Hi,
i use a eventlog test method to receive error-messages from eventlogs
but some entrys contain ID 0 and contain this informatio: The description for Event ID ( 0 ) in Source ( BizTalk Server 2006 ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details.
The following information is part of the event: Quibiq X.400 Adapter: UID: 2a6e1081-dcd0-4a4b-9c02-7995bd13fab4 - Could not write message to X.400 Archive DB. Your message was transmitted sucessfully with MTS ID 1823BD5611DF09A61700F1AF.
but alert-mails from HM with this error are empty and contain this:
Test : NTLog BizTalk Server 2006
Method: check NT Event Log
Status : Bad
Date : 25.01.2010 11:36:30
EventSource: BizTalk Server 2006
EventTime: 25.01.2010 11:36:08
EventType: 1
EventID: 0
EventText:
Recurrences : 1
Last status: Ok
Total tests: 153565
Alive ratio : 99,00 %
Dead ratio: 0,81 %
i dont understand why the EventText is empty because the orginal-entry in Event-Log viewer contain all informations
anyone know whats wrong?
Eventlog EventText is empty
What variable do you use to show event description? %Reply%? %NTEventText%?
What version of HostMontior do you use?
Is this test performed directly by HostMonitor or you are using Remote Monitoring Agent (RMA)? If you are using RMA, what version?
Windows on local system? Service Pack?
Windows on remote system? Service Pack?
Regards
Alex
What version of HostMontior do you use?
Is this test performed directly by HostMonitor or you are using Remote Monitoring Agent (RMA)? If you are using RMA, what version?
Windows on local system? Service Pack?
Windows on remote system? Service Pack?
Regards
Alex
Looks like HostMonitor may use empty variable when it cannot access registry to determine which DLL should contain resource (string for event description).
Actually Windows cannot find such resource as well, that's why you see "The description for Event ID ( 0 ) in Source ( BizTalk Server 2006 ) cannot be found" message in the event log.
If HostMonitor can find necessary registry data but cannot load specified DLL, it should show message like: "Message not found. Insertion strings: Quibiq X.400 Adapter: UID: 2a6e1081-dcd0-4a4b-9c02-7995bd13fab4 - Could not write message to X.400 Archive DB. Your message was transmitted sucessfully with MTS ID 1823BD5611DF09A61700F1AF"
Probably we should modify our code and assign the same string to variable when registry is not acessible (or there are some other similar problem).
We will do this in next version but if this issue is important for you, we can make some quick fix...
Regards
Alex
Actually Windows cannot find such resource as well, that's why you see "The description for Event ID ( 0 ) in Source ( BizTalk Server 2006 ) cannot be found" message in the event log.
If HostMonitor can find necessary registry data but cannot load specified DLL, it should show message like: "Message not found. Insertion strings: Quibiq X.400 Adapter: UID: 2a6e1081-dcd0-4a4b-9c02-7995bd13fab4 - Could not write message to X.400 Archive DB. Your message was transmitted sucessfully with MTS ID 1823BD5611DF09A61700F1AF"
Probably we should modify our code and assign the same string to variable when registry is not acessible (or there are some other similar problem).
We will do this in next version but if this issue is important for you, we can make some quick fix...
Regards
Alex
There is update: www.ks-soft.net/download/hm838.zip
Just unzip the file and replace hostmon.exe and rcc.exe modules.
Please backup your HML file (test list) before using update.
Regards
Alex
Just unzip the file and replace hostmon.exe and rcc.exe modules.
Please backup your HML file (test list) before using update.
Regards
Alex
Hi,
I've installed this fix but i still receive empty EventText-Descriptions:
Message from HostMonitor (host changed status)
Test : NTLog:BizTalk Server 2006
Method: check NT Event Log
Status : Bad
Date : 28.01.2010 09:02:43
EventSource: BizTalk Server 2006
EventTime: 28.01.2010 08:59:53
EventType: 2
EventID: 0
EventText:
Recurrences : 1
Last status: Ok
Total tests: 154856
Alive ratio : 98,66 %
Dead ratio: 1,15 %
I've installed this fix but i still receive empty EventText-Descriptions:
Message from HostMonitor (host changed status)
Test : NTLog:BizTalk Server 2006
Method: check NT Event Log
Status : Bad
Date : 28.01.2010 09:02:43
EventSource: BizTalk Server 2006
EventTime: 28.01.2010 08:59:53
EventType: 2
EventID: 0
EventText:
Recurrences : 1
Last status: Ok
Total tests: 154856
Alive ratio : 98,66 %
Dead ratio: 1,15 %
May be something wrong with registry...
