Windows Active Session logon state security event viewer
Hi Team,
i have question.
i already enable audit logging policy from GPO, especially logon logoff audit.
at server event viewer show (security/audit success) display log off and log on event id. 4634 for logoff and 4624 for logon
my question are :
1. Why event viewer always show computer name at account name information? event viewer 4624 logon
can i get the user name info from this event id 4624 logon
2. At event id 4634 logoff, security id and account name info always show computer name account
can i get user name too?
3. what if the active user log on user never log off ( I mean user only disconnect from RDP session ).
can i get info from security event viewer whose user that being active remote to server?
Thanks
Regards :)
There should be both a computer and a user authentication since both so log onto the domain.
Even though a user may never log off of a machine they still need to establisj a session with other machines for services. After the intial logon the Kerberos TGT session ticket may be good for the next week (7 days by default) the logs should
still show all newly established sessions. You may need to review all DC's within the site of the user not just one DC, since any DC within the site could be providing the service.
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security, BS CSci
2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup.
This posting is provided AS IS with no warranties, and confers no rights.
Similar Messages
-
UCCX Agent Desktop v.7 taking over Windows active session when phone rings
I'm trying to figure out how (if possible) for the Cisco UCCX Agent Desktop application from taking over a users Windows session every time the phone rings. This is very annoying and takes the end user out of what ever application they are currently in whenever their phone rings. Does anyone know how to change this?
Hi Eric,
Maybe this is better
Miscellaneous tab options.
Option Description
Window Behavior Specify how you want the Agent Desktop window to
behave:
• Normal. The window appears when calls are
present and minimizes when idle.
• Keep Open. The window is always visible, but may
be hidden by other open applications.
• Always on Top. The window is always visible and on
top of other open applications.
• Stealth. The window appears as an icon in the
system tray.
http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/cad_enterprise/cadenterprise7_0/user/guide/cda700ug.pdf
Cheers!
Rob -
What caused the Windows 2008R2 Security event discarded
Dear Support team,
I have a windows 2008 R2 server, The security events didn't recorded from last year.
1. The maximum log size set to 100 MB, But the log file is 300 MB. The retention was set to "archive the log when full,do not overwrite events".
2. Below last entry security log show the registry key that i modified at that time. After i modify the registry value all of the security event were discarded
A registry value was modified.
Subject:
Security ID: domain\userid
Account Name: userid
Account Domain: domain
Logon ID: 0x2c202074
Object:
Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\eventlog\Security
Object Value Name: Retention
Handle ID: 0x100
Operation Type: Existing registry value modified
Process Information:
Process ID: 0x129c
Process Name: C:\Windows\regedit.exe
Change Information:
Old Value Type: REG_DWORD
Old Value: 0
New Value Type: REG_DWORD
New Value: 4294967295
3. As i know,The Windows Event Log supersedes the Event Logging API beginning with the Windows Vista operating system. Here is the KB link: http://msdn.microsoft.com/en-us/library/windows/desktop/aa385780(v=vs.85).aspx?ppud=4
And the registry key which i modified at the before ( \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\eventlog\Security\retention ) Seems only apply to Event logging for Windows 2003 and prior system.
Here is the KB link: http://msdn.microsoft.com/en-us/library/windows/desktop/aa363648(v=vs.85).aspx
May i know what is the reason cause security event discarded ?
Does the retention setting at Registry still working at windows 2008?
Thanks very mush.
RandyThe new methods are via GPO described here.
http://technet.microsoft.com/en-us/library/cc722385(v=WS.10).aspx
http://blogs.technet.com/b/askds/archive/2008/08/12/event-logging-policy-settings-in-windows-server-2008-and-vista.aspx
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows]
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. -
I have configured the Default Domain Controller's policy to log SUCCESS for Account Logon Events in the Server 2008 R2 Domain Controller, but these events are not logging in the Security Event log.
