Month: August 2008

Pivot Table Analysis of the Event Log

Recently I had to investigate a problem with our SMTP server. One of things I wanted to know was when the SMTP problems started. Like most computer problems multiple event IDs were were being triggered each time a problem occurred. The Pivot Table Wizard is a great tool for quickly summarizing the event log data. Here is how I did it.

  1. Open the Event Viewer, filter your view to the event source you are interested in, export the list, and transfer the exported list back to your work station.
  2. Open a new blank worksheet in Excel and import the data using the Import External Data Wizard.
  3. Open the Pivot Table Wizard. Drop the “Date” into the row area. Drop the “Event” field into the column area. Drop any other field into the data area. I used the “Source” field. You should now have a pivot table that has columns for each event ID and a count of the number of events per day per event ID.
  4. I prefer the data to sorted in descending order so I went into the Advanced Field properties for the “Date” and set it to descending.

In my case with the pivot table analysis I could see that one event ID, 4000, was the primary event. The rest of the event IDs were secondary events.

Experimental Mail Server Analyzer Online

Dan Kaminsky wrote a post about an Experimental Mail Server Analyzer Online. This might have helped me with a problem I was dealing with earlier this month. I am not sure whether my problem is related to what he is trying to accomplish but here is my problem description and resolution.

At the place I am working our customer service representatives said they were getting a lot of customer complaints about order confirmation emails never arriving. I did a little pivot table analysis on the event log and found a lot of SMTP 4000 and 4006 warnings. The frequency of the errors started escalating on July 29th. The good news is that I had not applied any patches in that time frame. The 4006 warning message I was familiar with since I had fixed a naked line feed issue in June. The 4006 warning message also appears when a customer enters their email address incorrectly so I expect to see it in the event log but at low levels. The 4000 warning message was new and said “Unable to bind to the destination server in DNS”. The problem appeared to be intermittent since not all emails were failing. However when I ran NSLOOKUP on the web site for the mail server that appeared in the 4000 message, it failed. When I used NSLOOKUP on my workstation to look up that same server, it worked.  The DNS used by the web server was failing for a group of mail servers. The solution was very simple. Although both the ISP help desk and I thought the web site had local problems and needed a mid-day reboot, the help desk changed our domain name server. Based on their initial testing they did not think they had fixed the problem. I suspect they used ping to try and verify the mail server. Since a lot of people have turned off ping responses on their mail servers, I looked at the event log. I could see that the problem was probably fixed. The 4000 messages had disappeared completely and the mail queue was emptying. The 4006 messages went down to previous levels, too. In fact they are at a level slightly lower than I had noticed before the problem.

Supporting Technology » Blog Archive » Remove old versions of Java & Install the latest with no auto update!

I had several versions of Java on my PC and I lamented the fact that I needed to use “Add/Remove Programs” to remove them. This script came in handy although my copy and paste of the code needed several fixups before it would work. The single and double quotes from the copy were funky according to DOS. So I have posted my cleaned up copy. The SyntaxHighlighter Plus plugin has solved this copy problem for me in the past. Good Luck!

Rem to run this file and log the output use: "uninstall java.bat">>java_remove.log
Rem @echo off &
cls
Rem List all Installation subkeys from uninstall key.
echo Searching Registry for Java Installs
for /f %%I in ('reg query HKLM\SOFTWARE\microsoft\windows\currentversion\uninstall') do echo %%I | find "{" > nul && call :All-Installations %%I
echo Search Complete..
goto :NoneFound
:All-Installations
Rem Filter out all but the Sun Installations
for /f "tokens=2*" %%T in ('reg query %1 /v Publisher 2^> nul') do echo %%U | find "Sun" > nul && call :Sun-Installations %1
goto :EOF
:Sun-Installations
Rem Filter out all but the Sun-Java Installations. Note the tilda + n, which drops all the subkeys from the path
echo %1
for /f "tokens=2*" %%T in ('reg query %1 /v DisplayName 2^> nul') do echo . Uninstalling - %%U: | find "Java" && call :Sun-Java-Installs %~n1
if errorlevel 1 (
echo Doing further conditional checking on variables.
for /f "tokens=2*" %%T in ('reg query %1 /v DisplayName 2^> nul') do echo . Uninstalling - %%U: | find "J2SE" && call :Sun-Java-Installs %~n1
)
goto :EOF
:Sun-Java-Installs
Rem Run Uninstaller for the installation
MsiExec.exe /x%1 /qb /quiet /passive /promptrestart
echo . Uninstall Complete, Resuming Search..
goto :EOF
:NoneFound
Rem No Java found to remove from this system
echo No Java found or all versions already removed from this system
goto :EOF

Using remote drives in a scheduled job

Recently I was debugging why a backup of a QuickBooks file was not working. A scheduled job running on the server was supposed to create a compressed encrypted version on a removable USB drive. The job was written by someone else and I guess they never checked to see if it worked!? I found that itt worked when I ran it interactively but it failed when I ran it as a schedule job. It took me a while to figure this problem out but the QuickBooks folder was actually a shared folder on another computer and the drive mapping was not available in the batch environment. To fix the problem I added the following statements to create a drive mapped as ‘r:’.

	Dim objNetwork
	Set objNetwork = WScript.CreateObject("WScript.Network")
	strLocalDrive = "r:"
	strRemoteShare = "\\myserver\Backups_Daily"
	objNetwork.MapNetworkDrive strLocalDrive, strRemoteShare, False