Could you please check registry on the system where HostMonitor is running?
Do you have the following key specified HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\<log name>\<event source name>
I think for this even source it should be HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\BizTalk Server 2006
If such key exist, is there EventMessageFile variable? What is the type and value of this variable?
Regards
Alex
Could you please check registry on the system where HostMonitor is running?
Do you have the following key specified HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\<log name>\<event source name>
I think for this even source it should be HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\BizTalk Server 2006
If such key exist, is there EventMessageFile variable? What is the type and value of this variable?
Regards
Alex
Hi,
but why does the Description in eventlog-viewer exist?
it is not able to read all informations about a eventlog-entry (for example comments etc.)?
i don't know which method does HM use to receive a eventlog-entry that i need if i want to ask MS.
Do you can create a test eventlog with ID 0 to reclaim this problem?
Kind Regards
Mirko
but why does the Description in eventlog-viewer exist?
it is not able to read all informations about a eventlog-entry (for example comments etc.)?
i don't know which method does HM use to receive a eventlog-entry that i need if i want to ask MS.
Do you can create a test eventlog with ID 0 to reclaim this problem?
Kind Regards
Mirko
As I see Windows Event Viewers informs you about problem with that DLL as well:but why does the Description in eventlog-viewer exist?
======================
The description for Event ID ( 0 ) in Source ( BizTalk Server 2006 ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details.
======================
It cannot format message correctly as well because there is some problem with DLL.
Its not about ID. Its about Source+ID of the event. Each event source (application) should provide DLL with special string for each event.Do you can create a test eventlog with ID 0 to reclaim this problem?
If HostMonitor cannot find or load such DLL, it will return "Message not found. Insertion strings: ..list of variables" string. Similar to Windows Event Viewer.
However when HostMonitor is able to load specified DLL but this DLL contains some invalid format string, what we should do? We even cannot check is it valid or not (in general case) becase every application uses different strings, there are millions applications, different versions of these applications and different events. Only developer of that application may know list of all posible event descriptions.
Sure, we can look for some workarounds again and again but I believe real reason of the problem is BizTalk DLL. So, its better to fix that software.
Regards
Alex
Hi,
I have tried to test it with vbscript and wmi and i receive all infos from eventlogs with ID 0
Here are the VBS-Code :
the needet Description placed in InsertionStrings
I have tried to test it with vbscript and wmi and i receive all infos from eventlogs with ID 0
Here are the VBS-Code :
Code: Select all
On Error Resume Next
Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20
arrComputers = Array("localhost")
For Each strComputer In arrComputers
WScript.Echo
WScript.Echo "=========================================="
WScript.Echo "Computer: " & strComputer
WScript.Echo "=========================================="
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_NTLogEvent WHERE EventIdentifier= 0 ", "WQL", _
wbemFlagReturnImmediately + wbemFlagForwardOnly)
For Each objItem In colItems
WScript.Echo "Category: " & objItem.Category
WScript.Echo "CategoryString: " & objItem.CategoryString
WScript.Echo "ComputerName: " & objItem.ComputerName
strData = Join(objItem.Data, ",")
WScript.Echo "Data: " & strData
WScript.Echo "EventCode: " & objItem.EventCode
WScript.Echo "EventIdentifier: " & objItem.EventIdentifier
WScript.Echo "EventType: " & objItem.EventType
strInsertionStrings = Join(objItem.InsertionStrings, ",")
WScript.Echo "InsertionStrings: " & strInsertionStrings
WScript.Echo "Logfile: " & objItem.Logfile
WScript.Echo "Message: " & objItem.Message
WScript.Echo "RecordNumber: " & objItem.RecordNumber
WScript.Echo "SourceName: " & objItem.SourceName
WScript.Echo "TimeGenerated: " & WMIDateStringToDate(objItem.TimeGenerated)
WScript.Echo "TimeWritten: " & WMIDateStringToDate(objItem.TimeWritten)
WScript.Echo "Type: " & objItem.Type
WScript.Echo "User: " & objItem.User
WScript.Echo
Next
Next
Function WMIDateStringToDate(dtmDate)
WScript.Echo dtm:
WMIDateStringToDate = CDate(Mid(dtmDate, 5, 2) & "/" & _
Mid(dtmDate, 7, 2) & "/" & Left(dtmDate, 4) _
& " " & Mid (dtmDate, 9, 2) & ":" & Mid(dtmDate, 11, 2) & ":" & Mid(dtmDate,13, 2))
End Function