Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

PowerShell Event Logging

1,873 views
Skip to first unread message

SDL

unread,
Oct 10, 2006, 2:18:01 AM10/10/06
to
Hello,

Until recently I was using PowerShell RC1, however, I have just upgraded to
PowerShell RC2. The upgrade process appeared to complete without issue.

Since the upgrade, I have observed two minor issues concerning event logging:

1. There are now two PowerShell event categories displayed in Event Viewer,
"PowerShell" and "Windows PowerShell". The former appears to replace the
latter, as when I launch PowerShell all events appear in "PowerShell" while
the other remains empty. Can anyone provide information on how to remove what
appears to be a defunct logging category, I haven't had much luck digging any
up.

2. All events logged by PowerShell take the form of:
Event Type: Information
Event Source: PowerShell
Event Category: (4)
Event ID: 400
Date: 10/10/2006
Time: 3:40:51 PM
User: N/A
Computer: METAPHYSICAL
Description:
The description for Event ID ( 400 ) in Source ( PowerShell ) cannot be
found. The local computer may not have the necessary registry information or
message DLL files to display messages from a remote computer. You may be able
to use the /AUXSOURCE= flag to retrieve this description; see Help and
Support for details. The following information is part of the event:
Available, None, NewEngineState=Available
PreviousEngineState=None

SequenceNumber=8

HostName=ConsoleHost
HostVersion=1.0.0.0
HostId=f6b761ff-5e03-41f5-9d0e-be4356bd6413
EngineVersion=1.0.0.0
RunspaceId=45e74591-bfa2-45b7-a7fb-5be49344f3e8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=.
While the relevant information appears below the error message, it would be
nice to remove the preceding message if it's not too much trouble. I am
viewing the events on the host computer, and have tried regardless launching
Event Viewer with the /auxsource:ip/netbios/dns paremeters with no success.

Thanks in advance,

-SDL

Fred J.

unread,
Oct 10, 2006, 3:46:16 AM10/10/06
to
I get a simular response. I get 7 entries in the log like this

Event Type: Information
Event Source: PowerShell
Event Category: (6)
Event ID: 600
Date: 10/10/2006
Time: 2:52:35 AM
User: N/A
Computer: MICRON
Description:
The description for Event ID ( 600 ) in Source ( PowerShell ) cannot be

found. The local computer may not have the necessary registry
information or message DLL files to display messages from a remote
computer. You may be able to use the /AUXSOURCE= flag to retrieve this
description; see Help and Support for details. The following
information is part of the event: Alias, Started, ProviderName=Alias
NewProviderState=Started

SequenceNumber=1 (increments to 7)

HostName=ConsoleHost
HostVersion=1.0.0.0
HostId=970a58e0-68ea-4cf2-9e03-1d2c39f5f31d
EngineVersion=
RunspaceId=


PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=.

and one entry as you described


Event Type: Information
Event Source: PowerShell
Event Category: (4)
Event ID: 400
Date: 10/10/2006

Time: 2:52:35 AM
User: N/A
Computer: MICRON


Description:
The description for Event ID ( 400 ) in Source ( PowerShell ) cannot be
found. The local computer may not have the necessary registry
information or message DLL files to display messages from a remote
computer. You may be able to use the /AUXSOURCE= flag to retrieve this
description; see Help and Support for details. The following
information is part of the event: Available, None,
NewEngineState=Available
PreviousEngineState=None

SequenceNumber=8

HostName=ConsoleHost
HostVersion=1.0.0.0
HostId=970a58e0-68ea-4cf2-9e03-1d2c39f5f31d
EngineVersion=1.0.0.0
RunspaceId=281ce5e4-4f70-4ea7-9eb0-b93cf5d5f70a


PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=.

Fred J.

Narayanan Lakshmanan [MSFT]

unread,
Oct 10, 2006, 3:28:16 PM10/10/06
to
"Windows PowerShell" is the correct log. The way to get around this is to
Delete the "PowerShell" key under Eventlog and restart the system. Then you
will find that the events get logged properly.

--
Narayanan Lakshmanan [MSFT]
Windows PowerShell Development
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.


"Fred J." <swim.in...@gmail.com> wrote in message
news:1160466376.2...@m73g2000cwd.googlegroups.com...

Narayanan Lakshmanan [MSFT]

unread,
Oct 10, 2006, 5:22:49 PM10/10/06
to
"Windows PowerShell" is the correct log. The way to get around this is to
Delete the "PowerShell" key under Eventlog and restart the system. Then you
will find that the events get logged properly.

--
Narayanan Lakshmanan [MSFT]
Windows PowerShell Development
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.


"Fred J." <swim.in...@gmail.com> wrote in message
news:1160466376.2...@m73g2000cwd.googlegroups.com...

SDL

unread,
Oct 12, 2006, 10:06:02 AM10/12/06
to
Dear Narayanan Lakshmanan,

The supplied fix worked perfectly, thank-you for your assisstance!

-SDL

Roman Kuzmin

unread,
Oct 29, 2006, 5:13:13 PM10/29/06
to
"Narayanan Lakshmanan [MSFT]" <nara...@online.microsoft.com> wrote

> "Windows PowerShell" is the correct log. The way to get around this is to
> Delete the "PowerShell" key under Eventlog and restart the system. Then
> you
> will find that the events get logged properly.

It was easy from Visual Studio Server Explorer. But I can't find a standard
Windows way for a PC without Visual Studio installed - any help, please?

--
Thanks,
Roman


0 new messages