PowerShell script generates lots of warnings in Windows Event Log
When executing the script in the ISE or also in the console, everything runs fine. No errors or anything else that would stand out.
Runs fine doesn't means there is no errors encountered. Your script probably just ignores them, using -ErrorAction SilentlyContinue
parameter with cmdlets. Example:
Get-ChildItem -LiteralPath ZZZ:\
This will generate so called terminating error and will stop the current pipeline, but because the ErrorActionPreference variable is by default set to Continue
, the script itself will continue execution. And, as you can see, PowerShell host will log this error to the Event Log.
If you'd like to debug your script and find what error causes this log record, set $ErrorActionPreference
to Stop
at the beginning of your script and run it. The first encountered error will stop the script execution and then you can view the error details like this $Error[0]
.
UPDATE: I'm at loss, since everything we've tried didn't led to substantial result:
-
$Error
variable is empty -
Set-StrictMode -Version Latest
didn't catch anything -
$PsVersionTable
andpowershell_ise.config
are looking fine to me
It's definitely something strange going on here and I don't believe that those empty fields are normal:
Command Name =
Command Type =
Script Name =
Command Path =
While I still have some ideas to try, they require more thorough research:
- Check your script for any non-PowerShell objects\method (third-party assemblies, COM-Objects, etc...) and try to comment them out.
- Try monitoring PowerShell process with Process Monitor
Good luck!
Related videos on Youtube
silent
Updated on September 18, 2022Comments
-
silent over 1 year
I have a - rather complex - PowerShell script running on a Windows Server 2008 R2. When executing the script in the ISE or also in the console, everything runs fine. No errors or anything else that would stand out.
However, in the Windows Event viewer lots of Warnings are being generated without any specific reason that I can see.
Log Name: Microsoft-Windows-PowerShell/Operational Source: PowerShell (Microsoft-Windows-PowerShell) Event ID: 4100 Task Category: Executing Pipeline Error Message = System error. Context: Severity = Warning Host Name = Windows PowerShell ISE Host Host Version = 4.0 Host ID = cec010f3-ea0f-44b0-8d2e-449a6c1eb3e6 Engine Version = 4.0 Runspace ID = b2e8d39c-4fa1-4a3f-b33e-b42f8b552c3d Pipeline ID = 17 Command Name = Command Type = Script Name = Command Path = Sequence Number = 92 User = [the executing user] Shell ID = Microsoft.PowerShell User Data:
Google did not reveal anything. Does anyone have an idea what this could mean? As I said, there are hundrets of those entries. Let me know if I should post anything more.
Thanks a lot!
edit: As requested the entire event XML
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-PowerShell" Guid="{A0C1853B-5C40-4B15-8766-3CF1C58F985A}" /> <EventID>4100</EventID> <Version>1</Version> <Level>3</Level> <Task>106</Task> <Opcode>19</Opcode> <Keywords>0x0</Keywords> <TimeCreated SystemTime="2015-03-16T14:06:07.066866300Z" /> <EventRecordID>1994921</EventRecordID> <Correlation ActivityID="{01EC0C48-F800-0001-6B28-234CAE5DD001}" /> <Execution ProcessID="6528" ThreadID="5376" /> <Channel>Microsoft-Windows-PowerShell/Operational</Channel> <Computer>[host]</Computer> <Security UserID="S-1-5-21-1482476501-1450960922-725345543-2410959" /> </System> <EventData> <Data Name="ContextInfo">Severity = Warning Host Name = Windows PowerShell ISE Host Host Version = 4.0 Host ID = cec010f3-ea0f-44b0-8d2e-449a6c1eb3e6 Engine Version = 4.0 Runspace ID = b2e8d39c-4fa1-4a3f-b33e-b42f8b552c3d Pipeline ID = 36 Command Name = Command Type = Script Name = Command Path = Sequence Number = 7665 User = [user name] Shell ID = Microsoft.PowerShell</Data> <Data Name="UserData" /> <Data Name="Payload">Error Message = System error.</Data> </EventData> </Event>
Added
PS D:\Autonomy\cd_provisioning_client> ($PsVersionTable)
Name Value ---- ----- PSVersion 4.0 WSManStackVersion 3.0 SerializationVersion 1.1.0.1 CLRVersion 4.0.30319.34209 BuildVersion 6.3.9600.16406 PSCompatibleVersions {1.0, 2.0, 3.0, 4.0} PSRemotingProtocolVersion 2.2
powershell_ise.exe.config
<?xml version="1.0" encoding="utf-8" ?> <configuration> <startup useLegacyV2RuntimeActivationPolicy="true"> <supportedRuntime version="v4.0" /> </startup> </configuration>
-
megamorf about 9 yearsHas the account that the script is running under all permissions necessary to execute and access everything in the script?
-
silent about 9 yearsyes. See the answers and comments below for the actual reason.
-
-
silent about 9 yearsAh yeah thanks, this could make sense. I will give this a try later and come back.
-
silent about 9 yearsI just tried that now. Set it to
Stop
at the beginning of the script. But the script does not terminate at any point. It stil produces windows events, though. Any further idea? -
beatcracker about 9 yearsHow peculiar! :). Is there anything in the
$Error
variable after script execution? Btw, could you post the entire XML of the event, there may be some details hidden there. -
silent about 9 yearsno,
$Error
is empty. I added the XML above. -
beatcracker about 9 yearsThanks, unfortunately, I can't find any hidden gems in your XML. But here is another idea: how about setting
Set-StrictMode -Latest
at the beginning? Maybe it has something to do with access to the uninitialized variables or references to non-existent properties of an object. -
silent about 9 yearsHow do you mean?
Set-StrictMode -Latest
does not exist, i.e. fails if I try it. There isSet-StrcitMode -Version
do you mean this? If so, which version? :) thx! -
beatcracker about 9 yearsMy bad, that should be
Set-StrictMode -Version Latest
. -
silent about 9 yearsthis works, but still no change :(
-
beatcracker about 9 yearsHmm, let's look at your PowerShell version table (
$PsVersionTable
) and config files (powershell_ise.config
,powershell.exe.config
inC:\Windows\System32\WindowsPowerShell\v1.0
). -
silent about 9 yearssure, see above.
-
beatcracker about 9 yearsThanks, but I can't see anything suspicious there. I've updated my answer with the list of things we tried to keep others from sifting through comments, but I'm out of ideas for now. Good luck and keep me posted if you happen to figure this out.
-
silent about 9 yearsWell, nevermind, I'll put this one into a new question. You have been really helpful nevertheless. If there comes no better answer, I will accept yours. Thanks!
-
beatcracker about 9 yearsNo problem, glad you finally nailed it. If you'll post a new question, I'll look at it. To speed up things, please include object types of
$changeRecord.newAttrs[0]
and the last$_[0]
in the pipeline:$changeRecord.newAttrs[0].GetType()
and$_[0].GetType()
. ``$changeRecord.newAttrs[0]` | Export-Clixml` or even$changeRecord | Export-Clixml
would be even better, depending on your object and resulting XML size.