Microsoft's official enterprise support blog for AD DS and more
Ravi here from Directory Services team; I thought I would share some information on how to enable the Event Logging for Offline Files, (Client Side Caching) in Windows Vista.
Offline Files Changes in Windows Vista
Offline Files has been completely redesigned for Windows Vista, offering new features, which include:
• Better defined modes of operation • Seamless offline to online transitions • Optimized file synchronization • Improved slow-link mode • Consistent namespaces • Cache size management • Per-user encryption • Scriptable API support
For more information refer below article. What's New in Offline Files for Windows Vista
There are certain changes in Group Policies for Offline Files in Vista. All the Group Policy settings for Offline Files can be found through two paths:
Computer Configuration\Administrative Templates\Network\Offline Files User Configuration\Administrative Templates\Network\Offline Files
Along with some other Policy changes, “Event Logging Level” have also been changed, there is no Group Policy setting for the enabling Advance Event logging.
Note: Windows XP based computer needs this policy to be set at the value of 3, which will result in verbose events getting written in the System Event log.
Event Logging in Windows Vista
Event logging is not something an end user would have to care about but it may be necessary during troubleshooting problems with Offline Files. Windows Vista has also considerably changed when it comes to Event logging.
The Event Viewer includes a new category of event logs “Applications and Services logs” apart from native “Windows Logs”. These logs store events from a single application or component.
This category of logs includes four subtypes: Admin, Operational, Analytic, and Debug logs. Events in Admin logs are of particular interest to IT Professionals using the Event Viewer to troubleshoot problems. Events in the Admin log should provide you with guidance about how to respond to them. Events in the Operational log are also useful for IT Professionals, but they are likely to require more interpretation.
Following are the instructions on enabling the logging for “OfflineFiles” subsystem.
“Operational” event logging for Offline Files is itself disabled by default. Below are the steps to enable it.
wevtutil sl Microsoft-Windows-OfflineFiles/Operational /e:true
Note: To get the available log names type, wevtutil el
How to turn on advance logging.
“Operational” log will only write the informational event. Advance logging can be enabled by following below steps.
Sample Events:
Log Name: Microsoft-Windows-OfflineFiles/Operational Source: Microsoft-Windows-OfflineFiles Date: 2/9/2009 8:34:16 PM Event ID: 9 Task Category: None Level: Information Keywords: Online/offline transitions User: SYSTEM Computer: machine1.contoso.com Description: Path disconnected. \\server\Public\Tools
Log Name: Microsoft-Windows-OfflineFiles/Operational Source: Microsoft-Windows-OfflineFiles Date: 2/9/2009 8:35:54 PM Event ID: 10 Task Category: None Level: Information Keywords: Online/offline transitions User: SYSTEM Computer: machine1.contoso.com Description: Path reconnected. \\server\Public\Tools
Above events are written a when a Network share which is set to be “available offline” is disconnected and reconnected.
Log Name: Microsoft-Windows-OfflineFiles/SyncLog Source: Microsoft-Windows-OfflineFiles Date: 2/6/2009 3:31:46 AM Event ID: 2002 Task Category: None Level: Information Keywords: User: CONTOSO\user1 Computer: machine1.contoso.com Description: Sync info for \\server\Public\Tools Both client and server copies exist. DirChangedOnServer
Log Name: Microsoft-Windows-OfflineFiles/SyncLog Source: Microsoft-Windows-OfflineFiles Date: 2/9/2009 8:53:16 PM Event ID: 2002 Task Category: None Level: Information Keywords: User: CONTOSO\user1 Computer: machine1.contoso.com Description: Sync info for \\server\Public Both client and server copies exist. Stable
Above Events is indication of sync action performed.
Log Name: Microsoft-Windows-OfflineFiles/SyncLog Source: Microsoft-Windows-OfflineFiles Date: 2/9/2009 8:29:56 PM Event ID: 2005 Task Category: None Level: Information Keywords: User: CONTOSO\user1 Computer: machine1.contoso.com Description: Sync succeeded. \\adportal\Public Operation: Encrypt or unencrypt directory tree in cache
Above Event is written while either encrypting or decrypting the offline cache.
Consideration when advance logging is enabled. When enabled Analytic and Debug logs can quickly fill with a large number of entries. For this reason, you will probably want to turn them on for a specified period to gather some troubleshooting data and then turn them off again. You can perform this procedure by using either the Windows interface or a command line. Note that the procedure documented here can also be implemented for other Applications or Services.
Changes to Offline Files in Windows Vista Event Logging in Windows Vista
- Ravi Bakamwar
PingBack from http://windows-vista.shuublog.info/?p=1116