Default Domain Controllers Policy
Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policies/Audit Account Logon Events = Success.
What tools can I use to troubleshoot this further? The results of "Auditpol.exe /get /category:*" are below.
System audit policy
Category/Subcategory Setting
System
Security System Extension No Auditing
System Integrity No Auditing
IPsec Driver No Auditing
Other System Events No Auditing
Security State Change No Auditing
Logon/Logoff
Logon No Auditing
Logoff No Auditing
Account Lockout No Auditing
IPsec Main Mode No Auditing
IPsec Quick Mode No Auditing
IPsec Extended Mode No Auditing
Special Logon No Auditing
Other Logon/Logoff Events No Auditing
Network Policy Server No Auditing
Object Access
File System No Auditing
Registry No Auditing
Kernel Object No Auditing
SAM No Auditing
Certification Services No Auditing
Application Generated No Auditing
Handle Manipulation No Auditing
File Share No Auditing
Filtering Platform Packet Drop No Auditing
Filtering Platform Connection No Auditing
Other Object Access Events No Auditing
Detailed File Share No Auditing
Privilege Use
Sensitive Privilege Use No Auditing
Non Sensitive Privilege Use No Auditing
Other Privilege Use Events No Auditing
Detailed Tracking
Process Termination No Auditing
DPAPI Activity No Auditing
RPC Events No Auditing
Process Creation No Auditing
Policy Change
Audit Policy Change No Auditing
Authentication Policy Change No Auditing
Authorization Policy Change No Auditing
MPSSVC Rule-Level Policy Change No Auditing
Filtering Platform Policy Change No Auditing
Other Policy Change Events No Auditing
Account Management
User Account Management No Auditing
Computer Account Management No Auditing
Security Group Management No Auditing
Distribution Group Management No Auditing
Application Group Management No Auditing
Other Account Management Events No Auditing
DS Access
Directory Service Changes No Auditing
Directory Service Replication No Auditing
Detailed Directory Service Replication No Auditing
Directory Service Access No Auditing
Account Logon
Kerberos Service Ticket Operations No Auditing
Other Account Logon Events No Auditing
Kerberos Authentication Service No Auditing
Credential Validation SuccessHi Lawrence,
After configuring the GPO, did we run command gpupdate/force to update the policy immediately on domain controller? Besides, please run command gpresult/h c:\gpreport.html to check if the audit policy
setting was applied successfully.
TechNet Subscriber Support
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
Best regards,
Frank Shen -
Error in Event viewer - COM Server application security Issue
Dear All,
I am installing one software on windows cluster environment. But while installing I am getting continuous error in System in Event Viewer as 'The application-specific permission settings do not grant Local Activation permission for the COM Server application
with CLSID {xxxxxxxxxxxxx} and APPID {xxxxxxxxxxxxx} to the user NT SERVICE\SQL Server Distributed Replay Client SID (S-1-5-80-3249811479-4343554-65656-65665) from address LocalHost (Using LRPC). The security permission can be modified using the Component
Services administrative tool.'
I have seen in component services, that app ID I am getting for DReplayController service. On security tab if I want to give permission to that particular user then to which user I want to add in 'Launch and Activate permissions'. I am not getting 'SQL Server
Distributed Replay Controller' user in list.
So, please help me.
Thanks in advance.Hi,
Please try to add this account: NT AUTHORITY\SYSTEM.
More information for you:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 2012
https://social.technet.microsoft.com/forums/systemcenter/en-US/cd8a2c95-70db-4df6-b7f5-eedcc5d898c7/the-applicationspecific-permission-settings-do-not-grant-local-activation-permission-for-the-com
Event ID 10016 issue in SQL Cluster Server
https://social.technet.microsoft.com/Forums/sqlserver/en-US/c5a27692-05c0-4ee4-b97f-1ea438b4e5f7/event-id-10016-issue-in-sql-cluster-server?forum=sqldisasterrecovery
In addition, if there are any further requirements regarding SQL, here are some SQL forums below for you:
https://social.technet.microsoft.com/Forums/sqlserver/en-US/home?category=sqlserver&filter=alltypes&sort=lastpostdesc
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
CRITICAL EVENT VIEWER ERROR CODES IN WINDOWS 8 OS HELP!!!!!
