Can wmi send logs from a partition

JoseMauricioGomez 21

Hello team,

I setup wmi to send some service stop/start logs from a F:\ partition and unable to be sent. Other file system logs are sent. What would be the issue?

Thanks in advance

Jose Mauricio

MotoX80 31,571 Reputation points

2020-11-24T23:23:24.74+00:00

I setup wmi to send some service stop/start log

How did you configure WMI to do a "send"? Does this process create a log? What event triggers the sending of the files? Where are the file sent to? Are there errors in the Microsoft-Windows-WMI-Activity/Operational eventlog?

Have you compared the file security permissions between a folder that fails and one that works?
Rita Han - MSFT 2,161 Reputation points

2020-11-25T02:36:35.917+00:00

Could you show reproducible steps? So I can do a further investigation.

8 answers

JoseMauricioGomez 21 Reputation points

2020-12-02T14:53:29.217+00:00

Hi, The Server 2016 ip address is not that one: I got this logs:

2020-11-27T16:40:47.883981-03:00 accelopsva phDiscover[4113]: [PH_LIB_TOPO_PERF_JOB_INIT_FAILED]:[eventSeverity]=PHL_ERROR,[procName]=phDiscover,[fileName]=device.cpp,[lineNumber]=11857,[hostName]=MPAPP_PRD,[hostIpAddr]=10.5.1.227,[jobName]=SYS_UPTIME,[errReason]=Missing/Invalid SNMP credential for 10.5.1.227, SYS_UPTIME or device/service down.,[phLogDetail]=Failed to initialize the perf job(RefId: 1070000)
2020-11-27T16:40:47.883981-03:00 accelopsva phDiscover[4113]: [PH_LIB_TOPO_PERF_JOB_INIT_FAILED]:[eventSeverity]=PHL_ERROR,[procName]=phDiscover,[fileName]=device.cpp,[lineNumber]=11857,[hostName]=MPAPP_PRD,[hostIpAddr]=10.5.1.227,[jobName]=SYS_UPTIME,[errReason]=Missing/Invalid SNMP credential for 10.5.1.227, SYS_UPTIME or device/service down.,[phLogDetail]=Failed to initialize the perf job(RefId: 1070000)
2020-11-27T16:40:47.885402-03:00 accelopsva phDiscover[4113]: [PH_LIB_TOPO_PERF_JOB_INIT_FAILED]:[eventSeverity]=PHL_ERROR,[procName]=phDiscover,[fileName]=device.cpp,[lineNumber]=11857,[hostName]=MPAPP_PRD,[hostIpAddr]=10.5.1.227,[jobName]=SYS_PROCESSES,[errReason]=Missing/Invalid SNMP credential for 10.5.1.227, SYS_PROCESSES or device/service down.,[phLogDetail]=Failed to initialize the perf job(RefId: 1070001)
2020-11-27T16:40:47.885402-03:00 accelopsva phDiscover[4113]: [PH_LIB_TOPO_PERF_JOB_INIT_FAILED]:[eventSeverity]=PHL_ERROR,[procName]=phDiscover,[fileName]=device.cpp,[lineNumber]=11857,[hostName]=MPAPP_PRD,[hostIpAddr]=10.5.1.227,[jobName]=SYS_PROCESSES,[errReason]=Missing/Invalid SNMP credential for 10.5.1.227, SYS_PROCESSES or device/service down.,[phLogDetail]=Failed to initialize the perf job(RefId: 1070001)
2020-11-27T16:40:47.885853-03:00 accelopsva phDiscover[4113]: [PH_LIB_TOPO_PERF_JOB_INIT_FAILED]:[eventSeverity]=PHL_ERROR,[procName]=phDiscover,[fileName]=device.cpp,[lineNumber]=11857,[hostName]=MPAPP_PRD,[hostIpAddr]=10.5.1.227,[jobName]=SYS_CPU,[errReason]=Missing/Invalid SNMP credential for 10.5.1.227, SYS_CPU or device/service down.,[phLogDetail]=Failed to initialize the perf job(RefId: 1070002)
