[Vista\Longhorn] getting error reading EventLog from Vista\Longhor

M

Manoj Chanchawat

Hey,

I am getting error while reading event log for a VISTA - LONGHORN machine. I
am reading EventLog something in this sequence:

::OpenEventLog()
::ReadEventLog() – I read this event log in a buffer size equivalent to
“EVENTLOGRECORDâ€.

I am able to read the name of the event and Event ID’s correctly. But I am
getting error in reading the event Description. The method I am using is to
read the registry at following location to get path for the image file:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application

When we read description from this image file I am getting error: here is
one of the error messages for one of the event generated for “Desktop Window
Managerâ€:

The description for Event ID ( 9009 ) in Source ( Desktop Window Manager )
could not be found. It contains the following insertion string(s): 0x40010004

Error Message: The specified resource type cannot be found in the image
file. (0x00000715)

Message Dll(s): \\<Machine Name>\C$\Windows\system32\dwm.exe


Can anybody tell me what’s going wrong? I am able to read event log for
other OS machines.
 
J

Jon

As you've probably observed it tells you that the description cannot be
found and then proceeds to give you the details of the description that
cannot be found in the self-same breath - albeit in a comma delimted format.
No idea why it behaves like that, but you can get it in a better format via
wmi queries.

If you want to stick with the same approach, then you should still be able
to parse that to get the information you require.
 
M

Manoj Chanchawat

Hey Jon,

thanks. But as you said, i am using the "format" command to parse the string.

::FormatMessage( FORMAT_MESSAGE_FROM_HMODULE |
FORMAT_MESSAGE_ALLOCATE_BUFFER |
FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_MAX_WIDTH_MASK,

hLibrary, m_dwEventID, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
(LPTSTR)&msgBuffer_out, 0, (va_list*)aInsertStrs);


But it seems that the string is itself not coming from the image file. So i
guess there is no description parameter in the image file where we can read.
Am i right in my understanding?
Also i read at many places there will be new way to read the event log on
long horn machine. Is this related to that??

please reply.

thanks,
Manoj
 
D

Darrell Gorter[MSFT]

Hello,
Unless the binary is present that contains the description it will not be
available.
If you are reading the event log from one machine say Windows Vista, with
the event log from a WIndows Server 2008 machine, not all the binaries may
be present on machine you are reading from, so the description cannot be
picked up from those binaries.
Thanks,
Darrell Gorter[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights
--------------------
|> Thread-Topic: [Vista\Longhorn] getting error reading EventLog from
Vista\Lon
|> thread-index: AciOYRWcLVjH1P7URY+7PEjYnVxP+g==
|> X-WBNR-Posting-Host: 59.162.68.1
|> From: =?Utf-8?B?TWFub2ogQ2hhbmNoYXdhdA==?=
<[email protected]>
|> References: <[email protected]>
<[email protected]>
|> Subject: Re: [Vista\Longhorn] getting error reading EventLog from
Vista\Lon
|> Date: Tue, 25 Mar 2008 03:15:00 -0700
|> Lines: 78
|> Message-ID: <[email protected]>
|> MIME-Version: 1.0
|> Content-Type: text/plain;
|> charset="Utf-8"
|> Content-Transfer-Encoding: 8bit
|> X-Newsreader: Microsoft CDO for Windows 2000
|> Content-Class: urn:content-classes:message
|> Importance: normal
|> Priority: normal
|> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
|> Newsgroups: microsoft.public.windows.vista.general
|> Path: TK2MSFTNGHUB02.phx.gbl
|> Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.vista.general:278498
|> NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
|> X-Tomcat-NG: microsoft.public.windows.vista.general
|>
|> Hey Jon,
|>
|> thanks. But as you said, i am using the "format" command to parse the
string.
|>
|> ::FormatMessage( FORMAT_MESSAGE_FROM_HMODULE |
|> FORMAT_MESSAGE_ALLOCATE_BUFFER |
|> FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_MAX_WIDTH_MASK,

|>
|> hLibrary, m_dwEventID, MAKELANGID(LANG_NEUTRAL,
SUBLANG_DEFAULT),
|> (LPTSTR)&msgBuffer_out, 0, (va_list*)aInsertStrs);
|>
|>
|> But it seems that the string is itself not coming from the image file.
So i
|> guess there is no description parameter in the image file where we can
read.
|> Am i right in my understanding?
|> Also i read at many places there will be new way to read the event log
on
|> long horn machine. Is this related to that??
|>
|> please reply.
|>
|> thanks,
|> Manoj
|>
|>
|> "Jon" wrote:
|>
|> > As you've probably observed it tells you that the description cannot
be
|> > found and then proceeds to give you the details of the description
that
|> > cannot be found in the self-same breath - albeit in a comma delimted
format.
|> > No idea why it behaves like that, but you can get it in a better
format via
|> > wmi queries.
|> >
|> > If you want to stick with the same approach, then you should still be
able
|> > to parse that to get the information you require.
|> >
|> > --
|> > Jon
|> >
|> >
in
|> > message |> > > Hey,
|> > >
|> > > I am getting error while reading event log for a VISTA - LONGHORN
machine.
|> > > I
|> > > am reading EventLog something in this sequence:
|> > >
|> > > ::OpenEventLog()
|> > > ::ReadEventLog() – I read this event log in a buffer size
equivalent to
|> > > “EVENTLOGRECORDâ€.
|> > >
|> > > I am able to read the name of the event and Event ID’s correctly.
But I am
|> > > getting error in reading the event Description. The method I am
using is
|> > > to
|> > > read the registry at following location to get path for the image
file:
|> > >
|> > >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application
|> > >
|> > > When we read description from this image file I am getting error:
here is
|> > > one of the error messages for one of the event generated for
“Desktop
|> > > Window
|> > > Managerâ€:
|> > >
|> > > The description for Event ID ( 9009 ) in Source ( Desktop Window
Manager )
|> > > could not be found. It contains the following insertion string(s):
|> > > 0x40010004
|> > >
|> > > Error Message: The specified resource type cannot be found in the
image
|> > > file. (0x00000715)
|> > >
|> > > Message Dll(s): \\<Machine Name>\C$\Windows\system32\dwm.exe
|> > >
|> > >
|> > > Can anybody tell me what’s going wrong? I am able to read event
log for
|> > > other OS machines.
|> > >
|> >
|> >
|>
 