URGENT HELP NEEDED!! HP PAVILION G7 LAPTOP, PRE-INSTALLED OS: WINDOWS 8 UPGRADED TO 8.1 DOWNLOADED FROM WINDOWS. EVENT VIEWER SHOWING NUMEROUS ERROR ID'S #1 SOURCE: ESENT, EVENT ID: 532, WITH LEVEL:WARNING ON 1/11/14.
+
System
Provider
Name]
ESENT
EventID
532
Qualifiers]
0
Level
3
Task
1
Keywords
0x80000000000000
TimeCreated
SystemTime]
2014-01-11T21:09:31.000000000Z
EventRecordID
6382
Channel
Application
Computer
5CD3182MR2
Security
EventData
LiveComm
5976
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\f3234cb42b8f428e\120712-0049\:
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\f3234cb42b8f428e\120712-0049\DBStore\livecomm.edb
3907584
(0x00000000003ba000)
8192
(0x00002000)
36
STATES FAULTY HARDWARE, AND THIS IS A NEW LAPTOP! THERE ARE OTHER ID'S LISTED: EVENT ID:1530, SOURCE: USER PROFILE SERVICE, LOG NAME: APPLICATION, LEVEL:WARNING, 3 USER REGISTRY HANDLES LEAKED FROM WINDOWS\SYSTEM 32, I DONT
KNOW WHATS GOING ON?? IT IS MY NORTON 360? I SEE IT SHOWS :3 user registry handles leaked from
\Registry\User\S-1-5-21-3960481396-744839641-3680832521-500: Process 312
(\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key
\REGISTRY\USER\S-1-5-21-3960481396-744839641-3680832521-500 Process 752
(\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key
\REGISTRY\USER\S-1-5-21-3960481396-744839641-3680832521-500\Software\Microsoft\Windows\CurrentVersion\Uninstall
Process 312 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened
key
\REGISTRY\USER\S-1-5-21-3960481396-744839641-3680832521-500\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections
PLEASE HELP OR GIVE ME ADVICE, THANK YOU!!Please provide us with your Event Viewer administrative logs by following these steps:
Click Start Menu
Type eventvwr into Search programs and files (do not hit enter)
Right click eventvwr.exe and click Run as administrator
Expand Custom Views
Click Administrative Events
Right click Administrative Events
Save all Events in Custom View As...
Save them in a folder where you will remember which folder and save as Errors.evtx
Go to where you saved Errors.evtx
Right click Errors.evtx -> send to -> compressed (zipped) folder
Upload the .zip file to skydrive or a file sharing service and put a link to it in your next post
If you have updated to win 8.1 and you get the error message "the system cannot find the file specified" it is a known problem.
The work around is to edit the registry. If you are not comfortable doing this DONT. If you are, backup the key before you do
Press Win+"R" and input regedit
Navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels. Delete "Microsoft-Windows-DxpTaskRingtone/Analytic"
Did you ask this on another site??? It looks very familiar.
Wanikiya and Dyami--Team Zigzag -
Windows is Scanning and repairing drive... (- Errors in Event Viewer)
Long post, please be patient... :)
I have a fairly new (purchased 8/2013) Lenovo ThinkPad T431s with Windows 8.1 Pro 64-bit (updated from 8.0 -> 8.1). It has a very tricky error coming basically 8 / 10 boots:
Windows is Scanning and repairing drive...
Error details from Windows Event Viewer (a new similar error appears on every boot to event viewer):
A corruption was discovered in the file system structure on volume \?\Volume{f62db2cf-efe4-4b55-a3f7-0e7db991a984}.
