Windows2KServer的系统日志中的常见错误收集和解释
Windows2KServer的系统日志中的常见错误收集和解释
Windows2KServer的系统日志中的常见错误收集和解释
Article last modified on 2002-2-5
--------------------------------------------------------
The information in this article applies to:
Microsoft Windows 2000 Advanced Server
--------------------------------------------------------
错误日志1:描述:Source”Perflib”:服务”PerfDisk”在Dll”c:\winnt\system32\perfdisk.dll”中的打开过程用的时间比确定的等待时间要长.
解释:完整的日志大概是:
Event Type: Error
Event Source: Perflib
Event Category: None
Event ID: 2002
User: N/A
Description:
The open procedure for service "PerfDisk" in DLL "C:\WINNT\System32\perfdisk.dll" has taken longer than the established wait time to complete. There may be a problem with this extensible counter or the service it is collecting data from or the system may have been very busy when this call was attempted.
至于微软,它的《INFO: Events for Performance Monitor Extensions (Q226494)》文章中给出这种EventID2002的解释:
Event ID: 2002
Detail Text: The open procedure for service (service name) in DLL (DLL name) has taken longer than the established wait time to complete. The wait time in milliseconds is shown in the data.
Interpretation: See the comments earlier regarding the Open Timeout registry value.
你可以在注册表的
HKEY_LOCAL_MACHINE
\SOFTWARE
\Microsoft
\Windows NT
\CurrentVersion
\Perflib
中找一下有没有这个键值OpenProcedureWaitTime
If OpenProcedureWaitTime value is present, perflib sets up a timeout procedure internally. If the Open function of a performance monitor extension DLL does not return within the time specified, in milliseconds, in this registry value an event (2002) is posted to the Event Log. However, it only controls the reporting of the fact, it doesn't control the behavior. For example, if an Open function "hangs" then the performance monitor process will "hang" regardless of the presence of this registry value.
If the OpenProcedureWaitTime registry value is not present, the default timeout value is 10,000 (milliseconds).
解决办法:我觉得这个错误可能和硬盘读取速度慢或者其他应用频繁读取硬盘有关系。可以调整一下超时的时间值。
你可以这样:
请到下面的连接下载微软的Extensible Performance Counter List工具:
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/exctrlst-o.asp
它可以帮你。
错误日志2:描述:Source”FTPCtrs”:不能收集到FTP性能统计资料.
解释:完整的日志大概是:
Event Type: Error
Event Source: FTPCtrs
Event Category: None
Event ID: 1000
User: N/A
Description:
Unable to collect the FTP performance statistics. The error code returned by the service is data DWORD 0.
For additional information specific to this message please visit the Microsoft Online Support site located at:
http://www.microsoft.com/contentredirect.asp.
Data:
0000: ba 06 00 00 o...
《INFO: Events for Performance Monitor Extensions (Q226494)》文章中给出这种EventID1000的解释:
Event ID: 1000
Detail Text: Access to performance data was denied to (username) as attempted from (calling module name)
Interpretation: The following key is checked for security access:
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
If the user associated with the client thread or process token is not on the ACL for this key then this event is posted.
解决办法:干脆disable掉FTP收集性能数据。
重要提示: 上面两个问题都是关于性能计数器的,我们有以下的建议:
如果看到Event ID为1000的日志,你首先要察看有没有权限方面的问题;
如果看到Event ID为1003的日志,你可能有一个数据损坏了的或版本不正确的DLL;
如果看到Event ID为2002的日志,你可能需要调整一下注册表中Open Time的值。
寻求帮助: 如果想知道这些事件日志都代表什么意思,请到下面的连接查询,只需填入EventID和Event Source:
http://www.eventid.net/search.asp
错误日志3:描述:现象:
事件类型: 错误
事件来源: Server
事件种类: 无
事件 ID: 2506
日期: 2002-1-25
事件: 8:54:43
用户: N/A
计算机: ZHENGYUN
描述:
服务器的注册表关键字LanmanServer\Parameters 中的数值 IRPStackSize 无效。该数值会被忽略,处理会继续进行。
数据:
0000: 57 00 00 00 W...
参见:
《Event ID 2506 Error Message When You Start Windows 2000 Q238316》
错误日志4:描述:现象:
事件类型: 错误
事件来源: EventLog
事件种类: 无
事件 ID: 6008
日期: 2002-1-25
事件: 10:50:01
用户: N/A
计算机: ZHENGYUN
描述:
上一次系统的 10:44:27 在 2002-1-25 上的关闭是意外的。
数据:
0000: d2 07 01 00 05 00 19 00 Ò.......
0008: 0a 00 2c 00 1b 00 2d 02 ..,...-.
0010: d2 07 01 00 05 00 19 00 Ò.......
0018: 02 00 2c 00 1b 00 2d 02 ..,...-.
解释:
Event Message:
The previous system shutdown at name on name was unexpected.
Source
Event Log
Event ID
Event Type
EventLog
System
6008
Error
Explanation:
This event indicates that an inconsistency exists between the Browser service and the server service.
User Action:
Contact the person with administrative rights on your computer if this message is in the event log in Event Viewer more than 6 times. Otherwise, stopping and restarting the server will eliminate the error.
错误日志5:描述:现象:
事件类型: 警告
事件来源: MRxSmb
事件种类: 无
事件 ID: 3019
日期: 2002-2-2
事件: 12:00:24
用户: N/A
计算机: ZHENGYUN
描述:
转发程序无法决定链接类型。
数据:
0000: 00 00 00 00 04 00 4e 00 ......N.
0008: 00 00 00 00 cb 0b 00 80 ....Ë..€
0010: 00 00 00 00 84 01 00 c0 ....„..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
参见:
《Error Message: The Redirector Failed to Determine the Connection Type Q267934》
错误日志6:描述:现象:
事件类型: 错误
事件来源: DCOM
事件种类: 无
事件 ID: 10002
日期: 2002-2-4
事件: 14:41:10
用户: UMS\administrator
计算机: BJUM-FEA
描述:
启动 DCOM 服务器的访问被拒绝。 服务器是:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
用户是 Administrator/UMS, SID=S-1-5-21-1417001333-616249376-725345543-500.
解释:
DCOM服务器 {0C0A3666-30C9-11D0-8F20-00805F2CD064}是:
“Machine Debug Manager “
它的ProgID为:MDM.AD2.1
它的程序是:c:\winnt\system32\mdm.exe
参见:
《PRB: Access Denied When You Try to Start DCOM Server Q290398》
written by zhengyun@tomosoft.com
