programming4us
programming4us
DESKTOP

Windows Server 2008 and Windows Vista : Using Event Logging for Troubleshooting (part 2)

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

2. Event Viewer Troubleshooting Procedure

To take full advantage of the new Event Viewer features and capabilities, it is a best practice to follow a set procedure to ensure that you are viewing the most relevant information for the problem that you are having. To do this, you should follow these steps:

  1. Evaluate the System event log for Group Policy events.

  2. Evaluate the Group Policy operational log:

    1. Determine the ActivityID of Group Policy processing.

    2. Create a custom view of a Group Policy instance.

  3. Divide the custom view of the log into three phases:

    1. Preprocessing

    2. Processing

    3. Postprocessing

  4. Associate all Starting events with the correct Ending event.

  5. Investigate all Errors, Warnings, and Failures.

  6. Isolate the event that is causing the problem, and address the problem.

  7. Run GPUpdate on the computer with the Group Policy problem to determine whether the problem persists. If so, repeat these steps to find other issues.

Evaluate the System Event Log

The Group Policy service writes events to the System event log indicating an administrative alert, representing the latest status of the Group Policy service. Here you can quickly determine whether the Group Policy service is the source of the problem. You might see any of the following three events in the System event log for Group Policy:

  • Informational event . Indicates that the Group Policy service is functioning properly.

  • Warning event . Indicates that the Group Policy service is functioning properly, but other dependencies may have failed.

  • Error event . Indicates that the Group Policy service has failed.

Evaluate the Group Policy Operational Log: Determine the ActivityID of Group Policy Processing

Every time Group Policy background or foreground processing occurs, an ActivityID is generated that groups all of the specific actions that occurred during that Group Policy processing. It is important that you determine the ActivityID of the process so that you can isolate all events related to that process. To determine the ActivityID for an event, follow these steps:

  1. Start Event Viewer.

  2. Under Event Viewer, click to expand Applications And Services Logs, and then expand Microsoft, expand Windows, expand GroupPolicy, and click Operational.

  3. In the details pane, click the GroupPolicy warning or error event that you want to troubleshoot.

  4. In the details pane, click the Details tab the lower pane for the event, and then click Friendly view.

  5. On the event’s Details tab, click System to expand the System node.

  6. Scroll until you find the ActivityID in the System node details. This value (without the opening and closing braces) is the ActivityID.

Evaluate the Group Policy Operational Log: Create a Custom View of a Group Policy Instance

After the ActivityID is determined, all events related to that ID must be isolated for easier and more efficient evaluation. To isolate all of the events that are associated with the ActivityID that you found, follow these steps:

  1. Start Event Viewer.

  2. Right-click Custom Views, and then click Create Custom View. The Create Custom View dialog box appears.

  3. Click the XML tab, and then select the Edit Query Manually check box. Event Viewer displays a dialog box, which explains that editing a query manually prevents you from modifying the query using the Filter tab. Click Yes.

  4. Copy the Event Viewer query (provided at the end of this step) to the clipboard. Paste the query into the Query box. Your query should look something like the following:

    <QueryList><Query Id="0” Path="Application"><Select Path="Microsoft-Windows-GroupPolicy/Operational">*[System/Correlation/@ActivityID=‘{INSERT ACTIVITY ID HERE}’]</Select> </Query></QueryList>

  5. Enter the ActivityID that you determined in the preceding procedure in place of the “INSERT ACTIVITY ID HERE” text from step 4. Click OK.

    Note

    The leading and trailing {} characters are essential for the query to work.

  6. In the Save Filter to Custom View dialog box, type a name and description meaningful to the view you created, and then click OK.

  7. The name of the saved view appears under Custom Views in the console tree. Click the name of the saved view to display its events in Event Viewer, as shown in Figure 3.

The custom view in Event Viewer isolates all of the events related to a single ActivityID.
Figure 3. The custom view in Event Viewer isolates all of the events related to a single ActivityID.
Other  
  •  Windows 8 : Managing Windows Update (part 4) - Viewing update history, Rolling back updates
  •  Windows 8 : Managing Windows Update (part 3) - Managing Windows Update in Windows 8 native interface
  •  Windows 8 : Managing Windows Update (part 2) - Configuring update settings
  •  Windows 8 : Managing Windows Update (part 1) - Accessing Windows Update settings by using Control Panel
  •  Windows 8 : Working with location-based settings and connection methods
  •  Windows Server 2008 R2 : Active Directory lightweight directory services
  •  Windows Server 2008 R2 : Active Directory federation services (part 4) - Complete ADFS server configuration
  •  Windows Server 2008 R2 : Active Directory federation services (part 3) - Install Web agent for claims aware Web application, Configure ADFS certificates
  •  Windows Server 2008 R2 : Active Directory federation services (part 2) - Set up the ADFS role for the internal and external Active Directory forests
  •  Windows Server 2008 R2 : Active Directory federation services (part 1) - Planning for Active Directory Federation Services
  •  
    Top 10
    Free Mobile And Desktop Apps For Accessing Restricted Websites
    MASERATI QUATTROPORTE; DIESEL : Lure of Italian limos
    TOYOTA CAMRY 2; 2.5 : Camry now more comely
    KIA SORENTO 2.2CRDi : Fuel-sipping slugger
    How To Setup, Password Protect & Encrypt Wireless Internet Connection
    Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
    Backup & Restore Game Progress From Any Game With SaveGameProgress
    Generate A Facebook Timeline Cover Using A Free App
    New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
    SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
    - Messages forwarded by Outlook rule go nowhere
    - Create and Deploy Windows 7 Image
    - How do I check to see if my exchange 2003 is an open relay? (not using a open relay tester tool online, but on the console)
    - Creating and using an unencrypted cookie in ASP.NET
    - Directories
    - Poor Performance on Sharepoint 2010 Server
    - SBS 2008 ~ The e-mail alias already exists...
    - Public to Private IP - DNS Changes
    - Send Email from Winform application
    - How to create a .mdb file from ms sql server database.......
    programming4us programming4us
    programming4us
     
     
    programming4us