John Topley’s Weblog

Event Log Paranoia

As a user of the Windows NT flavour of Windows since 1996, one of the things that I've got into the regular habit of doing is checking the event logs for anything untoward. I always felt smug knowing that I was running a proper operating system (unlike that flaky Windows 95); one that would log anything interesting in the background whilst allowing me to continue with my game of Freecell. I felt a duty of care to return the favour by looking to see what it was telling me, and I've never got out of the habit. I guess there must be a sysadmin lurking deep inside me and that means I should probably seek help from a health care professional.

Those who've only just joined the Windows NT club by virtue of buying its grandson, Windows XP, may wonder what I'm talking about (hint: If you're running Windows XP Professional then log on as an Administrator and run eventvwr.msc). It was during one of these trawls through the logs the other day that I noticed that a lot of the entries are plain indecipherable (even to a nerd like me) but still worrying. Because I'm the sort of person who likes to run a tight ship, I get alarmed when I see entries such as:

“RSM cannot manage library PhysicalDrive3. The database is corrupt.”

I know that RSM is the Windows' Removable Storage Service but I have no idea what the implications of its database being corrupt are. Even more frightening is this message:

“AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x75), which lies in the 0x74 - 0x76 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.”

If I didn't know better, I'd think there was a problem with my computer's BIOS. I've written about backups before but I didn't tell you that when using the Backup program I always get a pair of event log entries:

“Could not initialize the MS DTC XA Transaction Manager. MS DTC is being started but the XA Transaction Manager feature will be disabled.”

—And its buddy:

“Could not create the MS DTC TIP Gateway initialization object. MS DTC is being started but the TIP feature will be disabled.”

I've learnt that these two messages always come as a set. Because I'm a programmer, I know what the Microsoft Distributed Transaction Co-ordinator (MSDTC) does but not what's going wrong in this instance that's causing an error to be logged. The odd thing is that in spite of all these scary–sounding messages everything works just fine, so who can tell what's really going on?

Back in the pioneering Windows NT days, the only option we had for deciphering these technical messages was to apply for a job as a Windows programmer at Redmond. Failing that, we could probably find something out using the Windows NT Resource Kit. The kids today are spoon-fed help because Windows XP helpfully includes a hyperlink as part of the message. I clicked it out of curiousity and got this:

A picture of the event details help from Microsoft

—It seems that even Microsoft don't know what the message means! It can't be anything to worry about then. Suitably reassured, I went back to my game of Freecell.

Comments

There are 3 comments on this post. Comments are closed.

  • avatar John C
    19 January 2004 at 23:34

    Annoyingly the event log hasn't seemed to be able to explain why my dial-up connection periodically self-disconnects. Most odd. I suppose broadband is the only cure...

  • avatar Grant
    04 February 2004 at 13:12

    To get some useful information regarding the event viewer, punch the event id in to this site, and see what other people have come up with. http://eventid.net/search.asp This becomes a very valuable tool when you're the admin of a windows server or two.

  • avatar John Topley
    04 February 2004 at 20:40

    Cool site - thanks for the link.

I guess there must be a sysadmin lurking deep inside me and that means I should probably seek help from a health care professional.


Archives

  • Jan
  • Feb
  • Mar
  • Apr
  • May
  • Jun
  • Jul
  • Aug
  • Sep
  • Oct
  • Nov
  • Dec
  • 2017
  • 2016
  • 2015
  • 2014
  • 2013
  • 2012

More Archives


Sign In