2020-11-27T16:40:47.885853-03:00 accelopsva phDiscover[4113]: [PH_LIB_TOPO_PERF_JOB_INIT_FAILED]:[eventSeverity]=PHL_ERROR,[procName]=phDiscover,[fileName]=device.cpp,[lineNumber]=11857,[hostName]=MPAPP_PRD,[hostIpAddr]=10.5.1.227,[jobName]=SYS_CPU,[errReason]=Missing/Invalid SNMP credential for 10.5.1.227, SYS_CPU or device/service down.,[phLogDetail]=Failed to initialize the perf job(RefId: 1070002)
2020-11-27T16:40:47.886835-03:00 accelopsva phDiscover[4113]: [PH_LIB_TOPO_PERF_JOB_INIT_FAILED]:[eventSeverity]=PHL_ERROR,[procName]=phDiscover,[fileName]=device.cpp,[lineNumber]=11857,[hostName]=MPAPP_PRD,[hostIpAddr]=10.5.1.227,[jobName]=SYS_MEM,[errReason]=Missing/Invalid SNMP credential for 10.5.1.227, SYS_MEM or device/service down.,[phLogDetail]=Failed to initialize the perf job(RefId: 1070003)
2020-11-27T16:40:47.886835-03:00 accelopsva phDiscover[4113]: [PH_LIB_TOPO_PERF_JOB_INIT_FAILED]:[eventSeverity]=PHL_ERROR,[procName]=phDiscover,[fileName]=device.cpp,[lineNumber]=11857,[hostName]=MPAPP_PRD,[hostIpAddr]=10.5.1.227,[jobName]=SYS_MEM,[errReason]=Missing/Invalid SNMP credential for 10.5.1.227, SYS_MEM or device/service down.,[phLogDetail]=Failed to initialize the perf job(RefId: 1070003)
2020-11-27T16:40:47.887303-03:00 accelopsva phDiscover[4113]: [PH_LIB_TOPO_PERF_JOB_INIT_FAILED]:[eventSeverity]=PHL_ERROR,[procName]=phDiscover,[fileName]=device.cpp,[lineNumber]=11857,[hostName]=MPAPP_PRD,[hostIpAddr]=10.5.1.227,[jobName]=SYS_MEM_VIRT,[errReason]=Missing/Invalid SNMP credential for 10.5.1.227, SYS_MEM_VIRT or device/service down.,[phLogDetail]=Failed to initialize the perf job(RefId: 1070004)
2020-11-27T16:40:47.887303-03:00 accelopsva phDiscover[4113]: [PH_LIB_TOPO_PERF_JOB_INIT_FAILED]:[eventSeverity]=PHL_ERROR,[procName]=phDiscover,[fileName]=device.cpp,[lineNumber]=11857,[hostName]=MPAPP_PRD,[hostIpAddr]=10.5.1.227,[jobName]=SYS_MEM_VIRT,[errReason]=Missing/Invalid SNMP credential for 10.5.1.227, SYS_MEM_VIRT or device/service down.,[phLogDetail]=Failed to initialize the perf job(RefId: 1070004)
2020-11-27T16:40:49.430356-03:00 accelopsva phDiscover[4113]: [PH_LIB_TOPO_PERF_JOB_INIT_FAILED]:[eventSeverity]=PHL_ERROR,[procName]=phDiscover,[fileName]=device.cpp,[lineNumber]=11857,[hostName]=MPAPP_PRD,[hostIpAddr]=10.5.1.227,[jobName]=SNMP_PING_STATUS,[errReason]=Missing/Invalid SNMP credential for 10.5.1.227, SNMP_PING_STATUS or device/service down.,[phLogDetail]=Failed to initialize the perf job(RefId: 1070009)
2020-11-27T16:40:49.430356-03:00 accelopsva phDiscover[4113]: [PH_LIB_TOPO_PERF_JOB_INIT_FAILED]:[eventSeverity]=PHL_ERROR,[procName]=phDiscover,[fileName]=device.cpp,[lineNumber]=11857,[hostName]=MPAPP_PRD,[hostIpAddr]=10.5.1.227,[jobName]=SNMP_PING_STATUS,[errReason]=Missing/Invalid SNMP credential for 10.5.1.227, SNMP_PING_STATUS or device/service down.,[phLogDetail]=Failed to initialize the perf job(RefId: 1070009)
2020-11-27T16:40:49.430772-03:00 accelopsva phDiscover[4113]: [PH_LIB_TOPO_PERF_JOB_INIT_FAILED]:[eventSeverity]=PHL_ERROR,[procName]=phDiscover,[fileName]=device.cpp,[lineNumber]=11857,[hostName]=MPAPP_PRD,[hostIpAddr]=10.5.1.227,[jobName]=SYS_UPTIME,[errReason]=Missing/Invalid SNMP credential for 10.5.1.227, SYS_UPTIME or device/service down.,[phLogDetail]=Failed to initialize the perf job(RefId: 1070017)
