Microsoft's official enterprise support blog for AD DS and more
Hi, Ned here again. Today’s post is a quickie, here’s the scenario:
Summary
You are troubleshooting ADAM or AD LDS, probably running on a computer you don’t directly administer. Someone has asked you to examine the saved event logs to see if you can determine what’s going on. They may have even already removed that instance as part of their troubleshooting, and all you have left are the event logs for root cause. So you open the saved EVT or EVTX files in EVENTVWR.EXE and see…
The description for Event ID ( 700 ) in Source ( ADAM [SMPolicyStore] ISAM ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details.
Uhhhhh. Now what?
Why so weird?
Saved ADAM and AD LDS event logs need a certain amount of backing information in order to be viewed. Since event logs are saved mainly with the data results to save space, you will need the applications binaries to actually decipher the log completely.
So you can probably guess what the first step will be, but the next step is trickier.
Who cares, Ned? Fix it already!
1. On your Windows Server 2003, Windows XP, or Windows Server 2008 computer, install ADAM or AD LDS. (That was probably the part you guessed. But that ain’t all!) 2. Create an ADAM or AD LDS instance with the same instance name that was used on the previously affected computer. It will be the name in the square brackets repeated in every event message. For example:
1. On your Windows Server 2003, Windows XP, or Windows Server 2008 computer, install ADAM or AD LDS.
(That was probably the part you guessed. But that ain’t all!)
2. Create an ADAM or AD LDS instance with the same instance name that was used on the previously affected computer. It will be the name in the square brackets repeated in every event message. For example:
Or The description for Event ID 1463 from source ADAM [instance1] General cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. 3. You don’t have to change the defaults anywhere when you configure the instance except the instance name itself – i.e. no need to change the service account, create a partition, change the Administrator Role credentials, or import any LDF files.
Or
The description for Event ID 1463 from source ADAM [instance1] General cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
3. You don’t have to change the defaults anywhere when you configure the instance except the instance name itself – i.e. no need to change the service account, create a partition, change the Administrator Role credentials, or import any LDF files.
So after having added an ‘empty’ instance called “Instance1”, I can now open the saved EVTX file and I see:
Log Name: ADAM (instance1) Source: ADAM [instance1] General Date: 4/27/2009 12:32:27 PM Event ID: 1463 Task Category: Internal Configuration Level: Warning Keywords: Classic User: ANONYMOUS LOGON Computer: 2008-srv-03.fabrikam.com Description: Active Directory Lightweight Directory Services has detected and deleted some possibly corrupted indices as part of initialization. These deleted indices will be rebuilt.
Ahhh, that’s more like it. Until next time.
- Ned ‘Event Coordinator’ Pyle
PingBack from http://www.ditii.com/2009/04/30/adam-saved-event-logs-show-the-description-for-event-id-cannot-be-found/