A file on the volume is no longer reachable from its parent directory. The parent file reference number is 0x2000000000002. The name of the parent directory is "". The parent index attribute is ":$I30:$INDEX_ALLOCATION". The file reference
number of the file that needs to be reconnected is 0x400000003db80. There may be additional files on the volume that also need to be reconnected to this parent directory.
What has been done 1st trying to fix that:
SSD disk has been changed (image from previous SSD copied back) ->
no solution, error remains
chkdsk /F /R -> no solution, error remains
SFC /scannow -> no solution, error remains
dism /online /cleanup-image /restorehealth -> no solution, error remains after a few boots
TRIED using Windows 8.1 "Update & Recovery -> Refresh Your PC without affecting your files" -> Inserted the Lenovo "Operating System Recovery Disk Windows 8 Pro (OEM Activation 3.0 Required)" BUT Windows did not accept
that DVD claiming "The media inserted is not valid"... ???
Ended up calling Lenovo Support and they instructed me to order the Recovery DVD from
Lenovorecovery.com -> Unfortunatelly Windows does not recognice the DVD(s)...
mountvol returns:
\\?\Volume{4d337687-0033-42f7-8a8e-b6968b533cb3}\
(This is my C:\ drive where Windows installation resides)
\\?\Volume{e010cf9d-c04d-4c82-b517-3cda1b647fe7}\
*** NO MOUNT POINTS ***
\\?\Volume{f62db2cf-efe4-4b55-a3f7-0e7db991a984}\
*** NO MOUNT POINTS ***
\\?\Volume{33f0062f-0aff-4fd2-8402-1c7911d86897}\
*** NO MOUNT POINTS ***
Then running fsutil dirty query on each returns:
Volume - \\?\Volume{4d337687-0033-42f7-8a8e-b6968b533cb3} is NOT Dirty
Volume - \\?\Volume{e010cf9d-c04d-4c82-b517-3cda1b647fe7} is NOT Dirty
Volume - \\?\Volume{f62db2cf-efe4-4b55-a3f7-0e7db991a984} is Dirty
Volume - \\?\Volume{33f0062f-0aff-4fd2-8402-1c7911d86897} is NOT Dirty
The chkdsk on the dirty volume
\\?\Volume{f62db2cf-efe4-4b55-a3f7-0e7db991a984}\ returned:
The type of the file system is NTFS.
Insufficient storage available to create either the shadow copy storage file or
other shadow copy data.
A snapshot error occured while scanning this drive. Run an offline scan and fix.
Diskpart output on the same volume:
DISKPART> lis par
Partition ### Type Size Offset
Partition 1 Reserved 128 MB 17 KB
Partition 2 Recovery 1000 MB 129 MB
Partition 3 System 260 MB 1129 MB
Partition 4 Primary 146 GB 1389 MB
Partition 5 Recovery 350 MB 147 GB
Partition 6 Recovery 19 GB 148 GB
Questions:
1) Are my Partitions OK, haven't "touched" anything?
2) Excluded the dirty volume from boot checking with chkntfs /x
-> still the Error appears in Event viewer log (but Scanning is skipped/not shown anymore during the boot).
What is causing the error?
3) Why do I have three (3) recovery partitions?What has happened in the past days:
A) Lenovo on-site-Support changed the motherboard -> had no impact on the error (which I expected).
B) I found
instructions how to manually create USB Flash stick with a booting Custom (OEM) Recovery Image.
C) Booted with USB and performed "Refresh your PC without affecting your files."
D) Windows was refreshed but...
-->>
Still the error remains (Windows scanning and repairing drive \?\Volume{f62db2cf-efe4-4b55-a3f7-0e7db991a984} on each and every boot.
1) Related Error in Event viewer (NTFS):
A corruption was discovered in the file system structure on volume \?\Volume{f62db2cf-efe4-4b55-a3f7-0e7db991a984}.