M

Manoj Chanchawat

Hey Darrell,

thanks for reply.
i have checked and the binary is present there on the target machine. Also,
most of binaries related to OS events are in System32 folder.

Regards,
Manoj

"Darrell Gorter[MSFT]" said:
Hello,
Unless the binary is present that contains the description it will not be
available.
If you are reading the event log from one machine say Windows Vista, with
the event log from a WIndows Server 2008 machine, not all the binaries may
be present on machine you are reading from, so the description cannot be
picked up from those binaries.
Thanks,
Darrell Gorter[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights
--------------------
|> Thread-Topic: [Vista\Longhorn] getting error reading EventLog from
Vista\Lon
|> thread-index: AciOYRWcLVjH1P7URY+7PEjYnVxP+g==
|> X-WBNR-Posting-Host: 59.162.68.1
|> From: =?Utf-8?B?TWFub2ogQ2hhbmNoYXdhdA==?=
<[email protected]>
|> References: <[email protected]>
<[email protected]>
|> Subject: Re: [Vista\Longhorn] getting error reading EventLog from
Vista\Lon
|> Date: Tue, 25 Mar 2008 03:15:00 -0700
|> Lines: 78
|> Message-ID: <[email protected]>
|> MIME-Version: 1.0
|> Content-Type: text/plain;
|> charset="Utf-8"
|> Content-Transfer-Encoding: 8bit
|> X-Newsreader: Microsoft CDO for Windows 2000
|> Content-Class: urn:content-classes:message
|> Importance: normal
|> Priority: normal
|> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
|> Newsgroups: microsoft.public.windows.vista.general
|> Path: TK2MSFTNGHUB02.phx.gbl
|> Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.vista.general:278498
|> NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
|> X-Tomcat-NG: microsoft.public.windows.vista.general
|>
|> Hey Jon,
|>
|> thanks. But as you said, i am using the "format" command to parse the
string.
|>
|> ::FormatMessage( FORMAT_MESSAGE_FROM_HMODULE |
|> FORMAT_MESSAGE_ALLOCATE_BUFFER |
|> FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_MAX_WIDTH_MASK,

|>
|> hLibrary, m_dwEventID, MAKELANGID(LANG_NEUTRAL,
SUBLANG_DEFAULT),
|> (LPTSTR)&msgBuffer_out, 0, (va_list*)aInsertStrs);
|>
|>
|> But it seems that the string is itself not coming from the image file.
So i
|> guess there is no description parameter in the image file where we can
read.
|> Am i right in my understanding?
|> Also i read at many places there will be new way to read the event log
on
|> long horn machine. Is this related to that??
|>
|> please reply.
|>
|> thanks,
|> Manoj
|>
|>
|> "Jon" wrote:
|>
|> > As you've probably observed it tells you that the description cannot
be
|> > found and then proceeds to give you the details of the description
that
|> > cannot be found in the self-same breath - albeit in a comma delimted
format.
|> > No idea why it behaves like that, but you can get it in a better
format via
|> > wmi queries.
|> >
|> > If you want to stick with the same approach, then you should still be
able
|> > to parse that to get the information you require.
|> >
|> > --
|> > Jon
|> >
|> >
in
|> > message |> > > Hey,
|> > >
|> > > I am getting error while reading event log for a VISTA - LONGHORN
machine.
|> > > I
|> > > am reading EventLog something in this sequence:
|> > >
|> > > ::OpenEventLog()
|> > > ::ReadEventLog() – I read this event log in a buffer size
equivalent to
|> > > “EVENTLOGRECORDâ€Â.
|> > >
|> > > I am able to read the name of the event and Event ID’s correctly.
But I am
|> > > getting error in reading the event Description. The method I am
using is
|> > > to
|> > > read the registry at following location to get path for the image
file:
|> > >
|> > >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application
|> > >
|> > > When we read description from this image file I am getting error:
here is
|> > > one of the error messages for one of the event generated for
“Desktop
|> > > Window
|> > > Managerâ€Â:
|> > >
|> > > The description for Event ID ( 9009 ) in Source ( Desktop Window
Manager )
|> > > could not be found. It contains the following insertion string(s):
|> > > 0x40010004
|> > >
|> > > Error Message: The specified resource type cannot be found in the
image
|> > > file. (0x00000715)
|> > >
|> > > Message Dll(s): \\<Machine Name>\C$\Windows\system32\dwm.exe
|> > >
|> > >
|> > > Can anybody tell me what’s going wrong? I am able to read event
log for
|> > > other OS machines.
|> > >
|> >
|> >
|>
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

NMI Parity Memory Parity Error - Blue Screen Lenovo Vista Home Pre 4
Slow reading of EventLog 1
Application Eventlog Error message 15
vista SOOOO slow - what am I missing? 3
Probs since 12/12/07 updates 2
Windows successfully diagnosed a low virtual memory condition. 4
Wake up to Reboot 6
'Vista backup fails - access is denied' - QUICK FIX & broader issu 6

Top