2020-11-27T16:40:49.430772-03:00 accelopsva phDiscover[4113]: [PH_LIB_TOPO_PERF_JOB_INIT_FAILED]:[eventSeverity]=PHL_ERROR,[procName]=phDiscover,[fileName]=device.cpp,[lineNumber]=11857,[hostName]=MPAPP_PRD,[hostIpAddr]=10.5.1.227,[jobName]=SYS_UPTIME,[errReason]=Missing/Invalid SNMP credential for 10.5.1.227, SYS_UPTIME or device/service down.,[phLogDetail]=Failed to initialize the perf job(RefId: 1070017)
2020-11-27T16:40:51.858510-03:00 accelopsva phDiscover[4113]: [PH_LIB_TOPO_PERF_JOB_INIT_FAILED]:[eventSeverity]=PHL_ERROR,[procName]=phDiscover,[fileName]=device.cpp,[lineNumber]=11857,[hostName]=MPAPP_PRD,[hostIpAddr]=10.5.1.227,[jobName]=SYS_HW_STAT,[errReason]=Missing/Invalid SNMP credential for 10.5.1.227, SYS_HW_STAT or device/service down.,[phLogDetail]=Failed to initialize the perf job(RefId: 1070468)
2020-11-27T16:40:51.858510-03:00 accelopsva phDiscover[4113]: [PH_LIB_TOPO_PERF_JOB_INIT_FAILED]:[eventSeverity]=PHL_ERROR,[procName]=phDiscover,[fileName]=device.cpp,[lineNumber]=11857,[hostName]=MPAPP_PRD,[hostIpAddr]=10.5.1.227,[jobName]=SYS_HW_STAT,[errReason]=Missing/Invalid SNMP credential for 10.5.1.227, SYS_HW_STAT or device/service down.,[phLogDetail]=Failed to initialize the perf job(RefId: 1070468)
2020-11-27T16:40:52.690436-03:00 accelopsva phDiscover[4113]: [PH_LIB_TOPO_CHECK_APP_LIST_WARNING]:[eventSeverity]=PHL_WARNING,[procName]=phDiscover,[fileName]=device.cpp,[lineNumber]=12733,[hostName]=MPAPP_PRD,[hostIpAddr]=10.5.1.227,[module]=MSDHCP,[errReason]=WMI lookup for Win32_PerfFormattedData_DHCPServer_DHCPServer failed for MPAPP_PRD(10.5.1.227): Retrieve result data.NTSTATUS: NT code 0x80041010 - NT code 0x80041010,[phLogDetail]=Checking monitorability failed
2020-11-27T16:40:52.690436-03:00 accelopsva phDiscover[4113]: [PH_LIB_TOPO_CHECK_APP_LIST_WARNING]:[eventSeverity]=PHL_WARNING,[procName]=phDiscover,[fileName]=device.cpp,[lineNumber]=12733,[hostName]=MPAPP_PRD,[hostIpAddr]=10.5.1.227,[module]=MSDHCP,[errReason]=WMI lookup for Win32_PerfFormattedData_DHCPServer_DHCPServer failed for MPAPP_PRD(10.5.1.227): Retrieve result data.NTSTATUS: NT code 0x80041010 - NT code 0x80041010,[phLogDetail]=Checking monitorability failed
2020-11-27T16:40:52.905508-03:00 accelopsva phDiscover[4113]: [PH_LIB_TOPO_CHECK_APP_LIST_WARNING]:[eventSeverity]=PHL_WARNING,[procName]=phDiscover,[fileName]=device.cpp,[lineNumber]=12518,[hostName]=MPAPP_PRD,[hostIpAddr]=10.5.1.227,[module]=MSNTDS,[errReason]=WMI lookup for Win32_PerfRawData_NTDS_NTDSand Win32_PerfRawData_DirectoryServices_DirectoryServicesfailed for MPAPP_PRD(10.5.1.227): Retrieve result data.NTSTATUS: NT code 0x80041010 - NT code 0x80041010,[phLogDetail]=Checking monitorability failed
2020-11-27T16:40:52.905508-03:00 accelopsva phDiscover[4113]: [PH_LIB_TOPO_CHECK_APP_LIST_WARNING]:[eventSeverity]=PHL_WARNING,[procName]=phDiscover,[fileName]=device.cpp,[lineNumber]=12518,[hostName]=MPAPP_PRD,[hostIpAddr]=10.5.1.227,[module]=MSNTDS,[errReason]=WMI lookup for Win32_PerfRawData_NTDS_NTDSand Win32_PerfRawData_DirectoryServices_DirectoryServicesfailed for MPAPP_PRD(10.5.1.227): Retrieve result data.NTSTATUS: NT code 0x80041010 - NT code 0x80041010,[phLogDetail]=Checking monitorability failed
Please sign in to rate this answer.