A file on the volume is no longer reachable from its parent directory. The parent file reference number is 0x2000000000002. The name of the parent directory is "". The parent index attribute is ":$I30:$INDEX_ALLOCATION". The file reference number of the
file that needs to be reconnected is 0x400000003db80. There may be additional files on the volume that also need to be reconnected to this parent directory.
2) Related Error in Event viewer (NTFS - Microsoft Windows NTFS):
Volume \\?\Volume{f62db2cf-efe4-4b55-a3f7-0e7db991a984} (\Device\HarddiskVolume5) needs to be taken offline to perform a Full Chkdsk. Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via
PowerShell.
-->>
Now Lenovo support is proposing a full re-install (to be performed by myself) of Windows as this is SW issue.
Summary:
- Refreshing my T431s with OEM Image does not help
- The error remains on \?\Volume{f62db2cf-efe4-4b55-a3f7-0e7db991a984} (\Device\HarddiskVolume5; Lenovo Recovery partition) OR at least Windows thinks so... -
Illustrator CC crashes on startup(windows event viewer message included)
Windows event viewer shows like this...
System
Provider
[ Name]
Application Error
EventID
1000
[ Qualifiers]
0
Level
2
Task
100
Keywords
0x80000000000000
TimeCreated
[ SystemTime]
2013-12-09T06:35:08.000000000Z
EventRecordID
71639
Channel
Application
Computer
HPNB-dhleeNB
Security
EventData
Illustrator.exe
17.0.0.260
52822426
ntdll.dll
6.1.7601.18247
521ea8e7
c0000374
000ce753
a690
01cef4a8afb2dd09
C:\Program Files (x86)\Adobe\Adobe Illustrator CC\Support Files\Contents\Windows\Illustrator.exe
C:\Windows\SysWOW64\ntdll.dll
0b8a3ab7-609c-11e3-8e0d-005056c00008
Please help.Problem solved. Refer to below.
3 posts
Nov 25, 2013
2.AlanDrVita,
Nov 26, 2013 9:16 AM in reply to outdoorz
Report
I may have been able to resolve my issue. I held shift while opening Illustrator and opened it in a bare bones mode, then closed it and reopened it without getting the error message. Good luck to you.
Was this helpful? Yes No -
Essential event viewer bugs with "Forwarded Events" log in Windows Server 2008 R2 and Windows 7
To my general experience, Windows event viewer is one of the most problematic, faulty management tools in the case of extensive use of its more sophisticated capabilities. The sole description as well as reproduction of some entangled failures would require
remarkable effort.
With the "Forwarded Events" log however, the situation becomes particularly worse in that even simple functionality fails and workarounds are difficult to find. That’s what I’ll describe here in order to share my experience with interested users.
For precision: I’ve extensively used event viewer on a German Windows Server 2008 R2 SP1 (Windows SBS 2011 Standard SP1). The bugs I found on that system, I could reproduce on a German Windows 7 Professional 64-Bit SP1, too.
Problem 1: Failure of even simple event filtering
To reproduce this problem, execute these steps on a test machine with any of the two OS mentioned above:
(i) To prepare log contents, do either of the following:
(a) populate some events to your local "Forwarded Events" log (most simply by subscribing events from other logs of the same machine; stop subscription if you have collected some events)
Or
(b) copy a non-empty log file "ForwardedEvents.evtx" from another machine (with any of the two OS mentioned above) to your test machine and open the file in event viewer.
(ii) Navigate to your "Forwarded Events" test log and open the filtering dialog. In the "Includes/Excludes Event IDs" field, type: 1-9000. Click OK.
(iii) Look at the results pane: Surprise, 0 Events! Do you really have no event IDs between 1 and 9000 in your test log?
