Windows2KServer的系统日志中的常见错误收集和解释

来源：互联网发布：libz.so.1 apache 编辑：程序博客网时间：2024/04/29 16:41

Windows2KServer的系统日志中的常见错误收集和解释

Article last modified on 2002-2-5

--------------------------------------------------------

The information in this article applies to:

Microsoft Windows 2000 Advanced Server

--------------------------------------------------------

错误日志1：

描述：

Source”Perflib”:服务”PerfDisk”在Dll”c:/winnt/system32/perfdisk.dll”中的打开过程用的时间比确定的等待时间要长.

解释：

完整的日志大概是：

Event Type: Error

Event Source: Perflib

Event Category: None

Event ID: 2002

User:  N/A

Description:

The open procedure for service "PerfDisk" in DLL "C:/WINNT/System32/perfdisk.dll" has taken longer than the established wait time to complete. There may be a problem with  this extensible counter or the service it is collecting data from or the  system may have been very busy when this call was attempted.

至于微软,它的《INFO: Events for Performance Monitor Extensions (Q226494)》文章中给出这种EventID2002的解释：

Event ID: 2002 
Detail Text: The open procedure for service (service name) in DLL (DLL name) has taken longer than the established wait time to complete. The wait time in milliseconds is shown in the data. 

Interpretation: See the comments earlier regarding the Open Timeout registry value.

你可以在注册表的

HKEY_LOCAL_MACHINE

      /SOFTWARE

         /Microsoft

            /Windows NT

               /CurrentVersion

                  /Perflib

中找一下有没有这个键值OpenProcedureWaitTime 

    If OpenProcedureWaitTime value is present, perflib sets up a timeout procedure internally. If the Open function of a performance monitor extension DLL does not return within the time specified, in milliseconds, in this registry value an event (2002) is posted to the Event Log. However, it only controls the reporting of the fact, it doesn't control the behavior. For example, if an Open function "hangs" then the performance monitor process will "hang" regardless of the presence of this registry value.

If the OpenProcedureWaitTime registry value is not present, the default timeout value is 10,000 (milliseconds).

解决办法：

我觉得这个错误可能和硬盘读取速度慢或者其他应用频繁读取硬盘有关系。可以调整一下超时的时间值。

    你可以这样：

请到下面的连接下载微软的Extensible Performance Counter List工具：

http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/exctrlst-o.asp

它可以帮你。

错误日志2：

描述：

Source”FTPCtrs”:不能收集到FTP性能统计资料.

解释：

完整的日志大概是：

Event Type: Error

Event Source: FTPCtrs

Event Category: None

Event ID: 1000

User:  N/A

Description:

Unable to collect the FTP performance statistics.  The error code returned by the service is data DWORD 0.

For additional information specific to this message please visit the Microsoft Online Support site located at:

http://www.microsoft.com/contentredirect.asp.

Data:

0000: ba 06 00 00               o...

《INFO: Events for Performance Monitor Extensions (Q226494)》文章中给出这种EventID1000的解释：

Event ID: 1000
Detail Text: Access to performance data was denied to (username) as attempted from (calling module name)

Interpretation: The following key is checked for security access:

SOFTWARE/Microsoft/Windows NT/CurrentVersion/Perflib

If the user associated with the client thread or process token is not on the ACL for this key then this event is posted.

解决办法：

干脆disable掉FTP收集性能数据。

重要提示：

上面两个问题都是关于性能计数器的，我们有以下的建议：

如果看到Event ID为1000的日志，你首先要察看有没有权限方面的问题；

如果看到Event ID为1003的日志，你可能有一个数据损坏了的或版本不正确的DLL；

如果看到Event ID为2002的日志，你可能需要调整一下注册表中Open Time的值。

寻求帮助：

如果想知道这些事件日志都代表什么意思，请到下面的连接查询，只需填入EventID和Event Source：

http://www.eventid.net/search.asp

错误日志3：

描述：

现象：

事件类型: 错误

事件来源: Server

事件种类: 无

事件 ID: 2506

日期: 2002-1-25

事件: 8:54:43

用户: N/A

计算机: ZHENGYUN

描述:

服务器的注册表关键字LanmanServer/Parameters 中的数值 IRPStackSize 无效。该数值会被忽略，处理会继续进行。

数据:

0000: 57 00 00 00 W...

参见：

《Event ID 2506 Error Message When You Start Windows 2000 Q238316》

错误日志4：

描述：

现象：

事件类型: 错误

事件来源: EventLog

事件种类: 无

事件 ID: 6008

日期: 2002-1-25

事件: 10:50:01

用户: N/A

计算机: ZHENGYUN

描述:

上一次系统的 10:44:27 在 2002-1-25 上的关闭是意外的。

数据:

0000: d2 07 01 00 05 00 19 00 Ò.......

0008: 0a 00 2c 00 1b 00 2d 02 ..,...-.

0010: d2 07 01 00 05 00 19 00 Ò.......

0018: 02 00 2c 00 1b 00 2d 02 ..,...-.

解释：

Event Message:

The previous system shutdown at name on name was unexpected.

Source	Event Log	Event ID	Event Type
EventLog	System	6008	Error

Explanation:

This event indicates that an inconsistency exists between the Browser service and the server service.

User Action:

Contact the person with administrative rights on your computer if this message is in the event log in Event Viewer more than 6 times. Otherwise, stopping and restarting the server will eliminate the error.

错误日志5：

描述：

现象：

事件类型: 警告

事件来源: MRxSmb

事件种类: 无

事件 ID: 3019

日期: 2002-2-2

事件: 12:00:24

用户: N/A

计算机: ZHENGYUN

描述:

转发程序无法决定链接类型。

数据:

0000: 00 00 00 00 04 00 4e 00 ......N.

0008: 00 00 00 00 cb 0b 00 80 ....Ë..

0010: 00 00 00 00 84 01 00 c0 ......À

0018: 00 00 00 00 00 00 00 00 ........

0020: 00 00 00 00 00 00 00 00 ........

参见：

《Error Message: The Redirector Failed to Determine the Connection Type Q267934》

错误日志6：

描述：

现象：

事件类型: 错误

事件来源: DCOM

事件种类: 无

事件 ID: 10002

日期: 2002-2-4

事件: 14:41:10

用户: UMS/administrator

计算机: BJUM-FEA

描述:

启动 DCOM 服务器的访问被拒绝。服务器是:

{0C0A3666-30C9-11D0-8F20-00805F2CD064}

用户是 Administrator/UMS, SID=S-1-5-21-1417001333-616249376-725345543-500.

解释：

DCOM服务器 {0C0A3666-30C9-11D0-8F20-00805F2CD064}是：

“Machine Debug Manager “

它的ProgID为：MDM.AD2.1

它的程序是：c:/winnt/system32/mdm.exe

参见：

《PRB: Access Denied When You Try to Start DCOM Server Q290398》

written by zhengyun@tomosoft.com

Trackback: http://tb.blog.csdn.net/TrackBack.aspx?PostId=12667