C.088C::2013-11-22 13:11:02.662 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2188]: SCOPE: <-- ImportNotify::SendMessage()^~^0
[1]066C.088C::2013-11-22 13:11:02.662 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2188]: SCOPE: <-- WorkToDo::StartWork()^~^0
[1]066C.088C::2013-11-22 13:11:02.662 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - Orchestrator: [2188]: SCOPE: <-- Orchestrator::ImportSettings(2)^~^0
[1]066C.088C::2013-11-22 13:11:02.662 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - AppAgent: [2188]: SCOPE: <-- SyncSettingsFromCentralStoreToLocalStore() [Settings successfully imported]^~^0
[1]066C.088C::2013-11-22 13:11:02.662 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:02.659 - AppAgent: [2188]: INFO: Calling monitored application's main entry point.
[1]066C.088C::2013-11-22 13:11:02.662 [Microsoft-User Experience Virtualization-App Agent]The AppAgent is calling the application's real ExeMain function.
[0]01FC.0840::2013-11-22 13:11:04.715 [Microsoft-User Experience Virtualization-Agent Driver]The Agent Driver trapped the start of process svchost.exe (ID 3356).
[3]0D1C.0C90::2013-11-22 13:11:04.759 [Microsoft-User Experience Virtualization-Agent Driver]The Agent Driver trapped the start of process WerFault.exe (ID 2452).
[0]0128.0178::2013-11-22 13:11:08.345 [Microsoft-User Experience Virtualization-Agent Driver]The Agent Driver trapped the start of process WMIADAP.exe (ID 3688).
[3]066C.088C::2013-11-22 13:11:12.525 [Microsoft-User Experience Virtualization-App Agent]2013-Nov-22 13:11:12.523 - AppAgent: [2188]: SCOPE: <-- ExeMainDetour()^~^9895
[2]0C40.0E84::2013-11-22 13:11:25.852 [Microsoft-User Experience Virtualization-Agent Driver]The Agent Driver trapped the start of process logman.exe (ID 320). -
Monitoring BizTalk Event Viewer 2006R2
Hi ,
In our project, we are using "Schedule" custom adapter in BizTalk for some receive locations and every Friday these schedules should run.
But I have got warning message last friday with event id 5740 stating that adapter schedule was changed to next friday.
Do we have any simple way to monitor BizTalk events getting fired everyday? Also is there a way to customise HAT queries to find out messages required?Hi Raghu,
This code may help you out to monitor event logs
using System;
using System.IO;
using System.Diagnostics;
public class Test
public static void Main()
// check for the event log source on specified machine
// the Application event log source on MCBcomputer
if (!EventLog.Exists("Application", "MCBcomputer"))
Console.WriteLine("The log does not exist!");
return;
EventLog myLog = new EventLog();
myLog.Log = "Application";
myLog.MachineName = "MCBcomputer";
Console.WriteLine("There are " + myLog.Entries.Count + " entr[y|ies] in the Application log:");
foreach (EventLogEntry entry in myLog.Entries)
Console.WriteLine("\tEntry: " + entry.Message);
// check for Demo event log source existence
// create it if it not exist
if (!EventLog.SourceExists("Demo"))
EventLog.CreateEventSource("Demo", "Demo");
EventLog.WriteEntry("AnySource", "writing error to demo log.", EventLogEntryType.Error);
Console.WriteLine("Monitoring of Application event log began...");
Console.WriteLine(@"Press 'q' and 'Enter' to quit");
while (Console.Read() != 'q')
// Now we will monitor the new entries that will be written.
// When you create an EntryWrittenEventHandler delegate
// you identify the method that will handle the event.
myLog.EntryWritten += new EntryWrittenEventHandler(OnEntryWritten);
// EnableRaisingEvents gets or sets a value indicating whether the
// EventLog instance receives EntryWritten event notifications.
myLog.EnableRaisingEvents = true;
public static void OnEntryWritten(Object source, EntryWrittenEventArgs e)
Console.WriteLine("written entry: " + e.Entry.Message);
Thanks
Abhishek -
How to write to windows event logs from determinations-server under IIS
This is just an FYI technical bit of information I wish someone had shared with me before I started trying to write OPA errors to the windows event log... Most problems writing to the windows event log from log4net occur because of permissions. Some problems are because determinations-server does not have permissions to create some registry entries. Some problems cannot be resolved unless specific registry entry permissions are actually changed. We had very little consistency with the needed changes across our servers, but some combination of the following would always get the logging to the windows event log working.
To see log4net errors as log4net attempts to utilize the windows event log, temporarily add the following to the web.config:
<appSettings>
<!-- uncomment the following line to send diagnostic messages about the log configuration file to the debug trace.