(iv) Another example, if you have forwarded security events in your test log: Clear filter, if any previous filter is in place. Open the filtering dialog. In "Keywords" sub-dialog, choose "Audit Success". Click OK.
(v) Look at the results pane: Surprise, 0 Events! Do you really have no successful security monitoring events in your test log?
I’ll finish here. If you have a rich variety of events in your test log available, let your imagination run wild to test around. Finally include some simple manually created or modified XPath filters on the XML tab of the filtering dialog. I promise, you’ll
find a lot of additional strange results.
Problem 2: Cannot save manually selected events to .evtx file
Navigate to your "Forwarded Events" test log. In the results pane, select one or more events by highlighting them by mouse clicks. In context menu, choose "Save selected events". In the "save as" dialog, choose file type *.evtx
and save your file. Open the newly created file in event viewer. Result: Surprise, no events inside the new file!
Have more fun with forwarded events
HelmutDid you mean that right click Forwarded Event and select "Filter Current Log..."? Since I can filter correct event vai the "Filter Current Log..." in my Lab environment.
Hi Justin,
yes, I mean "Filter Current Log ... " (in my German systems: "Aktuelles Protokoll filtern ... ").
What do you mean with "my Lab environment" exactly?
In the meantime, I performed additional tests. I copied the "ForwardedEvents.evtx" test file from Server 2008 R2 resp. Windows 7 to
(i) German Windows 8 Pro 64-Bit RTM
(ii) German Windows 8.1 Pro 64-Bit, up-to-date
in order to view and filter the file there.
Results: Same event viewer problem on Windows 8 RTM, but correct behavior on Windows 8.1!
Best regards, Helmut -
Event Viewer errors Windows 8.1
In the Event Viewer Windows 8.1 have found the following errors from the source Kenel-EventTracing :
The following sessions could not start due to the error 0xC000035 :
Pku2uLog
NegoLog
IDLListenLog
HomeGroupLog
The laptop Windows 8.1 is in Home Group with other laptop Windows 7 and all looks ok with this Home Group.
What kind of errors are the a/m and what can be done to correct.
Thank you in advance for the attention and reply. EWAGOSIAYou may run the System File Checker tool (SFC.exe) to scan your system files and to repair missing or corrupted system files.
S.Sengupta, Windows Entertainment and Connected Home MVP -
Windows 7 event viewer error after 9.1 update
*Log Name: Application*
*Source: Bonjour Service*
*Date: 4/11/2010 8:06:33 PM*
*Event ID: 100*
*Task Category: None*
*Level: Error*
*Keywords: Classic*
*User: N/A*
*Computer: CHEVYSALES*
Description:
*288: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)*
*Event Xml:*
*<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">*
<System>
*<Provider Name="Bonjour Service" />*
*<EventID Qualifiers="0">100</EventID>*
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
*<TimeCreated SystemTime="2010-04-12T00:06:33.000000000Z" />*
<EventRecordID>6692</EventRecordID>
<Channel>Application</Channel>
<Computer>CHEVYSALES</Computer>
*<Security />*
</System>
<EventData>
*<Data>288: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)</Data>*
</EventData>
</Event>
above message in my event viewer since i updated to this lousy release....
have had bnjour messages before but back with vista last year...new machine running solid and steadt windows 7 64 bit with a reliabilty rating from administrative tools of 10 for past months prior to this update...anyone seeing this and if so is there a fix?
first few backups took for ever on my iphone 3gs..... most go quickly again now.
don't sync too many things other than videos.
tiaUnfortunately there have been multiple issues with the new version of Bonjour which was distributed with iTunes 9.1. Apple knows & is apparently working on a fix but for now you have a few options which might help.
1) If you don't need the Bonjour service (i.e. for Apple TV) go into system services (run msconfig from a run command & navigate to the 'services' tab), uncheck Bonjour & reboot. That should disable Bonjour & allow iTunes to run properly.