0 comments No comments
Sign in to comment
MotoX80 31,571 Reputation points

2020-12-02T16:31:01.107+00:00

I have no idea what you and your applications are doing.

Your most recent post shows multiple errors for various reasons, but I have no context. I have no idea what system MPAPP_PRD(10.5.1.227) is or what it's role is. Is this the source server or destination server? What application generated this log? What event triggered these errors? What does the SNMP configuration error have to do with a problem of reading log files? I don't see any errors that reference the F:\ drive or any error about reading log files.

If this log data came from the "Monitor Plus" application that you mentioned, then I would recommend that you contact their product technical support for help. They will have a better understanding of the WMI calls that their product issues and how to troubleshoot it.

As @Rita Han - MSFT commented: "Could you show reproducible steps? So I can do a further investigation.". We don't have "Monitor Plus" on our systems. We would need to know what WMI calls are being issued so we can try to recreate the error on our systems, or give you something to test..

To paraphrase your initial problem description: "WMI cannot access log files on the F:\ partition". For that problem description, I provided a script to test to see if WMI could access the F:\ drive. Did you run that? Did it work? Did you review the WMI eventlog entries as I also suggested?
Please sign in to rate this answer.

0 comments No comments
Sign in to comment
JoseMauricioGomez 21 Reputation points

2020-12-08T15:49:36.127+00:00

Hello and thanks so much for all the time: I ran the wmimonitorablity against the source server (Windows server 2016 .227 who has the F:\ partition). I attached the file if that can help46352-wmicheck2016.txt
Please sign in to rate this answer.
MotoX80 31,571 Reputation points

2020-12-09T15:24:58.52+00:00

You still have not replied with the results of the script that I provided.

You still have not replied with any of the error messages in the Microsoft-Windows-WMI-Activity/Operational eventlog as I had asked.

Did you contact the support team for "Monitor Plus"?

If WMI is completely broken on your 2016 server then you might be able to use mofcomp and rebuild it, but WMI should never get corrupted unless you or some software has done something unusual and just mucked your system up. If that's the case then I would wonder what else might be screwed up. You may have to reinstall the OS.

MotoX80 31,571 Reputation points

2020-12-09T18:28:01.77+00:00

Other file system logs are sent.

Going back to your original problem description.... you indicate that other log files can be sent. That indicates to me that WMI or whatever mechanism that software uses to transport the files is working. So there must be some other error that occurs when trying to access the F:\ drive. Is it a local drive? Do you see it in disk management?

JoseMauricioGomez 21 Reputation points

2020-12-10T01:02:16.77+00:00

Will provide the results from the script soon; it’s because my customer has to perform this in his environment. Sorry, didn’t mention the end user has to run the script. Thanks and will let you know as soon he sent the results back to me.

JoseMauricioGomez 21 Reputation points

2020-12-10T01:03:12.23+00:00

Will ask oh he can see the drive in Disk Management , thanks so much

JoseMauricioGomez 21 Reputation points

2020-12-13T16:56:03.32+00:00

Hello, I attached the script results, the F:\ Partition was discovered after running the script. Would you please guide me hot to ass the F:\partition to the wmi configuration. I will appreciate this step by step guidance.

Thanks so much

Jose Mauricio Gomez

MotoX80 31,571 Reputation points

2020-12-13T20:00:39.65+00:00

You are getting errors. Don't you see that?

I don't think that you copied the script correctly. Do you have the ending bracket on line 10?
Sign in to comment