Debug trace can be seen when attached to IIS in a debugger, or it can be redirected to a file, see
http://logging.apache.org/log4net/release/faq.html in the section "How do I enable log4net internal debugging?" -->
<add key="log4net.Internal.Debug" value="true"/>
</appSettings>
<system.diagnostics>
<trace autoflush="true">
<listeners>
<add
name="textWriterTraceListener"
type="System.Diagnostics.TextWriterTraceListener"
initializeData="logs/InfoDSLog.txt" />
</listeners>
</trace>
</system.diagnostics>
To add an appender for the windows event viewer, try the following in the log4net.xml:
<appender name="EventLogAppender" type="log4net.Appender.EventLogAppender" >
<param name="ApplicationName" value="OPA" />
<param name="LogName" value="OPA" />
<param name="Threshold" value="all" />
<layout type="log4net.Layout.PatternLayout">
<conversionPattern value="%date [%thread] %-5level %logger [%property{NDC}] - %message%newline" />
</layout>
<filter type="log4net.Filter.LevelRangeFilter">
<levelMin value="WARN" />
<levelMax value="FATAL" />
</filter>
</appender>
<root>
<level value="warn"/>
<appender-ref ref="EventLogAppender"/>
</root>
To put the OPA logs under the Application Event Log group, try this:
Create an event source under the Application event log in Registry Editor. To do this, follow these steps:
1. Click Start, and then click Run.
2. In the Open text box, type regedit.
3. Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application
4. Right-click the Application subkey, point to New, and then click Key.
5. Type OPA for the key name.
6. Close Registry Editor.
To put the OPA logs under a custom OPA Event Log group (as in the demo appender above), try this:
Create an event log in Registry Editor. To do this, follow these steps:
1. Click Start, and then click Run.
2. In the Open text box, type regedit.
3. Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
4. Right-click the eventlog subkey, point to New, and then click Key.
5. Type OPA for the key name.
6. Right-click the new OPA key and add a new DWORD called "MaxSize" and set it to "1400000" which is about 20 Meg in order to keep the log file from getting too large.
7. The next steps either help or sometimes cause an error, but you can try these next few steps... If you get an error about a source already existing, then you can delete the key.
8. Right-click the OPA subkey, point to New, and then click Key.
9. Type OPA for the key name.
10. Close Registry Editor.
You might need to change permissions so OPA can write to the event log in Registry Editor. If you get permission errors, try following these steps:
1. Click Start, and then click Run.
2. In the Open text box, type regedit.
3. Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
4. Right-click the EventLog key, select Permissions.
5. In the dialog that pops up, click Add...
6. Click Advanced...
7. Click Locations... and select the current machine by name.
8. Click Find Now
9. Select both the Network user and IIS_IUSERS user and click OK and OK again. (We never did figure out which of those two users was the one that fixed our permission problem.)
10. Change the Network user to have Full Control
11. Click Apply and OK
To verify OPA Logging to the windows event logs from Determinations-Server:
Go to the IIS determinations-server application within Server Manager.
Under Manage Application -> Browse Application click the http link to pull up the local "Available Services" web page that show the wsdl endpoints.
Select the /determinations-server/server/soap.asmx?wsdl link
Go to the URL and remove the "?wsdl" from the end of the url and refresh. This will throw the following error into the logs:
ERROR Oracle.Determinations.Server.DSServlet [(null)] - Invalid get request: /determinations-server/server/soap.asmx
That error should show up in the windows event log, OR you can get a message explaining why security stopped you in "logs/InfoDSLog.txt" if you used the web.config settings from above.
http://msdn.microsoft.com/en-us/library/windows/desktop/aa363648(v=vs.85).aspx
Edited by: Paul Fowler on Feb 21, 2013 9:45 AMThanks for sharing this information Paul.
Maybe you are looking for
-
DB Link from Oracle to SQL Server error
Dear buddies, I need to perfome some select on the tables which reside in SQL Server 2005 from Oracle 10g. I followed the steps given in : http://www.dba-oracle.com/t_heterogeneous_database_connections_sql_server.htm I could perform a TNS ping which
-
IWeb's built in ftp client won't upload new files
iWeb's built in ftp client is mad at me, refusing to upload new files. No doubt because last Sunday I asked GoDaddy to change my domain name (same site, name changed). They did. Immediately nothing would upload. GoDaddy said "Well some FTPs are picky
-
I have setup Toplink with CMT under ias 9.0.2.2 . Ocassionally I get the following error. Any ideas why this would occur. javax.transaction.RollbackException: The transaction has been marked for rollback (javax.ejb.EJBException) at com.evermind.
-
I am new to apple software having worked with microsoft all these years. The switch was mainly for my photographs. Iphotos seemed to have changed all digital albums from jpeg to tiff format hence the very small resolution. Can anyone out there please
-
Can't open any Adobe document, email attachment
Had Adcobe Reader for years, recently the X version, worked fine. A few days ago a message appeared that the program "has stopped operating" after a message "This application has requested the Runtime to terminate it in an unusual way". I downloaded