If you need Bonjour then either
1) Disable Bonjour as above, delete it & then download a copy of Bonjour 1.x from the web (you'll have to google for it, last time I posted the link, Apple removed my post). Install that one & all should be well.
2) Uninstall iTunes 9.1 & Bonjour, get a copy of iTunes 9.0.3 and install that one. That will give you the previous version of Bonjour as well. One warning, if you've opened iTunes since upgrading to 9.1, 9.0.x won't be able to open your library since 9.1 updated the library structure. Check in the iTunes folder for one called "Old libraries" or previous library or something similar & you'll have to open that to get your collection to load.
Good luck,
Lil -
Labview 2010 randomly restarts computer - windows event viewer points to nap agent
When running my current VI that I am working on, the computer will ranomly reboot. There is no freeze, or blue screen, just a reboot. When examining the windows event viewer after the reboot, the following warning is listed immediately preceding the reboot:
Event ID 39
The Network Access Protection Agent was unable to determine which HRAs to request a health certificate from.
A network change or if GP is configured, a configuration change will prompt further attempts to acquire a health certificate. Otherwise no further attempts will be made.
Contact the HRA administrator for more information.
Previous to getting this warning before a reboot, I was getting the following error:
Event ID 10016
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
This is a DCOM service eror and the CLSID is referring to NAPAGENT. So I configured DCOM to allow the NAPAGENT to start and now I get the Event ID 39 warning and still get the reboot.
I am not sure why labview is even asking for DCOM or NAPAGENT to start at all. My VI is simply reading information from two serial instruments.
This reboot behavior does not occur when the computer is not running labview.
I am attaching a copy of the main VI, if it will be helpful I can post the sub VI's as well.
Thanks in advance for your help.
-Justin Lee
Attachments:
testscan10.8.vi 179 KBHi Joe,
Thanks for the reply.
I am running windows XP pro service pack 3.
I am running a standard instal of labview 2010 with the latest VISA drivers, no other modules or options installed.
I am only reading and writing to the serial ports (com) in my code. I don't believe that virus/spyware/malware is to blame for several reasons.
1. This only occurs when running this VI in labview.
2. I have replicated this problem on another computer.
3. I am behind a government (DOE) firewall and virus scans and checks are performed constantly.
4. If I take out the serial portion of my code via a T/F case structure, it will not crash.
The code will run fine for sevetral hours sometimes and then crash, other times it will crash after only a few minutes.
Please let me know what other information you require.
Thanks!
Justin Lee -
Facebook Security/Active Session Question via iPhone and Safari
I am running Mac OS 10.8.3 with Safari 6.0.4 on an iMac. On Facebook using Safari, I set up "Login Approvals" which would require a security code. However, every once in a while under the "Active Sessions" I noticed an unknown session from an iOS 6 device from a different location other than the state I live in. I ended that activity. As a test, I accessed my Facebook account using my iPhone 5. I noticed that under Facebook's Active Sessions on Safari on my iMac, it lists my iPhone device as being in a different state. Why is that? Is there some general iPhone setting that I need to change?
Hi, Thanks for the suggestion!
To look at the keychain sounds helpful to solve the problem. It seems top be a problem with accessibility. I will have a look. But I also have decided to extend my RAM - since it is very true 128 MB really isn't much.
Then for clarity:
I have not followed an email link to download the security upgrade, but I used the usual software update manager - I just didn't find the proper english description, since my eMac talks german with me.
I had had a look into some protokolls "system.log" - well I don't understand much what is written down there. There I might have got the confusion about the security server.
There are several lines with Safari, like this one:
date + time: localhost/Applications/Safari.app/Contens/MacOS/Safari:
InitializeDiskArbitrationMessages: DiskArbitraitionRegister failed 1102
The same is noticed about Mail
These messages are followed by several lines telling:
date + time: localhost lookupd[623]: NetInfo connection failed for server 127.0.0.1/local
But I am afraid, I don't really know what this means. -
Windows 8.1 event viewer logs.
