This seems to be a known problem with .Net. See here: 60740
Windows Server 2022 Event Query Error for Older Versions
jelloland
51
Reputation points
We recently updated/replaced some servers with Server 2022 and I noticed a PowerShell script that was no longer working right. When I looked into it some more, it seems to be when querying event logs on older server versions (e.g. 2019, 2016).
Here is a boiled down snippet I've cobbled up to easily reproduce the issue:
PS C:\Users\svr2022> Get-WinEvent -ComputerName svr2016 -FilterHashtable @{LogName="System";ProviderName="EventLog"} -MaxEvents 1
Get-WinEvent : We do not have 18 variants given for the UnsafeNativeMethods.EvtRenderFlags.EvtRenderEventValues flag.
(System Properties)
At line:1 char:1
+ Get-WinEvent -ComputerName svr2016 -FilterHashtable @{LogName="Syst ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-WinEvent], InvalidOperationException
+ FullyQualifiedErrorId : We do not have 18 variants given for the UnsafeNativeMethods.EvtRenderFlags.EvtRenderEv
entValues flag. (System Properties),Microsoft.PowerShell.Commands.GetWinEventCommand
This query works fine against other 2022 servers.
I've updated the 2022 server to 20348.946 but am still experiencing the issue.