I am looking for the windows 8.1 event viewer logs and settings, online search fails to produce answer, and suggested .msc commands are not valid.
Hi @butface ,
Thank you for visiting the HP Support Forums and Welcome. I have looked into your issue with your Windows 8.1 and the event viewer. Here is how to open Event Viewer by clicking the Start button, clicking Control Panel, clicking System and Security, clicking Administrative Tools, and then double-clicking Event Viewer.
I would be happy to assist if needed as there are many models of HP Notebook ,
I would need the model number. How Do I Find My Model Number or Product Number?
Please let me know.
Thanks.
Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
Click the “Kudos, Thumbs Up" on the bottom to say “Thanks” for helping! -
Windows Server 2008 R2 Security Event Log Maximum Size
I have a customer with logging requirements on domain controllers that are exceeding the maximum log size they have configured for the security log. When they attempted to increase the maximum size of the security event log via Group Policy, the settings
did not take effect. When an attempt was made to increase the security event log manually on the domain controller via the properties of the log, an error is generated whenever the value was changed.
The Maximum Log Size specified is not valid. It is too large or too small. The Maximum Log Size will be set to the following: 196608 KB
The 196608 KB value is the value that it is currently set at. Testing on other logs, application, system, has lead to the same result.
wevtutil.exe sl security /ms:<n> produces similar results. There is no error message given but the value doesn't change when you run wevtutil.exe gl security
When viewing the registry value MaxSize under HKLM\Current Control Set\Services\EventLog\Security the change is reflected, but the log does not seem to get any larger.
What one would expect to be a two minute change in a group policy object has turned into something much more difficult. Any idea what could be causing this?
Joseph M. Durnal MCM: Exchange 2010 MCITP: Enterprise Messaging Administrator, Exchange 2010 MCITP: Enterprise Messaging Administrator, MCITP: Enterprise AdministratorI verified that it was not another policy - the domain is pretty simple without many policies, only policies applied are:
Default Domain Policy (no event log settings)
Company Domain Policy (no event log settings)
Default Domain Controller Policy (no event logs settings)
Company Domain Controller Policy (...\Event Log\Maximum security log size 4194240 kilobytes)
The value was 196608 before, the plan was to change the group policy setting to 4194240 and I expected it to be that easy. However, the values didn't change.
4194240 is divisible by 64
Used multiple tools to try and change
Group Policy
Event Viewer
wevtutil.exe
registry editor
While some of the methods display a larger event log, the actual size of the event log still seems to be limited to 196608 kb.
Thanks,
Joe
Joseph M. Durnal MCM: Exchange 2010 MCITP: Enterprise Messaging Administrator, Exchange 2010 MCITP: Enterprise Messaging Administrator, MCITP: Enterprise Administrator
Maybe you are looking for
-
Problem description: I installed Yosemite on my 2009 Macbook, now it is almost unusably slow. Click and wait. EtreCheck version: 2.1.5 (108) Report generated January 4, 2015 at 6:32:53 PM CST Click the [Support] links for help with non-Apple products
-
How do I stop iSync from syncing address cards with no telephone mnumber ?
I sync my Nokia to my Mac using iSync 2.3. I used a smart group made from email domain names to sync with my phone. IN this group are a number of address cards with no telephone numbers. How can I either delete them automatically, or disallow them fr
-
My online number is not working. When dialed I receive the message the number is incorrect or a fast busy. I have tried dialing from several phones.
-
How do i put music into my ipod ? im veryyyyyyyyyy confused!!!!!!!!!!!!!!!!
how do i put music into my ipod im very confused
-
Photo Booth backgrounds won't work.
I choose them, (ie: the Eiffel tower) and it jumps to the full size, a message comes on saying "background detected". I move back into frame, BUT I'M NOT THERE! I hit the trigger and it counts down and either flashes or starts video capture, but I'm